Release notes

12.1.1

Release date

2025-06-10

This patch release addresses a blocker issue with the creation of a release distribution and enhances the reliability of our caching and reproducibility mechanisms.

Fixed

  • Fix staging of binary distribution archive. (400)

  • Improve Node.js caching using package-lock.json. (366, 408)

  • Improve reliability of reproducibility verification. (388)

Updated

  • Update actions/setup-java to version 4.7.1 (376)

  • Update com.diffplug.spotless:spotless-maven-plugin to version 2.44.5 (397)

  • Update com.google.errorprone:error_prone_core to version 2.38.0 (381)

  • Update com.gradle:common-custom-user-data-maven-extension to version 2.0.3 (407)

  • Update com.gradle:develocity-maven-extension to version 2.0.1 (398)

  • Update com.h3xstream.findsecbugs:findsecbugs-plugin to version 1.14.0 (380)

  • Update com.palantir.javaformat:palantir-java-format to version 2.68.0 (410)

  • Update dependabot/fetch-metadata to version 2.4.0 (386)

  • Update github/codeql-action to version 3.28.19 (402)

  • Update gradle/develocity-actions to version 1.4 (404)

  • Update org.apache.groovy:groovy to version 4.0.27 (395)

  • Update org.codehaus.gmavenplus:gmavenplus-plugin to version 4.2.0 (383)

  • Update org.codehaus.mojo:build-helper-maven-plugin to version 3.6.1 (403)

  • Update org.codehaus.mojo:exec-maven-plugin to version 3.5.1 (396)

  • Update org.eclipse.jgit:org.eclipse.jgit to version 7.3.0.202506031305-r (405)

  • Update org.jacoco:jacoco-maven-plugin to version 0.8.13 (368)

  • Update ossf/scorecard-action to version 2.4.2 (399)

12.1.0

Release date

2025-04-01

This minor release adds CodeQL checks for GitHub Actions. It also fixes a breaking change in Error Prone that prevented projects from migrating to version 12.0.0.

Added

  • Add "GitHub Actions" to the list of languages analyzed by CodeQL.

Fixed

  • Use the maven.deploy.skip Maven property in nexus-staging-maven-plugin. This effectively fixes the skipping of test artifacts' deployments. (360)

  • Fix Error Prone arguments breaking maven-compiler-plugin:compile.

  • Fix inheritance of url elements in children POMs.

Updated

  • Update actions/cache to version 4.2.3 (357)

  • Update actions/upload-artifact to version 4.6.2 (359)

  • Update com.diffplug.spotless:spotless-maven-plugin to version 2.44.4 (372)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.9.3.0 (349)

  • Update com.google.errorprone:error_prone_core to version 2.37.0 (356)

  • Update com.gradle:develocity-maven-extension to version 1.23.2 (338)

  • Update com.palantir.javaformat:palantir-java-format to version 2.62.0 (370)

  • Update de.skuzzle.enforcer:restrict-imports-enforcer-rule to version 2.6.1 (365)

  • Update github/codeql-action to version 3.28.15 (371)

  • Update org.apache:apache to version 34 (353)

  • Update org.apache.groovy:groovy to version 4.0.26 (340)

  • Update org.asciidoctor:asciidoctor-maven-plugin to version 3.2.0 (362)

  • Update org.codehaus.mojo:flatten-maven-plugin to version 1.7.0 (339)

  • Update org.eclipse.jgit:org.eclipse.jgit to version 7.2.0.202503040940-r (355)

  • Update ossf/scorecard-action to version 2.4.1 (335)

12.0.0

Release date

2025-02-07

This major release contains several small improvements and certain backward incompatible changes.

Changed

  • Activate flatten-bom execution of flatten-maven-plugin using a .logging-parent-bom-activator file (265)

  • Don’t keep parent in flatten-bom configuration (265, 37)

  • Switch from maven-deploy-plugin to nexus-staging-maven-plugin, which helps with fetching the Nexus repository URL during a release. generate-email.sh will be called with a fourth argument containing the Nexus repository URL. (246)

  • Update deploy-*-reusable workflows to export the URL of the Nexus repository and the project version as nexus-url and project-version workflow outputs, respectively (246)

  • Add maven-args input to build-reusable and merge-dependabot-reusable (266)

  • Move from ge.apache.org to new develocity.apache.org server (313)

  • Add the verify-reproducibility-reusable.yaml workflow to check reproducibility of artifacts in a Maven repository. Deprecate the reproducibility check in build-reusable.yaml. (246)

Removed

  • Remove following managed dependencies to avoid polluting BOMs: biz.aQute.bnd:biz.aQute.bnd.annotation, com.github.spotbugs:spotbugs-annotations, org.jspecify:jspecify, org.osgi:osgi.annotation, org.osgi:org.osgi.annotation.bundle, org.osgi:org.osgi.annotation.versioning (265, apache/logging-log4j2#3066)

Updated

  • Update biz.aQute.bnd:bnd-baseline-maven-plugin to version 7.1.0 (290)

  • Update biz.aQute.bnd:bnd-maven-plugin to version 7.1.0 (289)

  • Update com.diffplug.spotless:spotless-maven-plugin to version 2.44.2 (314)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.6.6 (293)

  • Update com.google.errorprone:error_prone_core to version 2.36.0 (287)

  • Update org.apache.groovy:groovy to version 4.0.25 (320)

  • Update org.apache.maven.plugins:maven-artifact-plugin to version 3.6.0 (312)

  • Update org.asciidoctor:asciidoctor-maven-plugin to version 3.1.1 (285)

  • Update org.codehaus.gmavenplus:gmavenplus-plugin to version 4.1.1 (307)

  • Update org.codehaus.mojo:exec-maven-plugin to version 3.5.0 (274)

  • Update org.cyclonedx:cyclonedx-maven-plugin to version 2.9.1 (291)

11.3.0

Release date

2024-09-17

This minor release migrates the BeanShell distribution archive script to Groovy.

The update to the Develocity extensions should fix the lack of test results with Maven Surefire 3.5.0.

Changed

  • Switch the distribution script from BeanShell to Groovy. (196)

Fixed

  • Fix race condition, which marks merged Dependabot PRs as closed.

Updated

  • Update actions/setup-java to version 4.3.0 (237)

  • Update actions/upload-artifact to version 4.4.0 (233)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.6.3 (235)

  • Update com.google.errorprone:error_prone_core to version 2.32.0 (240)

  • Update com.gradle:common-custom-user-data-maven-extension to version 2.0.1 (236)

  • Update com.gradle:develocity-maven-extension to version 1.22.1 (239)

  • Update github/codeql-action to version 3.26.8 (245)

  • Update org.apache.groovy:groovy to version 4.0.23 (244)

  • Update org.eclipse.jgit:org.eclipse.jgit to version 7.0.0.202409031743-r (238)

11.2.0

Release date

2024-08-27

This minor release integrates Gradle Develocity into the reusable workflows. See Develocity Configuration for more details.

Added

  • Add option to disable reproducibility check in reusable builds. (195)

  • Add option to enable Develocity in builds.

Updated

  • Update actions/checkout to version 4.1.7 (192)

  • Update actions/setup-java to version 4.2.2 (217)

  • Update actions/upload-artifact to version 4.3.6 (219)

  • Update com.github.spotbugs:spotbugs-annotations to version 4.8.6 (194)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.6.2 (201)

  • Update com.google.errorprone:error_prone_core to version 2.31.0 (231)

  • Update com.palantir.javaformat:palantir-java-format to version 2.50.0 (226)

  • Update dependabot/fetch-metadata to version 2.2.0 (200)

  • Update github/codeql-action to version 3.26.5 (230)

  • Update org.apache:apache to version 33 (203)

  • Update org.codehaus.mojo:build-helper-maven-plugin to version 3.6.0 (183)

  • Update org.codehaus.mojo:exec-maven-plugin to version 3.4.1 (223)

  • Update org.cyclonedx:cyclonedx-maven-plugin to version 2.8.1 (216)

  • Update org.eclipse.jgit:org.eclipse.jgit to version 6.10.0.202406032230-r (190)

  • Update org.jspecify:jspecify to version 1.0.0 (206)

  • Update ossf/scorecard-action to version 2.4.0 (212)

11.1.0

Release date

2024-05-15

This minor release contains small improvements and some dependency updates.

Changed

  • Use default Java SE architecture and packaging (JDK) in workflows

  • Change the JDK distribution used in workflows from Temurin to Zulu (169)

Updated

  • Update com.github.spotbugs:spotbugs-annotations to version 4.8.5 (174)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.5.0 (175)

  • Update com.google.errorprone:error_prone_core to version 2.27.1 (172)

  • Update com.h3xstream.findsecbugs:findsecbugs-plugin to version 1.13.0 (159)

  • Update com.palantir.javaformat:palantir-java-format to version 2.46.0 (173)

  • Update org.apache:apache to version 32 (160)

  • Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.9.0 (181)

11.0.0

Release date

2024-04-15

This release contains a big revamp to the website build and several other minor enhancements.

Website build changes

The website build system is migrated from asciidoctor-maven-plugin to Antora. This implies that src/site and generate-email.sh files need to be adapted, and target/site can be viewed without needing a local web server.

The Maven site phase is re-engineered such that generated sources (i.e., src/site/_release_notes and src/site/_constants.adoc) will be targeted to target/generated-site and the website will be built from there. This avoids the need to commit generated sources to the repository and, hence, works around changelog merge conflict problems.

Website deployment changes

The newly added site-deploy-reusable.yaml GitHub Actions workflow enables to automate the website deployment. Using the <source-branch>-site-<environment>-out branch naming convention, the Maven site goal running on

  • the main branch populates the main-site-stg-out branch serving the logging.staged.apache.org/logging-parent

  • the main-site-pro branch populates the main-site-pro-out branch serving the logging.apache.org/logging-parent

  • the release/<version> branch populates the release/<version>-site-stg-out branch serving the logging.staged.apache.org/logging-parent-<version>

Refer to the usage and project release instructions pages for details.

Added

  • Add coverage profile to generate a test coverage report (140)

  • Add deploy-site-yaml GitHub actions workflow to automate the website deployment

  • Add instructions on XML schema publication (138)

Changed

  • Replace process-sbom script with CycloneDX plugin configuration (105)

  • Support parallel releases by uploading the distribution to <projectId>/<version> folders. This is needed for parallel Log4j 2 and 3 releases. (139)

  • Migrate website support from asciidoctor-maven-plugin to Antora

Updated

  • Update com.diffplug.spotless:spotless-maven-plugin to version 2.43.0 (108)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.4.0 (156)

  • Update com.google.errorprone:error_prone_core to version 2.26.1 (134)

  • Update com.palantir.javaformat:palantir-java-format to version 2.43.0 (154)

  • Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.8.0 (146)

  • Update org.apache.maven.plugins:maven-artifact-plugin to version 3.5.1 (149)

  • Update org.codehaus.mojo:flatten-maven-plugin to version 1.6.0 (102)

  • Update org.cyclonedx:cyclonedx-maven-plugin to version 2.8.0 (145)

10.6.0

Release date

2024-01-11

This minor release contains several small changes to the build pipeline.

Most notably it bans wildcard imports from source code, which will require expanding those imports before upgrading logging-parent.

Added

  • Add JSpecify to dependency management. (88)

  • Add enforcer rule to ban wildcard imports. All imports must be expanded to provide better comparison of branches. (63)

Changed

  • Merge Dependabot PRs instead of closing them. (82)

  • Disable -jpms-multi-release BND option. (93)

  • Clean up residual module-info.class before compilation. (90)

Updated

  • Update com.google.errorprone:error_prone_core to version 2.24.1 (89)

  • Update github/codeql-action to version 3.23.0 (91)

  • Update org.apache.rat:apache-rat-plugin to version 0.16 (92)

10.5.0

Release date

2023-12-18

This minor release contains dependency updates and a change in the way BND is employed.

BND Maven Plugins are upgraded to version 7.0.0, which requires Java 17. Log4j was the blocker for this upgrade and the issue is resolved in apache/logging-log4j2#2021. Note that BND Maven Plugins version 7.0.0 increased the minimum required Maven version to 3.8.1.

Changed

  • Switch from bnd:jar to bnd:bnd-process to improve integration with the ecosystem; IDEs, Maven plugins, etc. (69)

  • Replace log4j-changelog entry type of dependabot updates from changed to updated

  • Minimum required Maven version is increased to 3.8.1 due to BND Maven Plugin updates

Updated

  • Update biz.aQute.bnd:bnd-baseline-maven-plugin to version 7.0.0 (78)

  • Update biz.aQute.bnd:bnd-maven-plugin to version 7.0.0

  • Update com.diffplug.spotless:spotless-maven-plugin to version 2.41.1 (70)

  • Update com.github.spotbugs:spotbugs-annotations to version 4.8.3 (80)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.2.0 (71)

  • Update com.palantir.javaformat:palantir-java-format to version 2.39.0

  • Update org.apache:apache to version 31 (73)

  • Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.7.0 (84)

10.4.0

Release date

2023-11-13

This minor release contains several small improvements.

Added

  • Add deterministic Palantir Java formatter

Changed

  • Increase directory scanning depth from 8 to 32 in the distribution BeanShell script

10.3.0

Release date

2023-11-09

This minor release contains several small improvements.

Added

  • Add support to extend the bnd-maven-plugin configuration with bnd-extra-config property (apache/logging-log4j2#1895)

  • Add support to replace project.build.outputTimestamp Maven property in CI (50)

  • Add XSLT transformation step to add a deterministic serialNumber and VDR links to the SBOM

  • Add support for an optional spotbugs-exclude.xml file

Changed

  • deploy-release-reusable.yaml is improved to automatically derive deployed artifacts as attachments. This renders both distribution-attachment-filepath-pattern and distribution-attachment-count input arguments redundant for almost all cases.

  • Disable the usage of <distributionManagement> and alpha releases in the bnd-baseline-maven-plugin

  • Convert bnd-maven-plugin API leakage warnings to errors (apache/logging-log4j2#1895)

Fixed

  • Fix broken changelog entry validation

  • Attach flatten:clean to clean phase

  • Add missing Implementation- and Specification- entries in MANIFEST.MF to bnd-maven-plugin configuration (apache/logging-log4j2#1923)

Updated

  • Update com.github.spotbugs:spotbugs-annotations to version 4.8.1 (58)

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.8.1.0 (57)

  • Update com.google.errorprone:error_prone_core to version 2.23.0 (49)

  • Update org.apache.maven.plugins:maven-artifact-plugin to version 3.5.0

  • Update org.cyclonedx:cyclonedx-maven-plugin to version 2.7.10 (54)

10.2.0

Release date

2023-10-18

This minor release contains several small improvements.

Added

  • Added support for auto-generating CycloneDX Software Bill of Materials (SBOM)

Changed

  • Add a compulsory bnd-baseline-maven-plugin execution to check for breaking API changes

  • Apply the default bnd-maven-plugin configuration to all the plugin’s goals

  • Moves .flattened-pom.xml to the same directory as pom.xml to preserve the relative parent path. This requires adding .flattened-pom.xml to the .gitignore file of the repository.

  • Update log4j-changelog XSD (used for validating changelog entries) to version 0.1.2

Fixed

  • Prioritize definitions in bnd-extra-* variables over those inherited (39)

  • Keep parent in flatten-bom configuration (37)

  • Remove build in flatten-bom configuration

  • Fixed the archiving of symbolically linked directories in the distribution Maven profile (43)

  • Used specific execution IDs in defaultGoals to avoid running unwanted plugins

Updated

  • Update org.apache.logging.log4j:log4j-changelog-maven-plugin to version 0.5.0

  • Update com.github.spotbugs:spotbugs-annotations to version 4.8.0 (44)

10.1.1

Release date

2023-10-02

This patch release contains minor fixes addressing issues blocking the release of log4j-tools, log4j-kotlin, etc.

Added

  • Used project.build.outputTimestamp to timestamp generated distribution files

Changed

  • Changes the default OSGi and module name to use full stops . instead of non-alphanumeric characters

  • Update com.diffplug.spotless:spotless-maven-plugin to version 2.40.0

Fixed

  • Fixed checksum (i.e., *.sha512) file format

  • Fix BND module name detection on multi-release JARs

10.1.0

Release date

2023-09-28

This minor release focuses on shipping AsciiDoc-based website generation convenience targeting the src/site folder. As a part of this effort, logging-parent started publishing its own website and log4j-changelog support is switched from Markdown to AsciiDoc.

The introduced bnd-maven-plugin default auto-generates both OSGi and JPMS descriptors. Users only need to annotate packages that are to be exported with org.osgi.annotation.bundle.Export, plugin will do the rest of the magic. Hence, no need for custom .bnd and/or module-info.java files anymore. In particular, we expect the absence of module-info.java files to avoid several IDE and testing related headaches.

Added

  • Added asciidoc and constants-tmpl-adoc profiles to generate AsciiDoc-based websites from src/site

  • Added support to auto-generate changelog entries for dependabot updates

  • Added bnd-maven-plugin defaults to auto-generate both OSGi and JPMS descriptors

  • Added CI report uploading in case of test or reproducibility failures (28)

  • Started publishing the project website

Changed

  • Switched the default log4j-changelog configuration from Markdown (.release-notes.md.ftl and .index.md.ftl) to AsciiDoc (.release-notes.adoc.ftl and .index.adoc.ftl)

  • Update actions/checkout to version 4.1.0

  • Update com.github.spotbugs:spotbugs-maven-plugin to version 4.7.3.6

  • Update com.google.errorprone:error_prone_core to version 2.22.0

  • Update org.apache:apache to version 30

  • Update org.osgi:osgi.annotation to version 8.1.0

Fixed

  • Replaced incorrect java.version Maven property override with maven.compiler.{source,release,target}

Removed

  • Removed project.build.outputTimestamp override since it is already provided by the parent POM and its old value 0 was causing reproducibility issues for spring-boot:repackage

10.0.0

Release date

2023-09-08

This minor release contains various improvements that we expect to relieve the load on pom.xml and GitHub Actions workflows of Maven-based projects we parent. This is of particular importance while managing and cutting releases from multiple repositories. See README.adoc for the complete list of features and their usage.

See this log4j-tools GitHub Actions workflow run demonstrating a successful release cut using a SNAPSHOT version of this logging-parent release. All preparations (release notes, source and binary distributions, vote & announcement emails, etc.) are staged to both Nexus and SVN and waiting the release manager to proceed.

Added

  • Added changelog-export profile to easily export changelogs to Markdown files

  • Added changelog-release profile to easily move src/changelog/.?.x.x contents to their associated release directory

  • Added deploy profile to ease the Maven deploy goal

  • Added asciidoc profile to easily create a distribution file containing Git-tracked sources, release notes, binary attachments, NOTICE.txt, etc.

  • Documented release instructions (i.e., RELEASING.md)

  • Added release profile to share common release-specific Maven configuration

  • Added reusable GitHub Actions workflows to share CI boilerplate for other repositories

  • Switched to using log4j-changelog-maven-plugin for managing changelog and release notes

Changed

  • Switched to semantic versioning (old version: 9, new version: 10.0.0)