11.3.0

This minor release migrates the BeanShell distribution archive script to Groovy.

The update to the Develocity extensions should fix the lack of test results with Maven Surefire 3.5.0.

Changed

• Switch the distribution script from BeanShell to Groovy. (#196)

Fixed

• Fix race condition, which marks merged Dependabot PRs as closed.

Updated

• Update actions/setup-java to version 4.3.0 (#237)
• Update actions/upload-artifact to version 4.4.0 (#233)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.6.3 (#235)
• Update com.google.errorprone:error_prone_core to version 2.32.0 (#240)
• Update com.gradle:common-custom-user-data-maven-extension to version 2.0.1 (#236)
• Update com.gradle:develocity-maven-extension to version 1.22.1 (#239)
• Update github/codeql-action to version 3.26.7 (#243)
• Update org.apache.groovy:groovy to version 4.0.23 (#244)
• Update org.eclipse.jgit:org.eclipse.jgit to version 7.0.0.202409031743-r (#238)

11.2.0

This minor release integrates Gradle Develocity into the reusable workflows.
See Develocity Configuration for more details.

Added

• Add option to disable reproducibility check in reusable builds. (#195)
• Add option to enable Develocity in builds.

Updated

• Update actions/checkout to version 4.1.7 (#192)
• Update actions/setup-java to version 4.2.2 (#217)
• Update actions/upload-artifact to version 4.3.6 (#219)
• Update com.github.spotbugs:spotbugs-annotations to version 4.8.6 (#194)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.6.2 (#201)
• Update com.google.errorprone:error_prone_core to version 2.30.0 (#222)
• Update com.palantir.javaformat:palantir-java-format to version 2.50.0 (#226)
• Update dependabot/fetch-metadata to version 2.2.0 (#200)
• Update github/codeql-action to version 3.26.5 (#230)
• Update org.apache:apache to version 33 (#203)
• Update org.codehaus.mojo:build-helper-maven-plugin to version 3.6.0 (#183)
• Update org.codehaus.mojo:exec-maven-plugin to version 3.4.1 (#223)
• Update org.cyclonedx:cyclonedx-maven-plugin to version 2.8.1 (#216)
• Update org.eclipse.jgit:org.eclipse.jgit to version 6.10.0.202406032230-r (#190)
• Update org.jspecify:jspecify to version 1.0.0 (#206)
• Update ossf/scorecard-action to version 2.4.0 (#212)

11.1.0

This minor release contains small improvements and some dependency updates.

Changed

• Use default Java SE architecture and packaging (JDK) in workflows
• Change the JDK distribution used in workflows from Temurin to Zulu (#169)

Updated

• Update com.github.spotbugs:spotbugs-annotations to version 4.8.5 (#174)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.5.0 (#175)
• Update com.google.errorprone:error_prone_core to version 2.27.1 (#172)
• Update com.h3xstream.findsecbugs:findsecbugs-plugin to version 1.13.0 (#159)
• Update com.palantir.javaformat:palantir-java-format to version 2.46.0 (#173)
• Update org.apache:apache to version 32 (#160)
• Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.9.0 (#181)

11.0.0

This release contains a big revamp to the website build and several other minor enhancements.

Website build changes

The website build system is migrated from asciidoctor-maven-plugin to Antora. This implies that src/site and generate-email.sh files need to be adapted, and target/site can be viewed without needing a local web server.

The Maven site phase is re-engineered such that generated sources (i.e., src/site/_release_notes and src/site/_constants.adoc) will be targeted to target/generated-site and the website will be built from there. This avoids the need to commit generated sources to the repository and, hence, works around changelog merge conflict problems.

Website deployment changes

The newly added site-deploy-reusable.yaml GitHub Actions workflow enables to automate the website deployment. Using the <source-branch>-site-<environment>-out branch naming convention, the Maven site goal running on

• the main branch populates the main-site-stg-out branch serving the logging.staged.apache.org/logging-parent
• the main-site-pro branch populates the main-site-pro-out branch serving the logging.apache.org/logging-parent
• the release/<version> branch populates the release/<version>-site-stg-out branch serving the logging.staged.apache.org/logging-parent-<version>

Refer to the usage and project release instructions pages for details.

Added

• Add coverage profile to generate a test coverage report (#140)
• Add deploy-site-yaml GitHub actions workflow to automate the website deployment
• Add instructions on XML schema publication (#138)

Changed

• Replace process-sbom script with CycloneDX plugin configuration (#105)
• Support parallel releases by uploading the distribution to <projectId>/<version> folders. This is needed for parallel Log4j 2 and 3 releases. (#139)
• Migrate website support from asciidoctor-maven-plugin to Antora

Updated

• Update com.diffplug.spotless:spotless-maven-plugin to version 2.43.0 (#108)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.4.0 (#156)
• Update com.google.errorprone:error_prone_core to version 2.26.1 (#134)
• Update com.palantir.javaformat:palantir-java-format to version 2.43.0 (#154)
• Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.8.0 (#146)
• Update org.apache.maven.plugins:maven-artifact-plugin to version 3.5.1 (#149)
• Update org.codehaus.mojo:flatten-maven-plugin to version 1.6.0 (#102)
• Update org.cyclonedx:cyclonedx-maven-plugin to version 2.8.0 (#145)

10.6.0

This minor release contains several small changes to the build pipeline.

Most notably it bans wildcard imports from source code, which will require expanding those imports before upgrading logging-parent.

Added

• Add JSpecify to dependency management. (#88)
• Add enforcer rule to ban wildcard imports. All imports must be expanded to provide better comparison of branches. (#63)

Changed

• Merge Dependabot PRs instead of closing them. (#82)
• Disable -jpms-multi-release BND option. (#93)
• Clean up residual module-info.class before compilation. (#90)

Updated

• Update com.google.errorprone:error_prone_core to version 2.24.1 (#89)
• Update github/codeql-action to version 3.23.0 (#91)
• Update org.apache.rat:apache-rat-plugin to version 0.16 (#92)

10.5.0

This minor release contains dependency updates and a change in the way BND is employed.

BND Maven Plugins are upgraded to version 7.0.0, which requires Java 17. Log4j was the blocker for this upgrade and the issue is resolved in apache/logging-log4j2#2021. Note that BND Maven Plugins version 7.0.0 increased the minimum required Maven version to 3.8.1.

Changed

• Switch from bnd:jar to bnd:bnd-process to improve integration with the ecosystem; IDEs, Maven plugins, etc. (#69)
• Replace log4j-changelog entry type of dependabot updates from changed to updated
• Minimum required Maven version is increased to 3.8.1 due to BND Maven Plugin updates

Updated

• Update biz.aQute.bnd:bnd-baseline-maven-plugin to version 7.0.0 (#78)
• Update biz.aQute.bnd:bnd-maven-plugin to version 7.0.0
• Update com.diffplug.spotless:spotless-maven-plugin to version 2.41.1 (#70)
• Update com.github.spotbugs:spotbugs-annotations to version 4.8.3 (#80)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.2.0 (#71)
• Update com.palantir.javaformat:palantir-java-format to version 2.39.0
• Update org.apache:apache to version 31 (#73)
• Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.7.0 (#84)

10.4.0

This minor release contains several small improvements.

Added

• Add deterministic Palantir Java formatter

Changed

• Increase directory scanning depth from 8 to 32 in the distribution BeanShell script

10.3.0

This minor release contains several small improvements.

Added

• Add support to extend the bnd-maven-plugin configuration with bnd-extra-config property (apache/logging-log4j2#1895)
• Add support to replace project.build.outputTimestamp Maven property in CI (#50)
• Add XSLT transformation step to add a deterministic serialNumber and VDR links to the SBOM
• Add support for an optional spotbugs-exclude.xml file

Changed

• deploy-release-reusable.yaml is improved to automatically derive deployed artifacts as attachments. This renders both distribution-attachment-filepath-pattern and distribution-attachment-count input arguments redundant for almost all cases.
• Disable the usage of <distributionManagement> and alpha releases in the bnd-baseline-maven-plugin
• Convert bnd-maven-plugin API leakage warnings to errors (apache/logging-log4j2#1895)
• Update com.github.spotbugs:spotbugs-annotations to version 4.8.1 (#58)
• Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.1.0 (#57)
• Update com.google.errorprone:error_prone_core to version 2.23.0 (#49)
• Update org.apache.maven.plugins:maven-artifact-plugin to version 3.5.0
• Update org.cyclonedx:cyclonedx-maven-plugin to version 2.7.10 (#54)

Fixed

• Fix broken changelog entry validation
• Attach flatten:clean to clean phase
• Add missing Implementation- and Specification- entries in MANIFEST.MF to bnd-maven-plugin configuration (apache/logging-log4j2#1923)

10.2.0

This minor release contains several small improvements.

Added

• Added support for auto-generating CycloneDX Software Bill of Materials (SBOM)

Changed

• Add a compulsory bnd-baseline-maven-plugin execution to check for breaking API changes
• Apply the default bnd-maven-plugin configuration to all the plugin's goals
• Moves .flattened-pom.xml to the same directory as pom.xml to preserve the relative parent path. This requires adding .flattened-pom.xml to the .gitignore file of the repository.
• Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.5.0
• Update log4j-changelog XSD (used for validating changelog entries) to version 0.1.2
• Update com.github.spotbugs:spotbugs-annotations to version 4.8.0 (#44)

Fixed

• Prioritize definitions in bnd-extra-* variables over those inherited (#39)
• Keep parent in flatten-bom configuration (#37)
• Remove build in flatten-bom configuration
• Fixed the archiving of symbolically linked directories in the distribution Maven profile (#43)
• Used specific execution IDs in defaultGoals to avoid running unwanted plugins

10.1.1

This patch release contains minor fixes addressing issues blocking the release of log4j-tools, log4j-kotlin, etc.

Added

• Used project.build.outputTimestamp to timestamp generated distribution files

Changed

• Changes the default OSGi and module name to use full stops . instead of non-alphanumeric characters
• Update com.diffplug.spotless:spotless-maven-plugin to version 2.40.0

Fixed

• Fixed checksum (i.e., *.sha512) file format
• Fix BND module name detection on multi-release JARs