[ANNOUNCE] GMavenPlus 3.0.2

[Keegan Witt]

GMavenPlus 3.0.2 has been released. 3.0.1 released with a corrupted jar, which is fixed in 3.0.2 (along with a version bump). The release notes below are the consolidated release notes for both versions.

Bugs

• [#276] Fix that enabling skipBytecodeCheck causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @jgenoctr!).

Enhancements

• [#264] Support targeting Java 21 bytecode (thanks @bmarwell!).
• [#253] Fix CVE-2020-8908 and CVE-2023-2976.
• Fix CVE-2023-37460 (242baa8 and 623a56f).
• [#279] Fix CVE-2023-42503.

Potentially breaking changes

None.

Notes

The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.