Apache Creadur Rat 0.14 RELEASE NOTES The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.14 Apache Rat is a release audit tool. It improves accuracy and efficiency when checking releases. It is heuristic in nature: making guesses about possible problems. It will produce false positives and cannot find every possible issue with a release. Its reports require interpretation. In response to demands from project quality tool developers, Rat is available as a library suitable for inclusion in tools. This POM describes that library. Note that binary compatibility is not guaranteed between 0.x releases. Apache Rat is developed by the Apache Creadur project, a language and build agnostic home for software distribution comprehension and audit tools. This release contains dependency updates, bugfixes and many improvements apart from infrastructure updates at ASF. Changes in this version include: New features: o RAT-288: Adapt logging output to be more compliant with future Maven versions as debug is deprecated and verbose is the recommended way to go. Thanks to Michael Osipov. o RAT-297: Update maven-reporting-api from 3.0 to 3.1.0 and remove usage of deprecated Sink API. Thanks to Michael Osipov. o RAT-289: Enable dependabot integration - write access is forbidden, but email alerts and pull requests should be ok. o RAT-279: Migrate vom Travis CI.org to Travis-ci.com. o RAT-271: Move all Creadur projects to new Jenkins infrastructure at ASF and migrate from Subversion to Gitbox/Github. Please update your repository URLs and use the new default branch master in all projects. o RAT-270: Change default behaviour to output erroneous files to console. Can be disabled by setting rat.consoleOutput to false. o RAT-266: Add .factorypath to Eclipse-default exclusions. Thanks to Michael Osipov. o RAT-254: Properly finish move to gitbox/github, get rid of SVN references and adapt main branch to master and fix all Jenkins build jobs for RAT. o RAT-244: Update compiler level to 1.7 to allow building with more recent JDKs. Update plugins and dependencies to more modern versions to fix security issues (CVE-warnings). o RAT-212: Add alternative https URLs in Apache License, Version 2.0 to allow automatic recognition as valid ASF2.0. Thanks to Niels Basjes. o RAT-250: Update to latest available and compatible Apache ANT 1.9.14 to get bugfixes. o INFRA-17348: SCM repository has been moved from svn.apache.org (Subversion) to gitbox.apache.org (Git) Fixed Bugs: o RAT-290: Update maven-jxr-plugin from 2.5 to 3.2.0. Thanks to dependabot. o RAT-290: Update maven-antrun-plugin from 3.0.0 to 3.1.1. Thanks to dependabot. o RAT-290: Update github actions/checkout from 2 to 3. Thanks to dependabot. o RAT-290: Update github actions/setup-java from 2.5.0 to 3.3.0. Thanks to dependabot. o RAT-290: Update maven-pmd-plugin from 3.14.0 to 3.16.0. Thanks to dependabot. o RAT-290: Update maven-javadoc-plugin from 3.3.1 to 3.4.0. Thanks to dependabot. o RAT-290: Update maven-compiler-plugin from 3.8.1 to 3.10.1. Thanks to dependabot. o RAT-290: Update wagon-ssh from 3.5.0 to 3.5.1. Thanks to dependabot. o RAT-290: Update maven-site-plugin from 3.9.1 to 3.12.0. Thanks to dependabot. o RAT-290: Update maven-project-info-reports-plugin from 3.1.1 to 3.3.0. Thanks to dependabot. o RAT-290: Update mockito-core from 3.11.2 to 4.6.0. Thanks to dependabot. o RAT-290: Update ASF parent from 23 to 26. Thanks to dependabot. o RAT-273: Some tests were based on the assumption, that the value of file.encoding can be changed on runtime. (Won't work nowadays, beginning with Java 16.) Removed this assumption in favour of a proper surefire configuration. o RAT-273: Workaround for an incompatibility in the java.io.LineNumberReader, which is being replaced by the org.apache.rat.header.LineNumberReader. o RAT-290: Update animal-sniffer-maven-plugin from 1.20 to 1.21. Thanks to Jin Xu/Xeno Amess. o RAT-296: Use Github Actions for matrix builds on Windows and ubuntu with JDK 8,11,12,13,14,15. Simplify Travis integration to avoid dockerhub-related build failures. o RAT-274: Update to latest Apache Ant 1.10.12. o RAT-291: Fix links to Travis builds for all creadur projects. o RAT-290: Update maven-dependency-plugin from 3.1.1 to 3.2.0. Thanks to dependabot. o RAT-290: Update plexus-utils from 3.0.21 to 3.4.1. Thanks to dependabot. o RAT-290: Update commons-cli from 1.4 to 1.5.0. Thanks to dependabot. o RAT-290: Update maven-plugin-annotation and maven-plugin-plugin from 3.6.1 to 3.6.2. Thanks to dependabot. o RAT-275: Update to doxia 1.11.1 in order to get CVE-2020-13956-httpclient problem fixes in doxia. o RAT-283: Update plugin versions and dependencies in order to run properly with Java8 as minimal compiler level. o RAT-286: Update to maven-plugin-plugin v3.6.1 in order to circumvent error during maven site builds. o RAT-285: Update to latest Apache Ant 1.10.11 in order to fix issues related to dependency commons-compress in Ant itself. o RAT-207: Properly report thread-safeness to Maven. Thanks to Xavier Dury. o RAT-281: Update to latest Commons IO to fix CVE-2021-29425 (Moderate severity). o RAT-274: Update to latest Apache Ant 1.10.10. o RAT-277: Update to junit 4.13.1 to fix CVE-2020-15250. o RAT-158: Update to new ASF parent 23 in order to get rid of doxia version management that generated warnings. o RAT-274: Update to latest Apache Ant 1.10.9 to fix CVE-2020-11979. Update to JDK8 as minimal version/compiler version. o RAT-269: Update to latest Apache Ant to fix CVE-2020-1945. o RAT-268: Allow handling of pom-file-only projects by not assuming that all modules are in directories. Thanks to Robert Scholte. o RAT-267: Report ignored lines from exclusion file to stderr instead of std to not generate erroneous JSON. Thanks to Fabio Utzig. o RAT-262: Treat JSON data as binary to avoid reports of missing licenses. o RAT-260: Change to docker image when building on Travis to avoid JDK version mixup in traditional build setup. Thanks to Kamil BreguĊ‚a. o RAT-258: Update to latest commons-compress to fix CVE-2019-12402. o RAT-257: Adapt help text for CLI usage of RAT. Historical list of changes: https://creadur.apache.org/rat/changes-report.html For complete information on Apache Creadur Rat, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Apache Creadur Rat website: https://creadur.apache.org/rat/