1 ========================
2 ODL Parent release notes
3 ========================
8 This is a bug-fix and minor upstream bump upgrade from version 4.0.1.
13 Previous releases overrode Karaf’s ``jre.properties``; this is no longer
14 necessary, and was causing failures with Java 9 and later (our version of
15 ``jre.properties`` didn’t have the appropriate settings for anything after
16 Java 8). This release drops that override. See
17 `ODLPARENT-168 <https://jira.opendaylight.org/browse/ODLPARENT-168>`__ for
20 Upstream version upgrades
21 ~~~~~~~~~~~~~~~~~~~~~~~~~
23 * Commons Lang `3.8 → 3.8.1 <http://www.apache.org/dist/commons/lang/RELEASE-NOTES.txt>`__.
25 * Jackson `2.9.6 → 2.9.7 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7>`__.
27 * Netty `4.1.28 → 4.1.29 <http://netty.io/news/2018/08/24/4-1-29-Final.html>`__.
29 Plugin version upgrades
30 ~~~~~~~~~~~~~~~~~~~~~~~
32 * JAR `3.0.2 → 3.1.0 <https://blog.soebes.de/blog/2018/04/10/apache-maven-jar-plugin-version-3-dot-1-dot-0-released>`__.
34 * Javadoc `3.0.0 → 3.0.1 <https://blogs.apache.org/maven/entry/apache-maven-javadoc-plugin-version>`__.
36 * Jersey `2.22.2 → 2.25.1 <https://jersey.github.io/release-notes/2.25.html>`__,
37 along with Glassfish JSON 1.0.4 → 1.1.2.
41 * `3.5.1 <https://blog.soebes.de/blog/2018/01/22/apache-maven-plugin-tools-version-3-dot-5-1-released/>`__.
42 * `3.5.2 <https://blog.soebes.de/blog/2018/05/26/apache-mave-plugin-tools-version-3-dot-5-2-released/>`__.
44 * Resources `3.0.1 → 3.1.0 <https://blogs.apache.org/maven/entry/apache-maven-resources-plugin-version>`__.
49 This is a bug-fix and minor upstream bump upgrade from version 4.0.0.
54 The JaCoCo execution profile was incorrect, breaking Sonar; the report is now
55 written correctly, so that Sonar can find it.
57 The Blueprint Maven plugin fails when it encounters Java 9 classes; this is
58 fixed by forcefully upgrading its dependency on xbean-finder. See
59 `ODLPARENT-167 <https://jira.opendaylight.org/browse/ODLPARENT-167>`__ for
62 Upstream version upgrades
63 ~~~~~~~~~~~~~~~~~~~~~~~~~
65 * SpotBugs `3.1.6 → 3.1.7 <https://github.com/spotbugs/spotbugs/blob/release-3.1/CHANGELOG.md>`__.
67 Upstream version additions
68 ~~~~~~~~~~~~~~~~~~~~~~~~~~
70 * Mockito Inline is added alongside Mockito Core, to ensure that the versions
73 Plugin version upgrades
74 ~~~~~~~~~~~~~~~~~~~~~~~
76 * Clean `3.0.0 → 3.1.0 <https://blog.soebes.de/blog/2018/04/14/apache-maven-clean-plugin-version-3-dot-1-0-released/>`__.
78 * Compiler `3.7.0 → 3.8.0 <https://blog.soebes.de/blog/2018/07/30/apache-maven-compiler-plugin-version-3-dot-8-0-released/>`__.
80 * Dependency 3.0.2 → 3.1.1:
82 * `3.1.0 <https://blog.soebes.de/blog/2018/04/06/apache-maven-dependency-plugin-version-3-dot-1-0-released/>`__.
83 * `3.1.1 <https://blog.soebes.de/blog/2018/05/24/apache-maven-dependency-plugin-version-3-dot-1-1-released/>`__.
85 * Dependency Check `3.3.1 → 3.3.2 <https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md>`__.
87 * Enforcer `3.0.0-M1 → 3.0.0-M2 <https://mail-archives.apache.org/mod_mbox/maven-announce/201806.mbox/%3Cop.zko9b2vhkdkhrr%40desktop-2khsk44.dynamic.ziggo.nl%3E>`__.
89 * Failsafe 2.20.1 → 2.22:
91 * `2.21 <https://blog.soebes.de/blog/2018/03/06/apache-maven-surefire-plugin-version-2-dot-21-released/>`__.
92 * `2.22 <https://blog.soebes.de/blog/2018/06/16/apache-maven-surefire-plugin-version-2-dot-22-released/>`__.
96 * `3.0.0 <https://blog.soebes.de/blog/2018/03/18/apache-maven-help-plugin-version-3-dot-0-0-released/>`__.
97 * `3.0.1 <https://blog.soebes.de/blog/2018/03/28/apache-maven-help-plugin-version-3-dot-0-1-released/>`__.
98 * `3.1.0 <https://blog.soebes.de/blog/2018/06/09/apache-maven-help-plugin-version-3-dot-1-0-released/>`__.
100 * Invoker 2.0.0 → 3.1.0:
102 * `3.0.0 <https://blog.soebes.de/blog/2017/05/24/apache-maven-invoker-plugin-version-3-dot-0-0-released/>`__.
103 * `3.1.0 <https://blog.soebes.de/blog/2018/05/31/apache-maven-invoker-plugin-version-3-dot-1-0-released/>`__.
105 * JAR `3.0.2 → 3.1.0 <https://blog.soebes.de/blog/2018/04/10/apache-maven-jar-plugin-version-3-dot-1-dot-0-released/>`__.
107 * Project Info Reports `2.9 → 3.0.0 <https://blog.soebes.de/blog/2018/06/27/apache-maven-project-info-reports-plugin-3-dot-0-0-released/>`__.
109 * Resources `3.0.1 → 3.1.0 <https://blog.soebes.de/blog/2018/05/01/apache-maven-resources-plugin-version-3-dot-1-0-released/>`__.
111 * Shade `3.1.0 → 3.2.0 <https://blog.soebes.de/blog/2018/09/13/apache-maven-shade-plugin-version-3-dot-2-0-released/>`__.
113 * Site `3.7 → 3.7.1 <https://blog.soebes.de/blog/2018/04/29/apache-maven-site-plugin-version-3-dot-7-1-released/>`__.
115 * Surefire 2.18.1 → 2.22.0:
117 * `2.19 <https://blog.soebes.de/blog/2015/10/19/apache-maven-surefire-plugin-version-2-dot-19-released/>`__.
118 * `2.19.1 <https://blog.soebes.de/blog/2016/01/03/apache-maven-surefire-plugin-version-2-dot-19-dot-1-released/>`__.
119 * `2.20 <https://blog.soebes.de/blog/2017/04/12/apache-maven-surefire-plugin-version-2-dot-20-released/>`__.
120 * `2.21 <https://blog.soebes.de/blog/2018/03/06/apache-maven-surefire-plugin-version-2-dot-21-released/>`__.
121 * `2.22 <https://blog.soebes.de/blog/2018/06/16/apache-maven-surefire-plugin-version-2-dot-22-released/>`__.
127 This is a major upgrade from version 3, with breaking changes; projects will
128 need to make changes to upgrade to this version.
130 `This Wiki page <https://wiki.opendaylight.org/view/Neon_platform_upgrade>`_
131 has detailed step-by-step migration instructions.
133 ODL Parent 4 requires Maven 3.5.3 or later; this is needed in particular to
134 enable SpotBugs support with current versions of the SpotBugs plugin.
139 This release’s SpotBugs support doesn’t handle Guava 25.1 correctly, resulting
140 in false-positives regarding null handling; see
141 `ODLPARENT-161 <https://jira.opendaylight.org/browse/ODLPARENT-161>`_ for
142 details. Until this is fixed, the corresponding warnings are disabled, which
143 matches our existing FindBugs configuration (which suffers from the a variant
144 of this, with the same consequences).
146 We are planning on upgrading Akka during the 4.x cycle, even if it results in
147 a technically breaking upgrade. This is currently blocked on an OSGi bug in
148 Akka; see `Akka issue 25579 <https://github.com/akka/akka/issues/25579>`_ for
151 Blueprint and OSGi service handling
152 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
154 Previous releases used an OpenDaylight-specific directory for Blueprint XML
155 files, ``org/opendaylight/blueprint``. It turned out this wasn’t useful, so
156 version 4 uses the default directory, ``OSGI-INF/blueprint``.
158 The Maven bundle plugin is now configured to omit the ``Import-Service`` and
159 ``Export-Service`` headers, since they are deprecated, unnecessary in
160 OpenDaylight, and liable to cause issues.
162 With previous releases of OpenDaylight, projects were encouraged to use Pax
163 CDI API annotations to describe their Blueprint beans, services and injections;
164 with version 4, Blueprint annotations should be used instead:
166 * modules should depend on
167 ``org.apache.aries.blueprint:blueprint-maven-plugin-annotation``, with the
168 ``<optional>true</optional>`` flag, instead of
169 ``org.ops4j.pax.cdi:pax-cdi-api``;
171 * ``@OsgiServiceProvider`` on bean definitions is replaced by ``@Service``;
173 * ``@OsgiService`` at injection points is replaced by ``@Reference``;
175 * ``@OsgiService`` on bean definitions, while technically wrong, can be seen in
176 the OpenDaylight codebase; this is replaced by ``@Service``;
178 * service lists can be injected using ``@ReferenceList``.
180 See `this Gerrit patch <https://git.opendaylight.org/gerrit/75699>`_ for an
186 Builds now warn about unchecked type uses (such as raw types where generics
189 JUnit and Mockito are always available as test dependencies and no longer need
190 to be declared in POMs.
195 An OWASP profile is now available to run OWASP’s dependency checker; this will
196 check all third-party dependencies against the NVD vulnerability database. To
197 enable this, run Maven with ``-Powasp``.
199 Build profile changes
200 ~~~~~~~~~~~~~~~~~~~~~
202 ``-Pq`` now skips Modernizer.
207 ``odl-akka-leveldb-0.10`` wraps LevelDB 0.10 for Akka.
209 ``odl-apache-commons-codec`` wraps Apache Commons Codec.
211 ``odl-apache-commons-lang3`` wraps Apache Commons Lang 3.
213 ``odl-apache-commons-net`` wraps Apache Commons Net.
215 ``odl-apache-commons-text`` wraps Apache Commons Text.
217 ``odl-apache-sshd`` wraps Apache SSHD.
219 ``odl-guava`` provides the default ODL version of Guava; it should be used
220 instead of ``odl-guava-23`` or the new ``odl-guava-25``.
222 ``odl-jackson-2.9`` wraps Jackson 2.9.
224 New FindBugs and SpotBugs settings
225 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
227 FindBugs and SpotBugs are configured with
228 `the SLF4J extension <http://kengotoda.github.io/findbugs-slf4j/>`_ (version
229 1.4.0 for FindBugs, 1.4.1 for SpotBugs). This will flag misused SLF4J calls, in
230 particular message templates which don’t match the arguments, and invalid
231 placeholders (*e.g.* ``%s`` instead of ``{}``).
236 ``aggregator-parent`` was unusable outside ``odlparent`` and has been removed.
237 Instead, the ``maven.deploy.skip`` and ``maven.install.skip`` properties are
238 available to disable deploying and installing artifacts.
240 Upstream version upgrades
241 ~~~~~~~~~~~~~~~~~~~~~~~~~
243 This version upgrades the following third-party dependencies:
245 * Aeron 1.7.0 → 1.9.3:
247 * `1.8.0 <https://github.com/real-logic/aeron/releases/tag/1.8.0>`_.
248 * `1.8.1 <https://github.com/real-logic/aeron/releases/tag/1.8.1>`_.
249 * `1.8.2 <https://github.com/real-logic/aeron/releases/tag/1.8.2>`_.
250 * `1.9.0 <https://github.com/real-logic/aeron/releases/tag/1.9.0>`_.
251 * `1.9.1 <https://github.com/real-logic/aeron/releases/tag/1.9.1>`_.
252 * `1.9.2 <https://github.com/real-logic/aeron/releases/tag/1.9.2>`_.
253 * `1.9.3 <https://github.com/real-logic/aeron/releases/tag/1.9.3>`_.
255 * Agrona 0.9.12 → 0.9.21:
257 * `0.9.13 <https://github.com/real-logic/agrona/releases/tag/0.9.13>`_.
258 * `0.9.14 <https://github.com/real-logic/agrona/releases/tag/0.9.14>`_.
259 * `0.9.15 <https://github.com/real-logic/agrona/releases/tag/0.9.15>`_.
260 * `0.9.16 <https://github.com/real-logic/agrona/releases/tag/0.9.16>`_.
261 * `0.9.17 <https://github.com/real-logic/agrona/releases/tag/0.9.17>`_.
262 * `0.9.18 <https://github.com/real-logic/agrona/releases/tag/0.9.18>`_.
263 * `0.9.19 <https://github.com/real-logic/agrona/releases/tag/0.9.19>`_.
264 * `0.9.20 <https://github.com/real-logic/agrona/releases/tag/0.9.20>`_.
265 * `0.9.21 <https://github.com/real-logic/agrona/releases/tag/0.9.21>`_.
267 * Akka 2.5.11 → 2.5.14:
269 * `2.5.12 <https://akka.io/blog/news/2018/04/13/akka-2.5.12-released>`_.
270 * `2.5.13 <https://akka.io/blog/news/2018/06/08/akka-2.5.13-released>`_.
271 * `2.5.14 <https://akka.io/blog/news/2018/07/13/akka-2.5.14-released>`_.
273 * ASM 5.1 → 6.2.1 (synchronised with Karaf).
275 * Bouncy Castle `1.59 → 1.60 <https://www.bouncycastle.org/releasenotes.html>`_.
277 * Checkstyle `8.4 → 8.12 <http://checkstyle.sourceforge.net/releasenotes.html#Release_8.12>`_.
279 * Commons Lang `3.7 → 3.8 <http://www.apache.org/dist/commons/lang/RELEASE-NOTES.txt>`_.
281 * Commons Text 1.1 → 1.4:
283 * `1.2 <https://commons.apache.org/proper/commons-text/release-notes/RELEASE-NOTES-1.2.txt>`_.
284 * `1.3 <https://commons.apache.org/proper/commons-text/release-notes/RELEASE-NOTES-1.3.txt>`_.
285 * `1.4 <https://commons.apache.org/proper/commons-text/release-notes/RELEASE-NOTES-1.4.txt>`_.
287 * Eclipse JDT annotations 2.1.150 → 2.2.0.
289 * EclipseLink Moxy JAXB `2.7.1 → 2.7.3 <https://www.eclipse.org/eclipselink/releases/2.7.php>`_.
291 * Enunciate core annotations
292 `2.10.1 → 2.11.1 <https://github.com/stoicflame/enunciate/releases>`_.
294 * Felix Metatype 1.1.6 → 1.2.0 (synchronised with Karaf).
296 * Google Truth `0.40 → 0.42 <https://github.com/google/truth/releases>`_.
298 * Guava 23.6.1 → 25.1:
300 * `23.4 <https://github.com/google/guava/releases/tag/v23.4>`_.
301 * `23.5 <https://github.com/google/guava/releases/tag/v23.5>`_.
302 * `23.6 <https://github.com/google/guava/releases/tag/v23.6>`_.
303 * `24.0 <https://github.com/google/guava/releases/tag/v24.0>`_.
304 * `24.1 <https://github.com/google/guava/releases/tag/v24.1>`_.
305 * `25.0 <https://github.com/google/guava/releases/tag/v25.0>`_.
306 * `25.1 <https://github.com/google/guava/releases/tag/v25.1>`_.
308 * Immutables `2.5.6 → 2.7.1 <https://github.com/immutables/immutables/blob/master/README.md#changelog>`_.
310 * Jackson 2.8.9 → 2.9.6:
312 * `2.9 feature overview <https://medium.com/@cowtowncoder/jackson-2-9-features-b2a19029e9ff>`_.
313 * `2.9 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9>`_.
314 * `2.9.1 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.1>`_.
315 * `2.9.2 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.2>`_.
316 * `2.9.3 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.3>`_.
317 * `2.9.4 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.4>`_.
318 * `2.9.5 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.5>`_.
319 * `2.9.6 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.6>`_.
321 * JaCoCo `0.8.1 → 0.8.2 <https://github.com/jacoco/jacoco/releases/tag/v0.8.2>`_.
323 * Javassist 3.22.0 → 3.23.1. This provides compatibility with Java 9 and later,
324 and `fixes a file handle leak <https://github.com/jboss-javassist/javassist/issues/165>`_.
326 * Jettison 1.3.8 → 1.4.0.
328 * Jetty 9.3.21 → 9.4.11 (synchronised with Karaf):
330 * `9.4.0 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00097.html>`_.
331 * `9.4.1 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00100.html>`_.
332 * `9.4.2 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00101.html>`_.
333 * `9.4.3 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00102.html>`_.
334 * `9.4.4 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00105.html>`_.
335 * `9.4.5 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00107.html>`_.
336 * `9.4.6 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00109.html>`_.
337 * `9.4.7 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00111.html>`_.
338 * `9.4.8 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00114.html>`_.
339 * `9.4.9 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00117.html>`_.
340 * `9.4.10 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00119.html>`_.
341 * `9.4.11 <https://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00122.html>`_.
343 * Jolokia OSGi `1.5.0 → 1.6.0 <https://jolokia.org/changes-report.html#a1.6.0>`_.
345 * Karaf 4.1.5 → 4.2.1:
347 * `4.1.6 <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12342748>`_.
348 * `4.2.1 <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12342945>`_.
350 * LMAX Disruptor 3.3.10 → 3.4.1:
352 * `3.4.0 <https://github.com/LMAX-Exchange/disruptor/releases/tag/3.4.0>`_.
353 * `3.4.1 <https://github.com/LMAX-Exchange/disruptor/releases/tag/3.4.1>`_.
355 * META-INF services 1.7 → 1.8.
357 * Mockito 1.10.19 → 2.20.1; see
358 `What’s new in Mockito 2 <https://github.com/mockito/mockito/wiki/What%27s-new-in-Mockito-2>`_
359 for upgrade instructions and
360 `the list of issues you might run into <https://asolntsev.github.io/en/2016/10/11/mockito-2.1/>`_.
362 * Netty 4.1.22 → 4.1.28:
364 * `4.1.17 <http://netty.io/news/2017/11/08/4-0-53-Final-4-1-17-Final.html>`_.
365 * `4.1.18 <http://netty.io/news/2017/12/11/4-0-54-Final-4-1-18-Final.html>`_.
366 * `4.1.19 <http://netty.io/news/2017/12/18/4-1-19-Final.html>`_.
367 * `4.1.20 <http://netty.io/news/2018/01/22/4-0-55-Final-4-1-20-Final.html>`_.
368 * `4.1.21 <http://netty.io/news/2018/02/05/4-0-56-Final-4-1-21-Final.html>`_.
369 * `4.1.22 <http://netty.io/news/2018/02/21/4-1-22-Final.html>`_.
370 * `4.1.23 <http://netty.io/news/2018/04/04/4-1-23-Final.html>`_.
371 * `4.1.24 <http://netty.io/news/2018/04/19/4-1-24-Final.html>`_.
372 * `4.1.25 <http://netty.io/news/2018/05/14/4-1-25-Final.html>`_.
373 * `4.1.26 <http://netty.io/news/2018/07/10/4-1-26-Final.html>`_.
374 * `4.1.27 <http://netty.io/news/2018/07/11/4-1-27-Final.html>`_.
375 * `4.1.28 <http://netty.io/news/2018/07/27/4-1-28-Final.html>`_.
377 * Pax Exam 4.11.0 → 4.12.0.
379 * Pax URL 2.5.3 → 2.5.4, which only fixes
380 `a potential NullPointerException <https://ops4j1.jira.com/browse/PAXURL-346>`_.
382 * PowerMock 1.6.4 → 1.7.4:
384 * `1.6.5 <https://github.com/powermock/powermock/releases/tag/powermock-1.6.5>`_.
385 * `1.6.6 <https://github.com/powermock/powermock/releases/tag/powermock-1.6.6>`_.
386 * `1.7.0 <https://github.com/powermock/powermock/releases/tag/powermock-1.7.0>`_.
387 * `1.7.1 <https://github.com/powermock/powermock/releases/tag/powermock-1.7.1>`_.
388 * `1.7.2 <https://github.com/powermock/powermock/releases/tag/powermock-1.7.2>`_.
389 * `1.7.3 <https://github.com/powermock/powermock/releases/tag/powermock-1.7.3>`_.
390 * `1.7.4 <https://github.com/powermock/powermock/releases/tag/powermock-1.7.4>`_.
392 * Scala parser combinators 1.0.7 → 1.1.1:
394 * `1.1.0 <https://github.com/scala/scala-parser-combinators/releases/tag/v1.1.0>`_.
395 * `1.1.1 <https://github.com/scala/scala-parser-combinators/releases/tag/v1.1.1>`_.
397 * SpotBugs `3.1.0 → 3.1.6 <https://github.com/spotbugs/spotbugs/blob/3.1.6/CHANGELOG.md>`_.
399 * Threeten Extra `1.3.2 → 1.4 <https://github.com/ThreeTen/threeten-extra/releases>`_.
401 * Typesafe SSL config 0.2.2 → 0.2.4:
403 * `0.2.3 <https://github.com/lightbend/ssl-config/releases/tag/v0.2.3>`_.
404 * `0.2.4 <https://github.com/lightbend/ssl-config/releases/tag/v0.2.4>`_.
407 `2.10 → 3.1.0 <https://lists.apache.org/thread.html/96024c54db7680697cb066e22a37b0ed5b4498386714a8a9ae1ec9cd@%3Cannounce.maven.apache.org%3E>`_.
409 * XMLUnit `1.6 → 2.6.2 <https://github.com/xmlunit/xmlunit/blob/master/RELEASE_NOTES.md>`_.
411 Upstream version additions
412 ~~~~~~~~~~~~~~~~~~~~~~~~~~
414 The following upstream dependencies have been added to dependency management:
416 * Apache SSHD 2.0.0, with EdDSA and Netty support (EdDSA is provided by ``net.i2p.crypto:eddsa``).
418 * Blueprint annotations (``org.apache.aries.blueprint:blueprint-maven-plugin-annotation``).
422 * Pax Web 7.2.3 (synchronised with Karaf).
424 Upstream version removals
425 ~~~~~~~~~~~~~~~~~~~~~~~~~
427 The following upstream dependencies have been removed from dependency management:
431 * Our repackaging of Jersey Servlet.
433 * JUnit’s ``junit-dep``, which has long been obsolete.
435 * LevelDB (which is still available as features).
437 * Pax CDI API — Blueprint annotations should be used instead.
439 Plugin version upgrades
440 ~~~~~~~~~~~~~~~~~~~~~~~
442 The following plugins have been upgraded:
444 * Blueprint 1.4.0 → 1.10.0.
446 * Build helper 1.12 → 3.0.0.
448 * Bundle plugin 3.5.0 → 4.0.0.
451 `2.17 → 3.0.0 <https://mail-archives.apache.org/mod_mbox/maven-announce/201801.mbox/%3Cop.zchs68akkdkhrr%40desktop-2khsk44.mshome.net%3E>`_.
454 `1.2.1 → 1.3.0 <https://github.com/basepom/duplicate-finder-maven-plugin/blob/master/CHANGES.md>`_.
456 * Git commit id `2.2.4 → 2.2.5 <https://github.com/ktoso/maven-git-commit-id-plugin/releases/tag/v2.2.5>`_.
458 * Jacoco Maven plugin `0.8.1 → 0.8.2 <https://github.com/jacoco/jacoco/releases/tag/v0.8.2>`_.
460 * Javadoc `3.0.0 → 3.0.1 <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317529&version=12342283>`_.
464 * `3.10.0 <https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12342689&styleName=Text&projectId=12317621>`_.
466 * Sevntu `1.29.0 → 1.32.0 <http://sevntu-checkstyle.github.io/sevntu.checkstyle/#1.32.0>`_.
468 * SpotBugs 3.1.0-RC6 → 3.1.6 (see the SpotBugs changes above).
473 This version fixes the following issues:
475 * `ODLPARENT-156 <https://jira.opendaylight.org/browse/ODLPARENT-156>`_:
476 ``xtend-maven-plugin``’s dependencies end up pulling in conflicting
477 dependencies. ODL Parent now constrains part of its dependency tree to avoid
480 This version adds ``odl-jackson-2.8`` to ``odlparent-artifacts``.
485 This version fixes the following issues:
487 * `INFRAUTILS-41 <https://jira.opendaylight.org/browse/INFRAUTILS-41>`_:
488 ``jre.properties`` includes ``com.sun.management`` so that it can be
489 enabled if necessary. (This doesn’t add a dependency on
490 ``com.sun.management``, it allows bundles to use it if it is present.)
492 * `ODLPARENT-136 <https://jira.opendaylight.org/browse/ODLPARENT-136>`_:
493 ``SingleFeatureTest`` pulls in ``org.osgi.compendium``.
495 * `ODLPARENT-144 <https://jira.opendaylight.org/browse/ODLPARENT-144>`_:
496 ``org.apache.karaf.scr.management`` is whitelisted so that it no longer
497 affects ``SingleFeatureTest``.
499 * `ODLPARENT-146 <https://jira.opendaylight.org/browse/ODLPARENT-146>`_:
500 null-related FindBugs checks which produce false-positives with Guava 23.6
501 and later are disabled, so that this really is fully backwards-compatible
504 * `ODLPARENT-148 <https://jira.opendaylight.org/browse/ODLPARENT-148>`_:
505 ``SingleFeatureTest`` preserves ``target/SFT/karaf.log``.
507 This version includes the following improvements:
509 * ``custom.properties`` no longer includes OVSDB-specific configuration.
511 * The ``odl-jersey-1`` feature includes the Jersey client.
513 * Redundant bundle dependency declarations in ``SingleFeatureTest`` have been
514 removed (these are declarations which are also present in our base Karaf
517 * Build errors involving invalid feature or bundle URLs now indicate which
520 * Obsolete Log4J overrides have been removed from ``SingleFeatureTest``.
522 When building using JDK 9 or 10, the default settings have been changed as
523 follows to avoid errors or extraneous warnings:
525 * SFT is disabled (it needs Karaf 4.2 or later);
527 * Javadocs are generated as HTML 4;
529 * SpotBugs is disabled on JDK 10 or later;
531 * FindBugs is disabled on JDK 9 or later.
533 The following third-party dependencies have been upgraded:
535 * `EclipseLink Moxy JAXB 2.6.2 → 2.7.1 <https://www.eclipse.org/eclipselink/releases/2.7.php>`_.
537 * `Google Truth 0.36 → 0.40 <https://github.com/google/truth/releases>`_.
539 * `Gson 2.8.2 → 2.8.5 <https://github.com/google/gson/blob/master/CHANGELOG.md>`_.
541 * `Guava 23.6 → 23.6.1 <https://github.com/google/guava/compare/v23.6...v23.6.1>`_.
542 This addresses CVE-2018-10237 (that’s the only change in this release).
544 * `Jacoco Maven plugin 0.8.0 → 0.8.1 <https://github.com/jacoco/jacoco/releases/tag/v0.8.1>`_.
546 * JDT annotations 2.1.0 → 2.1.150.
548 * `Scala 2.12.5 → 2.12.6 <https://github.com/scala/scala/releases/tag/v2.12.6>`_.
550 * `Scala Parser Combinators 1.0.6 → 1.0.7 <https://github.com/scala/scala-parser-combinators/releases/tag/v1.0.7>`_.
552 * `Sevntu 1.24.2 → 1.29.0 <https://sevntu-checkstyle.github.io/sevntu.checkstyle/#1.29.0>`_.
554 * `Xtext and Xtend 2.13.0 → 2.14.0 <https://github.com/eclipse/xtext/blob/website-master/xtend-website/_posts/releasenotes/2018-05-23-version-2-14-0.md>`_.
556 The following Maven plugin has been upgraded:
558 * `Javadoc 3.0.0 → 3.0.1 <https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317529&version=12342283>`_.
563 This version fixes the following issues:
565 * `ODLPARENT-137 <https://jira.opendaylight.org/browse/ODLPARENT-137>`_:
566 restore the OpenDaylight prompt.
568 * `ODLPARENT-146 <https://jira.opendaylight.org/browse/ODLPARENT-146>`_:
569 Guava 23.6 switched from @Nullable to @NullableDecl, which causes false
570 positives in FindBugs’ ``NP_NONNULL_PARAM_VIOLATION`` rule; we’re
571 disabling the rule for now.
576 This version fixes the following issues:
578 * Mycila dependencies are now “compile” scoped rather than “test”; this allows
579 child projects to use Guice with Mycila more easily.
581 * The duplicate finder now ignores ``web.xml`` and BluePrint XML files.
583 This version includes the following improvements:
585 * The ``-Pq`` profile skips Maven Modernizer, in preparation for its future
586 integration (and its use in child projects).
588 * An OWASP profile, ``-Powasp`` is available for vulnerability checking.
590 * A new ``odl-jackson-2.8`` feature provides Jackson 2.8 to child projects.
592 The following third-party dependencies have been added to dependency management:
594 * `ThreeTen-Extra <http://www.threeten.org/threeten-extra/>`_
596 The following third-party dependencies have been upgraded:
598 * Aeron 1.2.5 → 1.7.0; release notes:
600 * `1.3.0 <https://github.com/real-logic/aeron/releases/tag/1.3.0>`_
601 * `1.4.0 <https://github.com/real-logic/aeron/releases/tag/1.4.0>`_
602 * `1.5.0 <https://github.com/real-logic/aeron/releases/tag/1.5.0>`_
603 * `1.5.1 <https://github.com/real-logic/aeron/releases/tag/1.5.1>`_
604 * `1.5.2 <https://github.com/real-logic/aeron/releases/tag/1.5.2>`_
605 * `1.6.0 <https://github.com/real-logic/aeron/releases/tag/1.6.0>`_
606 * `1.7.0 <https://github.com/real-logic/aeron/releases/tag/1.7.0>`_
608 * Agrona 0.9.5 → 0.9.12; release notes:
610 * `0.9.6 <https://github.com/real-logic/Agrona/releases/tag/0.9.6>`_
611 * `0.9.7 <https://github.com/real-logic/Agrona/releases/tag/0.9.7>`_
612 * `0.9.8 <https://github.com/real-logic/Agrona/releases/tag/0.9.8>`_
613 * `0.9.9 <https://github.com/real-logic/Agrona/releases/tag/0.9.9>`_
614 * `0.9.10 <https://github.com/real-logic/Agrona/releases/tag/0.9.10>`_
615 * `0.9.11 <https://github.com/real-logic/Agrona/releases/tag/0.9.11>`_
616 * `0.9.12 <https://github.com/real-logic/Agrona/releases/tag/0.9.12>`_
618 * Akka 2.5.5 → 2.5.11; release notes:
620 * `2.5.6 <https://akka.io/blog/news/2017/09/28/akka-2.5.6-released>`_
621 * `2.5.7 <https://akka.io/blog/news/2017/11/17/akka-2.5.7-released>`_
622 * `2.5.8 <https://akka.io/blog/news/2017/12/08/akka-2.5.8-released>`_
623 * `2.5.9 <https://akka.io/blog/news/2018/01/11/akka-2.5.9-released-2.4.x-end-of-life>`_
624 * `2.5.10 <https://akka.io/blog/news/2018/02/23/akka-2.5.10-released>`_
625 * `2.5.11 <https://akka.io/blog/news/2018/02/28/akka-2.5.11-released>`_
627 * Commons Lang 3 `3.6 → 3.7 <http://www.apache.org/dist/commons/lang/RELEASE-NOTES.txt>`_
629 * Guava 23.3 → 23.6; release notes:
631 * `23.4 <https://github.com/google/guava/releases/tag/v23.4>`_
632 * `23.5 <https://github.com/google/guava/releases/tag/v23.5>`_
633 * `23.6 <https://github.com/google/guava/releases/tag/v23.6>`_
635 * H2 database `1.4.193 → 1.4.196 <http://www.h2database.com/html/changelog.html>`_
637 * Jacoco `0.7.9 → 0.8.0 <https://github.com/jacoco/jacoco/releases/tag/v0.8.0>`_
639 * Javassist `3.21.0 → 3.22.0 <https://github.com/jboss-javassist/javassist/compare/rel_3_21_0_ga...rel_3_22_0_ga>`_
641 * lmax-disruptor 3.3.7 → 3.3.10; release notes:
643 * `3.3.8 <https://github.com/LMAX-Exchange/disruptor/releases/tag/3.3.8>`_
644 * `3.3.9 <https://github.com/LMAX-Exchange/disruptor/releases/tag/3.3.9>`_
645 * `3.3.10 <https://github.com/LMAX-Exchange/disruptor/releases/tag/3.3.10>`_
647 * Netty 4.1.16 → 4.1.22; release notes:
649 * `4.1.17 <http://netty.io/news/2017/11/08/4-0-53-Final-4-1-17-Final.html>`_
650 * `4.1.18 <http://netty.io/news/2017/12/11/4-0-54-Final-4-1-18-Final.html>`_
651 * `4.1.19 <http://netty.io/news/2017/12/18/4-1-19-Final.html>`_
652 * `4.1.20 <http://netty.io/news/2018/01/22/4-0-55-Final-4-1-20-Final.html>`_
653 * `4.1.21 <http://netty.io/news/2018/02/05/4-0-56-Final-4-1-21-Final.html>`_
654 * `4.1.22 <http://netty.io/news/2018/02/21/4-1-22-Final.html>`_
656 * Scala `2.12.4 → 2.12.5 <http://www.scala-lang.org/news/2.12.5>`_
658 * Typesafe Config `0.2.1 → 0.2.2 <https://github.com/typesafehub/config/blob/master/NEWS.md>`_
660 The following Maven plugins have been upgraded:
662 * FindBugs 3.0.4 → 3.0.5
664 * Git commit id 2.2.2 → 2.2.4; release notes:
666 * `2.2.3 <https://github.com/ktoso/maven-git-commit-id-plugin/releases/tag/v2.2.3>`_
667 * `2.2.4 <https://github.com/ktoso/maven-git-commit-id-plugin/releases/tag/v2.2.4>`_
672 This version fixes the following issues:
674 * `ODLPARENT-136`_: ``features-test`` needs ``org.osgi.compendium``.
676 * Jackson dependencies are declared using ``jackson-bom`` to ensure all they
679 * ``find-duplicate-classpath-entries`` is run in the “verify” phase rather than
680 the “validate” phase, which is too early.
682 * The version of Jetty we pull in is now aligned with that declared in Karaf,
683 resolving a number of restart and dependency issues.
685 * Pulling in the ``wrap`` feature unconditionally is no longer necessary, so
686 ``karaf4-parent`` no longer does so.
688 * ``metainf-services`` are declared with scope “provided” to avoid their being
689 included in downstream features (it’s a build-time dependency only).
691 * ``leveldb-api`` is excluded from ``odl-akka-leveldb-0.7``, and ``jsr250-api``
692 from ``enunciate-core-annotations``, to avoid duplicate having classes on the
695 * Since the ``ssh`` feature is excluded from generated features, our Karaf
696 need to enable it at boot in all cases.
698 * ``bundle-test-lib`` is now a bundle.
700 * Since we use static SLF4J loggers, the ``SLF4J_LOGGER_SHOULD_BE_NON_STATIC``
701 rule needs to be disabled in our FindBugs configuration (this allows
702 downstream projects to enable ``findbugs-slf4j`` without having to deal with
703 all the resulting false-positives).
705 * ``org.apache.karaf.scr.management`` is white-listed in SFT to avoid failures
706 apparently related to that component (which we don’t care about).
708 .. _ODLPARENT-136: https://jira.opendaylight.org/browse/ODLPARENT-136
710 This version upgrades the following third-party dependencies:
712 * `Antlr 4.7 → 4.7.1`_
714 * `BouncyCastle 1.58 → 1.59`_
716 * Jersey 1.17 → 1.19.4 (additionally available as the ``odl-jersey-1`` feature)
718 * Jolokia 1.3.7 → 1.5.0
720 * Karaf 4.1.3 → 4.1.5; release notes:
725 .. _Antlr 4.7 → 4.7.1: https://github.com/antlr/antlr4/releases/tag/4.7.1
726 .. _BouncyCastle 1.58 → 1.59: https://www.bouncycastle.org/releasenotes.html
727 .. _Karaf 4.1.4: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12341702
728 .. _Karaf 4.1.5: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12342294
733 This version fixes the following issues:
735 * SingleFeatureTest uses the configured local Maven repository for Pax Exam.
737 * JavaDoc links are disabled for now to `speed up builds`_. A new
738 ``javadoc-links`` profile enables the links.
740 * Conditional feature dependencies are processed, ensuring our
741 `distribution is complete`_.
743 * Startup features are `adjusted for Karaf 4.1`_, avoiding unnecessary
746 * The ``hiddenField`` Checkstyle check is disabled for abstract methods.
748 * The default logging configuration uses Log4J2, which is the new default in
751 .. _speed up builds: https://jira.opendaylight.org/browse/ODLPARENT-121
752 .. _distribution is complete: https://jira.opendaylight.org/browse/ODLPARENT-133
753 .. _adjusted for Karaf 4.1: https://jira.opendaylight.org/browse/ODLPARENT-134
755 This version upgrades the following dependencies or plugins:
757 * ``maven-enforcer-plugin`` 1.4.1 → 3.0.0-M1
759 * ``maven-javadoc-plugin`` 3.0.0-M1 → 3.0.0
764 This version fixes the following issues:
766 * Karaf pulls in an invalid Hibernate feature repository, breaking downstream
767 dependencies pulling in the “war” feature. ``populate-local-repo`` corrects
768 the repository dependency.
777 Build now show compiler warnings and deprecation warnings. This doesn't affect
778 the result or require any changes currently, it just makes the issues more
784 Checkstyle has been upgraded from 7.6 to 8.4 (see the
785 `Checkstyle release notes`_ for details), and Sevntu from 1.21.0 to 1.24.2
786 (note that the latter's group identifier changed from
787 ``com.github.sevntu.checkstyle`` to ``com.github.sevntu-checkstyle``; you
788 might need to update your IDE's configuration).
790 The following Checkstyle rules are enabled; this might require changes in
791 projects which enforce Checkstyle validation:
793 * `AvoidHidingCauseExceptionCheck`_
794 * `FinalClass`_: utility classes must be declared ``final``
795 * `HiddenField`_: fields must not be shadowed
796 * `HideUtilityClassConstructor`_: utility classes must hide their constructor
798 .. _Checkstyle release notes: http://checkstyle.sourceforge.net/releasenotes.html
800 .. _AvoidHidingCauseExceptionCheck: http://sevntu-checkstyle.github.io/sevntu.checkstyle/apidocs/com/github/sevntu/checkstyle/checks/coding/AvoidHidingCauseExceptionCheck.html
801 .. _FinalClass: http://checkstyle.sourceforge.net/config_design.html#FinalClass
802 .. _HiddenField: http://checkstyle.sourceforge.net/config_coding.html#HiddenField
803 .. _HideUtilityClassConstructor: http://checkstyle.sourceforge.net/config_design.html#HideUtilityClassConstructor
808 Karaf has been upgraded to 4.1.3. This should be transparent for dependent
814 * When building a Karaf distribution using ``karaf4-parent``, projects can
815 specify which archives to build: the ``karaf.archiveZip`` property will
816 enable ZIP files if true, and ``karaf.archiveTarGz`` will enable
817 gzip-compressed tarballs if true. By default both are enabled.
819 * Our Karaf distribution provides Bouncy Castle at startup. Auto-generated
820 feature descriptors take this into account (they won't embed a Bouncy
826 * The ``odl-triemap-0.2`` feature wrapping
827 ``com.github.romix:java-concurrent-hash-trie-map`` was rendered obsolete by
828 YANG Tools' implementation and has been removed.
833 * ``odl-javassist-3`` provides Javassist in a feature.
835 * ``odl-jung-2.1`` provides `JUNG`_ in a feature.
837 .. _JUNG: http://jung.sourceforge.net/
839 Upstream version upgrades
840 ~~~~~~~~~~~~~~~~~~~~~~~~~
842 The following upstream dependencies have been upgraded:
844 * Akka 2.4.18 → 2.5.4; release notes:
852 * `Awaitility 2 → 3`_
854 * `Bouncy Castle 1.57 → 1.58`_
856 * `Commons Codec 1.10 → 1.11`_
858 * `Commons File Upload 1.3.2 → 1.3.3`_
860 * `Commons IO 2.5 → 2.6`_
862 * Eclipse JDT annotations 2.0.0 → 2.1.0
864 * Felix Dependency Manager 4.3.0 → 4.4.1
865 * Felix Dependency Manager Shell 4.0.4 → 4.0.6
866 * Felix Metatype 1.1.2 → 1.1.6
868 * `Google Truth 0.28 → 0.36`_ (with the Java 8 extensions)
870 * `Gson 2.7 → 2.8.2`_
872 * Guava 22 → 23.3 along with the associated feature name change from
873 ``odl-guava-22`` to ``odl-guava-23`` (dependent packages *must* change their
874 dependency); release notes:
881 * Immutables 2.4.2 → 2.5.6
883 * Jackson 2.3.2 → 2.8.9
885 * Jacoco 0.7.7 → 0.7.9; release notes:
890 * Jacoco Listeners 2.4 → 3.8
892 * `Javassist 3.20.0 → 3.21.0`_
894 * `Jettison 1.3.7 → 1.3.8`_
896 * `Jolokia 1.3.6 → 1.3.7`_
898 * `JSONassert 1.3.0 → 1.5.0`_
900 * `logback 1.2.2 → 1.2.3`_
902 * `LMAX Disruptor 3.3.6 → 3.3.7`_
904 * Netty 4.1.8 → 4.1.16; release notes:
915 * `Pax URL 2.5.2 → 2.5.3`_
917 * Scala 2.11.11 → 2.12.4; release notes:
925 * Servlet API 3.0.1 → 3.1.0
927 * `SLF4J 1.7.21 → 1.7.25`_
929 * `webcohesion enunciate 2.6.0 → 2.10.1`_
931 * `Xtend 2.12 → 2.13`_
933 .. _Akka 2.5.0: http://akka.io/blog/news/2017/04/13/akka-2.5.0-released
934 .. _Akka 2.5.1: http://akka.io/blog/news/2017/05/02/akka-2.5.1-released
935 .. _Akka 2.5.2: http://akka.io/blog/news/2017/05/24/akka-2.5.2-released
936 .. _Akka 2.5.3: http://akka.io/blog/news/2017/06/19/akka-2.5.3-released
937 .. _Akka 2.5.4: http://akka.io/blog/news/2017/08/10/akka-2.5.4-released
939 .. _Awaitility 2 → 3: https://github.com/awaitility/awaitility/wiki/ReleaseNotes30
941 .. _Bouncy Castle 1.57 → 1.58: https://www.bouncycastle.org/releasenotes.html
943 .. _Commons Codec 1.10 → 1.11: http://www.apache.org/dist/commons/codec/RELEASE-NOTES.txt
945 .. _Commons File Upload 1.3.2 → 1.3.3: http://www.apache.org/dist/commons/fileupload/RELEASE-NOTES.txt
947 .. _Commons IO 2.5 → 2.6: http://www.apache.org/dist/commons/io/RELEASE-NOTES.txt
949 .. _Google Truth 0.28 → 0.36: https://github.com/google/truth/releases
951 .. _Gson 2.7 → 2.8.2: https://github.com/google/gson/blob/master/CHANGELOG.md
953 .. _Guava 23: https://github.com/google/guava/wiki/Release23
954 .. _Guava 23.1: https://github.com/google/guava/releases/tag/v23.1
955 .. _Guava 23.2: https://github.com/google/guava/releases/tag/v23.2
956 .. _Guava 23.3: https://github.com/google/guava/releases/tag/v23.3
958 .. _Jacoco 0.7.8: https://github.com/jacoco/jacoco/releases/tag/v0.7.8
959 .. _Jacoco 0.7.9: https://github.com/jacoco/jacoco/releases/tag/v0.7.9
961 .. _Javassist 3.20.0 → 3.21.0: https://github.com/jboss-javassist/javassist/compare/rel_3_20_0_ga...rel_3_21_0_ga
963 .. _Jettison 1.3.7 → 1.3.8: https://github.com/jettison-json/jettison/compare/jettison-1.3.7...jettison-1.3.8
965 .. _Jolokia 1.3.6 → 1.3.7: https://github.com/rhuss/jolokia/releases/tag/v1.3.7
967 .. _JSONassert 1.3.0 → 1.5.0: https://github.com/skyscreamer/JSONassert/releases
969 .. _logback 1.2.2 → 1.2.3: https://logback.qos.ch/news.html
971 .. _LMAX Disruptor 3.3.6 → 3.3.7: https://github.com/LMAX-Exchange/disruptor/releases/tag/3.3.7
973 .. _Netty 4.1.9: http://netty.io/news/2017/03/10/4-0-45-Final-4-1-9-Final.html
974 .. _Netty 4.1.10: http://netty.io/news/2017/04/30/4-0-46-Final-4-1-10-Final.html
975 .. _Netty 4.1.11: http://netty.io/news/2017/05/12/4-0-47-Final-4-1-11-Final.html
976 .. _Netty 4.1.12: http://netty.io/news/2017/06/09/4-0-48-Final-4-1-12-Final.html
977 .. _Netty 4.1.13: http://netty.io/news/2017/07/06/4-0-49-Final-4-1-13-Final.html
978 .. _Netty 4.1.14: http://netty.io/news/2017/08/03/4-0-50-Final-4-1-14-Final.html
979 .. _Netty 4.1.15: http://netty.io/news/2017/08/25/4-0-51-Final-4-1-15-Final.html
980 .. _Netty 4.1.16: http://netty.io/news/2017/09/25/4-0-52-Final-4-1-16-Final.html
982 .. _Pax URL 2.5.2 → 2.5.3: https://ops4j1.jira.com/browse/PAXURL-345?jql=project%20%3D%20PAXURL%20AND%20fixVersion%20%3D%202.5.3
984 .. _Scala 2.12.0: https://github.com/scala/scala/releases/tag/v2.12.0
985 .. _Scala 2.12.1: https://github.com/scala/scala/releases/tag/v2.12.1
986 .. _Scala 2.12.2: https://github.com/scala/scala/releases/tag/v2.12.2
987 .. _Scala 2.12.3: https://github.com/scala/scala/releases/tag/v2.12.3
988 .. _Scala 2.12.4: https://github.com/scala/scala/releases/tag/v2.12.4
990 .. _SLF4J 1.7.21 → 1.7.25: https://www.slf4j.org/news.html
992 .. _webcohesion enunciate 2.6.0 → 2.10.1: https://github.com/stoicflame/enunciate/releases
994 .. _Xtend 2.12 → 2.13: https://www.eclipse.org/xtend/releasenotes.html
996 Upstream version additions
997 ~~~~~~~~~~~~~~~~~~~~~~~~~~
999 The following upstream dependencies have been added to dependency management:
1001 * Commons Text, ``org.apache.commons:commons-text`` (this will allow downstreams
1002 to migrate from ``commons-lang3``\’s ``WordUtils``, which is deprecated)
1004 Upstream version removals
1005 ~~~~~~~~~~~~~~~~~~~~~~~~~
1007 The following upstream dependencies have been removed from dependency
1008 management (they are obsolete and unused):
1012 * Equinox HTTP service bridge
1013 * ``equinoxSDK381`` artifacts
1014 * Coda Hale Metrics, which are mostly unused and should eventually be wrapped
1016 * ``com.google.code.findbugs:jsr305`` (which *must not* be used; this is
1017 enforced — ``annotations`` should be used instead)
1018 * Felix File Install and Web Console
1021 * ``org.mockito:mockito-all`` (which *must not* be used; this is enforced —
1022 ``mockito-core`` should be used instead)
1028 Plugin version upgrades
1029 ~~~~~~~~~~~~~~~~~~~~~~~
1031 The following plugins have been upgraded:
1033 * ``org.apache.servicemix.tooling:depends-maven-plugin`` 1.3.1 → 1.4.0
1034 * ``org.apache.felix:maven-bundle-plugin`` 2.4.0 → 3.3.0
1035 * ``maven-compiler-plugin`` 3.6.1 → 3.7.0
1036 * ``maven-dependency-plugin`` 3.0.1 → 3.0.2
1037 * ``maven-enforcer-plugin`` 1.4.1 → 3.0.0-M1
1038 * ``maven-failsafe-plugin`` 2.18.1 → 2.20.1
1039 * ``maven-javadoc-plugin`` 2.10.4 → 3.0.0-M1
1040 * ``maven-shade-plugin`` 2.4.3 → 3.1.0
1045 * The `Maven Find Duplicates`_ plugin can be enabled by setting the
1046 ``duplicate-finder.skip`` property to ``false``.
1048 * The SpotBugs_ Maven plugin can now be used instead of the FindBugs plugin
1049 (both are available, so no change is required). To use SpotBugs, replace
1050 ``org.codehaus.mojo:findbugs-maven-plugin`` with
1051 ``com.github.spotbugs:spotbugs-maven-plugin``.
1053 .. _Maven Find Duplicates: https://github.com/basepom/duplicate-finder-maven-plugin/
1055 .. _SpotBugs: https://spotbugs.github.io/