I pushed up 3 PRs.
https://github.com/apache/maven-wrapper/pull/361 - simple normalization (there were couple files with tabs in them and a few of them without proper end of file markers - empty lines). Not super important but had it hanging around. https://github.com/apache/maven-wrapper/pull/362 - This has the maven 4 support. I've been using it at work at scale for a few months now and added it to spotbugs maven plugin integration tests in last week or so. https://github.com/apache/maven-wrapper/pull/363 - This one update logic in MavenWrapperDownloader.jar to resolve path traversal issue raised by Synk. In my usage I have it coded to java 11 but adjusted here to be java 8 compliant. I don't know if unit tests in maven wrapper execute this at all and I haven't directly confirmed it as it’s a fallback and probably hard to occur in general. What I have done is mainly reviewed it, asked various AI tools a few times and it seems good enough but should be tested further if anyone has a good way to force a test on it. Outside of how I applied this with spotbugs maven plugin to show maven 4, I have a separate unique process at work that uses maven to seed projects at scale in ci pipelines via pull requests to keep up to date. To typically I adjust the distribution files and don't run maven wrapper plugin to directly apply the files as a result. That ends up in me running ahead for a longer period so generally I had this stuff just sitting around waiting for a good time. When I saw possible release coming, that was my trigger to move but I was just a bit too slow 😉 Its likely I still have a few extra things I have yet to pull over but these were all fresh on my mind. Thanks, Jeremy -----Original Message----- From: Slawomir Jaranowski <s.jaranow...@gmail.com> Sent: Tuesday, August 26, 2025 4:37 PM To: Maven Developers List <dev@maven.apache.org> Subject: Re: [VOTE] Release Apache Maven Wrapper version 3.3.3 No problem, I can delay or re-spawn as a new fix will be available. On Tue, 26 Aug 2025 at 22:14, Jeremy Landis <jeremylan...@hotmail.com> wrote: > > There are path transversal issues in MavenWrapperDownloader.java in existing > releases which is easy to fix. Additionally, maven 4 more recent versions > don't work without a patch. I can send some PRs for both these issues, would > it be possible to delay the vote until these are corrected so we get more > broad support? I can send PRs tonight as they are rather simple and I've > been using them both in production level usage for a while now. > > Thanks, > > Jeremy Landis > > > -----Original Message----- > From: Slawomir Jaranowski <s.jaranow...@gmail.com> > Sent: Tuesday, August 26, 2025 4:08 PM > To: Maven Developers List <dev@maven.apache.org> > Subject: [VOTE] Release Apache Maven Wrapper version 3.3.3 > > Hi, > > We solved 47 issues: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithu > b.com%2Fapache%2Fmaven-wrapper%2Fissues%3Fq%3Dis%253Aclosed%2520milest > one%253A3.3.3&data=05%7C02%7C%7C2efb460adb82450c2d1d08dde4e05644%7C84d > f9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638918374367659212%7CUnknown%7 > CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zM > iIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=8kd2Psz8kGEOljr > Og9Iom3%2FxKih7991yjySf%2Behqi3w%3D&reserved=0 > > Changes since the last release: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithu > b.com%2Fapache%2Fmaven-wrapper%2Fcompare%2Fmaven-wrapper-3.3.2...maven > -wrapper-3.3.3&data=05%7C02%7C%7C2efb460adb82450c2d1d08dde4e05644%7C84 > df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638918374367689041%7CUnknown% > 7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4z > MiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=WcyBj%2BR7Sf7c > pNNbTQDNOe3wytAfdNdfAX4372oX%2FUY%3D&reserved=0 > > Staging repo: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepos > itory.apache.org%2Fcontent%2Frepositories%2Fmaven-2314%2F&data=05%7C02 > %7C%7C2efb460adb82450c2d1d08dde4e05644%7C84df9e7fe9f640afb435aaaaaaaaa > aaa%7C1%7C0%7C638918374367709130%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hc > GkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjo > yfQ%3D%3D%7C0%7C%7C%7C&sdata=NH6qOp8CZtOhX8uJfS9K0Zbfxaqa2JOxqVpCy9QAh > js%3D&reserved=0 > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Frepos > itory.apache.org%2Fcontent%2Frepositories%2Fmaven-2314%2Forg%2Fapache% > 2Fmaven%2Fwrapper%2Fmaven-wrapper%2F3.3.3%2Fmaven-wrapper-3.3.3-source > -release.zip&data=05%7C02%7C%7C2efb460adb82450c2d1d08dde4e05644%7C84df > 9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638918374367728198%7CUnknown%7C > TWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMi > IsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Ec217TOIu1cbyJUa > WY5oVHki%2FX2lnZPUpPoYarOcHOc%3D&reserved=0 > > Source release checksum(s): > maven-wrapper-3.3.3-source-release.zip - SHA-512 : > 119dcfe7d94375ca5594ba0b4da4f5f6b114e9fb87aa36f22730f7c8ec3dc783c3bf68 > b73cdbf8d41f7afb4822ee0b344a29b61964cdd893088e7cf4c33793ed > > Staging site: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven > .apache.org%2Ftools-archives%2Fwrapper-LATEST%2F&data=05%7C02%7C%7C2ef > b460adb82450c2d1d08dde4e05644%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7 > C0%7C638918374367746783%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D > %7C0%7C%7C%7C&sdata=rg3rzRkjFQ08S%2Bo8MX2EcFW76aA21gEpJn%2BFbl%2Bvhqc% > 3D&reserved=0 > > Guide to testing staged releases: > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaven > .apache.org%2Fguides%2Fdevelopment%2Fguide-testing-releases.html&data= > 05%7C02%7C%7C2efb460adb82450c2d1d08dde4e05644%7C84df9e7fe9f640afb435aa > aaaaaaaaaa%7C1%7C0%7C638918374367765293%7CUnknown%7CTWFpbGZsb3d8eyJFbX > B0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIs > IldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=08KH3RsJGze5oIYBow8BHJI%2BRDrklzMO > l%2F0Bm7oRPBk%3D&reserved=0 > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > -- > Sławomir Jaranowski > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For > additional commands, e-mail: dev-h...@maven.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For > additional commands, e-mail: dev-h...@maven.apache.org > -- Sławomir Jaranowski --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
