Apache Maven

vmaven-3.9.16 scope: maven Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 17d Build & Package

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

apache-maven build-management java maven

Affected surfaces

deps

Summary

AI summary

Trim threadConfiguration input handling and backport plugin resolution fix.

Type	Severity	Summary	CVE
Feature	Medium	Backport Maven 3.10.x fixed plugin resolution Backport Maven 3.10.x fixed plugin resolution Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—
Dependency
Dependency	Medium	Bump actions/cache from 5.0.4 to 5.0.5 Bump actions/cache from 5.0.4 to 5.0.5 Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Dependency	Medium	Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Dependency	Medium	[3.9.x] Bump to parent POM 48 [3.9.x] Bump to parent POM 48 Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Dependency	Medium	Bump commons-io:commons-io from 2.21.0 to 2.22.0 Bump commons-io:commons-io from 2.21.0 to 2.22.0 Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Dependency	Medium	Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre Source: granite4.1:8b-q6_K@2026-05-21 Confidence: low	—
Bugfix	Medium	Trim threadConfiguration to accept input surrounded with spaces Trim threadConfiguration to accept input surrounded with spaces Source: granite4.1:8b-q6_K@2026-05-21 Confidence: high	—

Full changelog

Trim threadConfiguration to accept input surrounded with spaces (#12042) @slawekjaranowski
Backport: Maven 3.10.x fixed plugin resolution (#12022) @cstamas

Bump org.codehaus.plexus:plexus-classworlds from 2.9.0 to 2.11.0 (#12039) @dependabot[bot]
[3.9.x] Bump to parent POM 48 (#12024) @cstamas
Bump commons-io:commons-io from 2.21.0 to 2.22.0 (#11980) @dependabot[bot]
Bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre (#11951) @dependabot[bot]
Bump actions/cache from 5.0.4 to 5.0.5 (#11943) @dependabot[bot]

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Apache Maven

Get notified when new releases ship.

About Apache Maven

Apache Maven core