ODL Parent release notes
========================
+Version 4.0.10
+--------------
+
+Version 4.0.9
+-------------
+
+This is a bug-fix upgrade from version 4.0.8.
+
+Bug fixes
+~~~~~~~~~
+
+* ``karaf-plugin`` invocation in ``karaf4-parent`` caused previously
+ patched features to be overwritten with their stock versions, referencing
+ bundles which were not populated in the local repository. (See
+ `ODLPARENT-194 <https://jira.opendaylight.org/browse/ODLPARENT-194>`__.)
+
+* ``karaf-plugin`` version in ``karaf4-parent`` is now provided through
+ plugin management so downstreams can override it without needing
+ to repeat its configuration.
+
+* ``karaf-plugin`` no longer reads features twice when running discovery,
+ speeding up the process a bit.
+
+* Recent versions of the SpotBugs Maven plugin use SLF4J 1.8 beta 2, which
+ can’t use the 1.7.25 implementation we provide; we therefore provide an
+ implementation of 1.8 beta 2 when SpotBugs is used. (See
+ `ODLPARENT-184 <https://jira.opendaylight.org/browse/ODLPARENT-184>`__.)
+
+New features
+~~~~~~~~~~~~
+
+* ``odl-woodstox`` wraps the Woodstox StAX implementation which is imposed on
+ us by Karaf.
+
+Version 4.0.8
+-------------
+
+This is a bug-fix and minor upstream bump upgrade from version 4.0.7.
+
+Bug fixes
+~~~~~~~~~
+
+* ``bcprov-ext-jdk15on`` is a superset of ``bcprov-jdk15on``, so there’s no
+ need to ship both; we now only ship the former. In addition, we install the
+ Bouncy Castle JARs in ``lib/boot`` so that they continue to be available on
+ the boot classpath (JDK 9 removes the extension mechanism which was used
+ previously), and provide the corresponding bundles from the boot classpath
+ instead of using separate JARs in the system repository. (See
+ `ODLPARENT-183 <https://jira.opendaylight.org/browse/ODLPARENT-183>`__ and
+ `ODLPARENT-185 <https://jira.opendaylight.org/browse/ODLPARENT-185>`__.)
+
+* A dependency check has been added to ensure that we don’t run into the
+ TrieMap dependency bug in 4.0.6 again.
+
+* Dependencies pulled in by features are now checked for convergence, and
+ ``karaf-plugin`` warns when it finds diverging dependencies (the same
+ artifact with two different versions). Upstream-provided features are
+ patched to avoid the following divergences (and upgrade some dependencies in
+ the process):
+
+ * Aries utilities 1.1.0/1.1.3 (upgraded to 1.1.3).
+ * Commons Beanutils 1.8.3/1.9.3 (upgraded to 1.9.3).
+ * Commons Codec 1.8/1.10 (upgraded to 1.11).
+ * ``javax.mail`` 1.4.4/1.4.7 (upgraded to 1.4.7).
+
+ (See `ODLPARENT-189 <https://jira.opendaylight.org/browse/ODLPARENT-189>`__.)
+
+New features
+~~~~~~~~~~~~
+
+* ``odl-dropwizard-metrics`` provides Dropwizard Metrics (which are also
+ available in dependency management).
+
+* ``enunciate-maven-plugin`` is added as the replacement for
+ ``maven-enunciate-plugin``.
+
+Third-party dependencies
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following dependencies are no longer provided by the JVM, starting with
+version 11, but we make them available via dependency management for projects
+which need them:
+
+* ``javax.annotation-api``.
+
+* JAXB (``jaxb-core``, ``jaxb-impl``).
+
+The following dependencies have been upgraded:
+
+* Checkstyle `8.15 → 8.16 <https://checkstyle.org/releasenotes.html#Release_8.16>`__.
+
+* Dependency Check `4.0.0 → 4.0.2 <https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md>`__.
+
+* ``git-commit-id`` `2.2.5 → 2.2.6 <https://github.com/ktoso/maven-git-commit-id-plugin/releases>`__.
+
+* Immutables 2.7.1 → 2.7.3:
+
+ * `2.7.2 <https://github.com/immutables/immutables#272-2018-11-05>`__.
+ * `2.7.3 <https://github.com/immutables/immutables#273-2018-11-10>`__.
+
+ (2.7.4 breaks our Javadocs.)
+
+* Jackson `2.9.7 → 2.9.8 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8>`__.
+
+Version 4.0.7
+-------------
+
+This is a bug-fix release, correcting the ``triemap`` import declaration.
+
+Version 4.0.6
+-------------
+
+This is a bug-fix and minor upstream packaging upgrade from version 4.0.5.
+
+Bug fixes
+~~~~~~~~~
+
+Single-feature-test was broken with JDK 9 and later and Karaf 4.2.2; this
+release adds the additional JVM configuration needed.
+
+Third-party dependencies
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+This release adds the ``triemap`` BOM to dependency management.
+
+Version 4.0.5
+-------------
+
+This is a bug-fix release: the Karaf Maven plugin, in version 4.2.2, is
+`broken <https://issues.apache.org/jira/browse/KARAF-6057>`__ in some cases we
+need in OpenDaylight; we revert to 4.2.1 in ``karaf4-parent`` to avoid this.
+
+Version 4.0.4
+-------------
+
+This is a bug-fix release, reverting the change made in 4.0.3 to handle
+building with either ``zip`` or ``tar.gz`` Karaf archives (which breaks
+builds in our infrastructure, without the empty Karaf archive).
+
+Version 4.0.3
+-------------
+
+This is a bug-fix and minor upstream bump upgrade from version 4.0.2.
+
+Bug fixes
+~~~~~~~~~
+
+* Our FindBugs configuration for JDK 9 and later caused the plugin to run
+ everywhere; instead, this version defines the ``findbugs.skip`` property to
+ disable the plugin in modules where it would be used otherwise.
+
+* The PowerMock declarations in dependency management missed
+ ``powermock-api-mockito2``, which is necessary for modules using PowerMock
+ with Mockito 2.
+
+* The “quick” profile (``-Pq``) now skips SpotBugs.
+
+* JSR-305 annotations are now optional, which fixes a number of issues when
+ building with newer JDKs.
+
+* We provide JAXB with JDK 11 and later (where it is no longer provided by the
+ base platform).
+
+* ``odlparent-artifacts`` has been updated to accurately represent the
+ artifacts provided.
+
+* ``javax.activation`` is now excluded from generated features (it’s provided
+ on Karaf’s boot classpath).
+
+* When the build is configured to build Karaf distributions in ``tar.gz``
+ archives, but not ``zip`` archives, ``features-test`` used to fail; it will
+ now used whichever is available
+ (`ODLPARENT-174 <https://jira.opendaylight.org/browse/ODLPARENT-174>`__).
+
+* Explicit GCs are disabled by default, so that calls to ``System.gc()`` are
+ ignored
+ (`ODLPARENT-175 <https://jira.opendaylight.org/browse/ODLPARENT-175>`__).
+
+* Null checks are disabled in SpotBugs because of bad interactions with newer
+ annotations and the bytecode produces by JDK 11 and later for
+ ``try``-with-resources.
+
+* Akka Persistence expects LevelDB 0.10, so we now pull in that version
+ instead of 0.7.
+
+Dependency convergence
+~~~~~~~~~~~~~~~~~~~~~~
+
+A number of dependencies have been added or constrained so that projects using
+this parent can enforce dependency convergence:
+
+* Karaf’s ``framework`` feature is used as an import POM, so that we converge
+ by default on the versions used in Karaf.
+
+* The following dependencies have been added to dependency management:
+
+ * ``commons-beanutils``
+ * the Checker Framework
+ * Error Prone annotations
+ * ``javax.activation``
+ * ``xml-apis``
+
+New features
+~~~~~~~~~~~~
+
+The following Karaf features have been added:
+
+* ``odl-antlr4`` (providing ``antlr4-runtime``);
+
+* ``odl-gson`` (providing ``gson``);
+
+* ``odl-jersey-2`` (providing Jersey client, server, and container servlet,
+ along with the necessary feature dependencies);
+
+* ``odl-servlet-api`` (providing ``javax.servlet-api``);
+
+* ``odl-stax2-api`` (providing ``stax2-api``);
+
+* ``odl-ws-rs-api`` (providing ``javax.ws.rs-api``);
+
+A new ``sonar-jacoco-aggregate`` profile can be used to produce Sonar reports
+with aggregated JaCoCo reports. Additionally, Sonar builds (run with
+``-Dsonar``) are detected and run with a number of irrelevant plugins disabled.
+
+Upstream version upgrades
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Akka 2.5.14 → 2.5.19 (and related ``ssl-config``, Aeron and Agrona upgrades):
+
+ * `2.5.15 <https://akka.io/blog/news/2018/08/24/akka-2.5.15-released>`__.
+ * `2.5.16 <https://akka.io/blog/news/2018/08/29/akka-2.5.16-security-fix-released>`__.
+ * `2.5.17 <https://akka.io/blog/news/2018/09/27/akka-2.5.17-released>`__.
+ * `2.5.18 <https://akka.io/blog/news/2018/10/07/akka-2.5.18-released>`__.
+ * `2.5.19 <https://akka.io/blog/news/2018/12/07/akka-2.5.19-released>`__.
+
+* Commons Text `1.4 → 1.6 <http://www.apache.org/dist/commons/text/RELEASE-NOTES.txt>`__.
+
+* Eclipse JDT annotations 2.2.0 → 2.2.100.
+
+* Javassist 3.23.1 → 3.24.0.
+
+* Karaf 4.2.1 → 4.2.2, with related upgrades.
+
+* LMAX Disruptor `3.4.1 → 3.4.2 <https://github.com/LMAX-Exchange/disruptor/releases/tag/3.4.2>`__.
+
+* Mockito `2.20.1 → 2.23.4 <https://github.com/mockito/mockito/blob/release/2.x/doc/release-notes/official.md>`__.
+
+* Netty 4.1.29 → 4.1.31:
+
+ * `4.1.30 <https://netty.io/news/2018/09/28/4-1-30-Final.html>`__.
+ * `4.1.31 <https://netty.io/news/2018/10/30/4-1-31-Final.html>`__.
+
+* Pax Exam 4.12.0 → 4.13.1.
+
+* Scala 2.12.6 → 2.12.8:
+
+ * `2.12.7 <https://github.com/scala/scala/releases/tag/v2.12.7>`__.
+ * `2.12.8 <https://github.com/scala/scala/releases/tag/v2.12.8>`__.
+
+* Wagon HTTP 3.1.0 → 3.2.0.
+
+* Xtend `2.14.0 → 2.16.0 <https://www.eclipse.org/xtend/releasenotes.html>`__.
+
+Plugin version upgrades
+~~~~~~~~~~~~~~~~~~~~~~~
+
+* Asciidoctor `1.5.6 → 1.5.7.1 <https://github.com/asciidoctor/asciidoctor-maven-plugin/releases>`__
+ (with related AsciidoctorJ upgrades).
+
+* Bundle 4.0.0 → 4.1.0.
+
+* Checkstyle `8.12 → 8.15 <https://checkstyle.org/releasenotes.html#Release_8.13>`__.
+
+* DependencyCheck `3.3.2 → 4.0.0 <https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md>`__.
+
+* Failsafe / Surefire `2.22.0 → 2.22.1 <https://blogs.apache.org/maven/entry/apache-maven-surefire-plugin-version1>`__.
+
+* Help 3.1.0 → 3.1.1.
+
+* JAR 3.1.0 → 3.1.1.
+
+* PMD `3.10.0 → 3.11.0 <https://blogs.apache.org/maven/entry/apache-maven-pmd-plugin-3>`__.
+
+* Remote Resources `1.5 → 1.6.0 <https://blogs.apache.org/maven/entry/apache-maven-remote-resources-plugin>`__.
+
+* Shade
+ `3.2.0 → 3.2.1 <https://blog.soebes.de/blog/2018/11/12/apache-maven-shade-plugin-version-3-dot-2-1-released/>`__.
+
+* SpotBugs `3.1.6 → 3.1.9 <https://github.com/spotbugs/spotbugs/blob/release-3.1/CHANGELOG.md>`__.
+
+* XBean finder 4.9 → 4.12.
+
+* XTend 2.14.0 → 2.16.0.
+
+Version 4.0.2
+-------------
+
+This is a bug-fix and minor upstream bump upgrade from version 4.0.1.
+
+Bug fixes
+~~~~~~~~~
+
+Previous releases overrode Karaf’s ``jre.properties``; this is no longer
+necessary, and was causing failures with Java 9 and later (our version of
+``jre.properties`` didn’t have the appropriate settings for anything after
+Java 8). This release drops that override. See
+`ODLPARENT-168 <https://jira.opendaylight.org/browse/ODLPARENT-168>`__ for
+details.
+
+Upstream version upgrades
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Commons Lang `3.8 → 3.8.1 <http://www.apache.org/dist/commons/lang/RELEASE-NOTES.txt>`__.
+
+* Jackson `2.9.6 → 2.9.7 <https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.7>`__.
+
+* Netty `4.1.28 → 4.1.29 <http://netty.io/news/2018/08/24/4-1-29-Final.html>`__.
+
+Plugin version upgrades
+~~~~~~~~~~~~~~~~~~~~~~~
+
+* JAR `3.0.2 → 3.1.0 <https://blog.soebes.de/blog/2018/04/10/apache-maven-jar-plugin-version-3-dot-1-dot-0-released>`__.
+
+* Javadoc `3.0.0 → 3.0.1 <https://blogs.apache.org/maven/entry/apache-maven-javadoc-plugin-version>`__.
+
+* Jersey `2.22.2 → 2.25.1 <https://jersey.github.io/release-notes/2.25.html>`__,
+ along with Glassfish JSON 1.0.4 → 1.1.2.
+
+* Plugin 3.5 → 3.5.2:
+
+ * `3.5.1 <https://blog.soebes.de/blog/2018/01/22/apache-maven-plugin-tools-version-3-dot-5-1-released/>`__.
+ * `3.5.2 <https://blog.soebes.de/blog/2018/05/26/apache-mave-plugin-tools-version-3-dot-5-2-released/>`__.
+
+* Resources `3.0.1 → 3.1.0 <https://blogs.apache.org/maven/entry/apache-maven-resources-plugin-version>`__.
+
+Version 4.0.1
+-------------
+
+This is a bug-fix and minor upstream bump upgrade from version 4.0.0.
+
+Bug fixes
+~~~~~~~~~
+
+The JaCoCo execution profile was incorrect, breaking Sonar; the report is now
+written correctly, so that Sonar can find it.
+
+The Blueprint Maven plugin fails when it encounters Java 9 classes; this is
+fixed by forcefully upgrading its dependency on xbean-finder. See
+`ODLPARENT-167 <https://jira.opendaylight.org/browse/ODLPARENT-167>`__ for
+details.
+
+Upstream version upgrades
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* SpotBugs `3.1.6 → 3.1.7 <https://github.com/spotbugs/spotbugs/blob/release-3.1/CHANGELOG.md>`__.
+
+Upstream version additions
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Mockito Inline is added alongside Mockito Core, to ensure that the versions
+ are kept in sync.
+
+Plugin version upgrades
+~~~~~~~~~~~~~~~~~~~~~~~
+
+* Clean `3.0.0 → 3.1.0 <https://blog.soebes.de/blog/2018/04/14/apache-maven-clean-plugin-version-3-dot-1-0-released/>`__.
+
+* Compiler `3.7.0 → 3.8.0 <https://blog.soebes.de/blog/2018/07/30/apache-maven-compiler-plugin-version-3-dot-8-0-released/>`__.
+
+* Dependency 3.0.2 → 3.1.1:
+
+ * `3.1.0 <https://blog.soebes.de/blog/2018/04/06/apache-maven-dependency-plugin-version-3-dot-1-0-released/>`__.
+ * `3.1.1 <https://blog.soebes.de/blog/2018/05/24/apache-maven-dependency-plugin-version-3-dot-1-1-released/>`__.
+
+* Dependency Check `3.3.1 → 3.3.2 <https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md>`__.
+
+* Enforcer `3.0.0-M1 → 3.0.0-M2 <https://mail-archives.apache.org/mod_mbox/maven-announce/201806.mbox/%3Cop.zko9b2vhkdkhrr%40desktop-2khsk44.dynamic.ziggo.nl%3E>`__.
+
+* Failsafe 2.20.1 → 2.22:
+
+ * `2.21 <https://blog.soebes.de/blog/2018/03/06/apache-maven-surefire-plugin-version-2-dot-21-released/>`__.
+ * `2.22 <https://blog.soebes.de/blog/2018/06/16/apache-maven-surefire-plugin-version-2-dot-22-released/>`__.
+
+* Help 2.2 → 3.1.0:
+
+ * `3.0.0 <https://blog.soebes.de/blog/2018/03/18/apache-maven-help-plugin-version-3-dot-0-0-released/>`__.
+ * `3.0.1 <https://blog.soebes.de/blog/2018/03/28/apache-maven-help-plugin-version-3-dot-0-1-released/>`__.
+ * `3.1.0 <https://blog.soebes.de/blog/2018/06/09/apache-maven-help-plugin-version-3-dot-1-0-released/>`__.
+
+* Invoker 2.0.0 → 3.1.0:
+
+ * `3.0.0 <https://blog.soebes.de/blog/2017/05/24/apache-maven-invoker-plugin-version-3-dot-0-0-released/>`__.
+ * `3.1.0 <https://blog.soebes.de/blog/2018/05/31/apache-maven-invoker-plugin-version-3-dot-1-0-released/>`__.
+
+* JAR `3.0.2 → 3.1.0 <https://blog.soebes.de/blog/2018/04/10/apache-maven-jar-plugin-version-3-dot-1-dot-0-released/>`__.
+
+* Project Info Reports `2.9 → 3.0.0 <https://blog.soebes.de/blog/2018/06/27/apache-maven-project-info-reports-plugin-3-dot-0-0-released/>`__.
+
+* Resources `3.0.1 → 3.1.0 <https://blog.soebes.de/blog/2018/05/01/apache-maven-resources-plugin-version-3-dot-1-0-released/>`__.
+
+* Shade `3.1.0 → 3.2.0 <https://blog.soebes.de/blog/2018/09/13/apache-maven-shade-plugin-version-3-dot-2-0-released/>`__.
+
+* Site `3.7 → 3.7.1 <https://blog.soebes.de/blog/2018/04/29/apache-maven-site-plugin-version-3-dot-7-1-released/>`__.
+
+* Surefire 2.18.1 → 2.22.0:
+
+ * `2.19 <https://blog.soebes.de/blog/2015/10/19/apache-maven-surefire-plugin-version-2-dot-19-released/>`__.
+ * `2.19.1 <https://blog.soebes.de/blog/2016/01/03/apache-maven-surefire-plugin-version-2-dot-19-dot-1-released/>`__.
+ * `2.20 <https://blog.soebes.de/blog/2017/04/12/apache-maven-surefire-plugin-version-2-dot-20-released/>`__.
+ * `2.21 <https://blog.soebes.de/blog/2018/03/06/apache-maven-surefire-plugin-version-2-dot-21-released/>`__.
+ * `2.22 <https://blog.soebes.de/blog/2018/06/16/apache-maven-surefire-plugin-version-2-dot-22-released/>`__.
+
+
Version 4.0.0
-------------
This release’s SpotBugs support doesn’t handle Guava 25.1 correctly, resulting
in false-positives regarding null handling; see
`ODLPARENT-161 <https://jira.opendaylight.org/browse/ODLPARENT-161>`_ for
-details. Until this is fixed, you can either continue using FindBugs (which is
-configured to ignore a number of null-handling warnings), or switch to
-SpotBugs and suppress the appropriate warnings.
+details. Until this is fixed, the corresponding warnings are disabled, which
+matches our existing FindBugs configuration (which suffers from the a variant
+of this, with the same consequences).
We are planning on upgrading Akka during the 4.x cycle, even if it results in
a technically breaking upgrade. This is currently blocked on an OSGi bug in
``<optional>true</optional>`` flag, instead of
``org.ops4j.pax.cdi:pax-cdi-api``;
-* ``@OsgiServiceProvider`` and ``@OsgiService`` on bean definitions are
- replaced by ``@Service``;
+* ``@OsgiServiceProvider`` on bean definitions is replaced by ``@Service``;
* ``@OsgiService`` at injection points is replaced by ``@Reference``;
+* ``@OsgiService`` on bean definitions, while technically wrong, can be seen in
+ the OpenDaylight codebase; this is replaced by ``@Service``;
+
* service lists can be injected using ``@ReferenceList``.
See `this Gerrit patch <https://git.opendaylight.org/gerrit/75699>`_ for an
Code Review / odlparent.git / blobdiff