Version 5.0.0

Version 5.0.0 is finally there and includes various bug-fixes and improvements :-)

⚠️ This is a potentially breaking release. Read the release-notes carefully ⚠️

Potential Breaking changes:

The main key-aspects that might cause a breakage when migrating to the new version:

• #559 / #557:
  Drop support for Java 8, Java 9 and Java 10
• #562 / #563
  Reorganize Project-Structure (birth of https://github.com/git-commit-id/git-commit-id-plugin-core)
• #458 / #561: Have the plugin operate in "offline mode" by default
• #565 / #465
  Relocation of the group-id and artifact-id
  Before:

  <groupId>pl.project13.maven</groupId>
  <artifactId>git-commit-id-plugin</artifactId>

  Now:

  <groupId>io.github.git-commit-id</groupId>
  <artifactId>git-commit-id-maven-plugin</artifactId>

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• N/A

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>io.github.git-commit-id</groupId>
    <artifactId>git-commit-id-maven-plugin</artifactId>
    <version>5.0.0</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by github actions:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
         <url>https://s01.oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though the github actions will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 4.0.5

Version 4.0.5 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• #547 / #540: add org.eclipse.jgit:org.eclipse.jgit.ssh.jsch as dependency
• #548 / #549: Plugin breaks if git config log.showSignature is 'true'
• #556: update dependencies

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.5</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 4.0.4

Version 4.0.4 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• #531 / #532: fix a NullPointerException when session.getProjectDependencyGraph() might be null when running the plugin from eclipse
• #523 / #534: Avoid illegal reflective access warning in JDK11
• #539: Support Bitbucket Pipelines CI for build number and branch
• #544: add support for author and commiter times (properties will be exposed as git.commit.author.time, git.commit.committer.time)
• #529: update dependencies

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.4</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 4.0.3

Version 4.0.3 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• #525 / #524: Update JGit dependency to 5.9.0.202009080501 (which fixes java.util.concurrent.RejectedExecutionException when using JGit concurrently in the same application -- see here for further details)
• #519 / #520: made the plugin slightly smarter in terms of stripping the password from remote git urls that contain special characters. Note that this problem still can resurface when the url does not follow rfc2396. If processing fails the plugin will continue to print an error, but will avoid exposing the url in any generated properties (similar behaviour as before)
• #501 / #517: replace jackson-databind with lightweight javax.json to fix broken JSON format
• #527: fix javadoc generation for java 12/13

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.3</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 4.0.2

Version 4.0.2 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• #469 / #511 / #512: Fix a condition where the plugin is not thread save when using injectAllReactorProjects
• #509 / #513: Allow initial git.build.time from project.build.outputTimestamp to support reproducible builds
• #514: Update dependencies jgit 5.8.1.202007141445-r, jackson-databind 2.11.2, joda-time 2.10.6

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.2</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 4.0.1

Version 4.0.1 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• #454: add support for git.branch and git.build.number for GitHub Actions
• #457 / #460: Add a forceValueEvaluation-switch to the replacementProperty to tell the plugin that the value needs to be regenerated for every project. Note that this will make the plugin run for every project (e.g. which might be needed for sonar that requires unique keys for the sonar)
• #459 / #460: the git execution no longer fails on remote repository url's that don't follow a correct url-syntax (e.g. https://:@git.server.com/pathToRepo.git)
• #472 / #502: prevent header timestamp in git.properties to allow for reproducible builds
• #493: remove dependency on google guava
• #496: add support for git.branch and git.build.number for AWS CodeBuild
• #503: upgrade to jackson 2.11.1

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.1</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 4.0.0

Version 4.0.0 is finally there and includes various bug-fixes, improvements and some changes that can be considered as potential breaking changes :-)

The main key-aspects that have been improved or being worked on are the following:

Potential breaking changes:

• initial effort for modularisation (mainly splitting the project into a maven and a core-project) -- #441 (initial idea #228)
• runOnlyOnce coupled with Maven's --projects parameter makes plugin not run at all -- #387, #443

New Features / Bug-Fixes:

• make injectAllReactorProjects slightly less verbose -- #431
• allow to override useNativeGit from command line via -Dmaven.gitcommitid.nativegit=true -- #433
• add support for git.branch and git.build.number for Azure DevOps -- #439
• add support for git.branch and git.build.number for CircleCI -- #449
• use maven's PluginParameterExpressionEvaluator to allow replacements with values that contain unresolved variables. E.g. allows to specify the git.branch in sonar's project version:

<replacementProperties>
   <replacementProperty>
      <property>sonar.projectVersion</property>
      <token>^.*$</token>
      <value>${project.version}-${git.branch}</value>
      <regex>false</regex>
   </replacementProperty>
</replacementProperties>

See #444 for further details.

• update dependencies -- #437, #451
• added tests for java 8, java 9, java 10, java 11, java 12 and java 13.

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>4.0.0</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds
• For some (undetermined) reason the plugin might fail with org.eclipse.jgit.api.errors.TransportException: USERAUTH fail under java 13 (I can't reproduce the issue), however a workaround would be specifying <offline>true</offline> or using the native git implementation with <useNativeGit>true</useNativeGit>.

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 3.0.1

Version 3.0.1 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• Added a new setting to control if the plugin should operate in offline mode -- #424 (by default the plugin will assume an 'online' mode and since version 3.0 will perform a git fetch operation to determine the properties git.local.branch.ahead and git.local.branch.behind. If the plugin is operating in 'offline' mode both those properties will only reflect the view of the local clone and thus might be off from the actual repository. Note this 'offline' mode is also respected when one set's the maven "-o" offline switch).
• Removed the org.apache.httpcomponents:httpclient dependency -- #425
• Since version 3.0.0 this plugin will now only ask for properties that are essential (proposal from #185). With this version the same technique is now also used when retrieving git.build.time since the TimeZone.getTimeZone() may also have an impact upon performance -- #428.
• Property caching now works properly for reactor builds using property caching when using injectAllReactorProjects -- #429.

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>3.0.1</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 3.0.0

Version 3.0.0 is finally there and includes various bug-fixes and improvements :-)

New Features / Bug-Fixes:

The main key-aspects that have been improved or being worked on are the following:

• Java 1.7 is no longer supported with this version and at least Java 8 is required - #346
• Introduced a more reliable way to deal with incremental builds for eclipse IDE - #385 / #366 / #269
• Added a new property for setting if branch name should be taken from build environment or not (e.g. set <useBranchNameFromBuildEnvironment>false</useBranchNameFromBuildEnvironment>). This behaviour might be useful in combination with the JGitflow maven plugin #393.
• Moved the project to a new git-commit-id organization account #384
• Fixed a problem where the plugin hangs on windows under certain conditions and when there are too many changes in the git-repo #396 / #336
• Allow the value of an replacementProperty to be empty #400 / #389
• Introduced the new properties git.local.branch.ahead and git.local.branch.behind that provide some information if the local branch is either ahead or behind the remote. Note that using this property will perform a git fetch operation and may have a performance impact on the overall execution of the plugin. #395
• Instead of determine all properties and then exclude properties, this plugin will now only ask for properties that are essential (proposal from #185). For a detailed performance comparison refer to the latest benchmark. Note: For users who want to avoid the the git fetch operation performed when gathering the properties git.local.branch.ahead and git.local.branch.behind simply exclude those to avoid that step:

<excludeProperties>
  <excludeProperty>^git.local.branch.*$</excludeProperty>
</excludeProperties>

• Cleanup readme & Introduce coveralls #380 / #401 / #405
• The plugin tried to extract the Bamboo build variables with the wrong case #410
• Setting evaluateOnCommit to anything besides the default HEAD resulted only in the commit-id. in case users want to evaluateOnCommit on any commit or branch that is not the default HEAD, please be advised that this plugin will run git branch --points-at that may or may not result in a git.branch property that has multiple branches that are comma separated. If evaluateOnCommit is kept as the default HEAD the git.branch property still may fallback to the commit-id. #403
• Have travis finally automatically deploy the snapshot version of the plugin #344 (see below how to get it)
• Setting injectAllReactorProjects to true for multi-modules project now stores the computed properties in the project context. If the properties are present in the project context this plugin will essentially reuse those properties from a previously computed version (kudus to #411, implemented in #414)

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>3.0.0</version>
</dependency>

Getting the latest snapshot (build automatically)

If you can't wait for the next release, you can also get the latest snapshot version from sonatype, that is being deployed automatically by travis:

<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>Sonatype Snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
    </pluginRepository>
</pluginRepositories>

Even though travis will only deploy a new snapshot once all tests have finished, it is recommended to rely on the released and more stable version.

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)
• Using maven's plugin prefix resolution (e.g. mvn com.test.plugins:myPlugin:myMojo) might result in unresolved properties even with <injectAllReactorProjects>true</injectAllReactorProjects>. Please refer to #287 or #413 (comment) for details and potential workarounds

Reporting Problems

If you find any problem with this plugin, feel free to report it here

Version 2.2.6

Version 2.2.6 is a security update for a potential issue within the jackson-databind dependency. As usual you can checkout the detailed list of bug-fixes :-)

New Features / Bug-Fixes:

The main key-aspects is a security update for a potential issue within the jackson-databind dependency. This specific dependency was updated to v2.9.8 in response to FasterXML/jackson-databind#2186 (CVE-2018-19360, CVE-2018-19361, CVE-2018-19362). Even though by default an user of this plugin does not seem to be affected by this potential issue, it is highly recommended to adopt the latest version at your earliest convenience. Similar to version 2.2.5 this version provides full support for Java 7, Java 8, Java 9, Java 10 and Java 11 (and is potentially also working for any higher version).

Am I affected? (technical details)

The specific issues that have been fixed with the update of jackson-databind dependency are:

• CVE-2018-19360: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
• CVE-2018-19361: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
• CVE-2018-19362: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

This plugin uses the jackson-databind dependency for dumping the git information (serialization) to the generated properties file and determining if the generated json properties are up-to-date (deserialization). As of now it appears that only user who generate json properties via <format>json</format> may be affected by those issues. This specific configuration is set to <format>properties</format> by default and hence by default it appears that those issues are out of scope. Only when this configuration is altered a user may need to consider the linked CVE's as potential security problem.
In general I would be unsure if this ever even could be considered a true attack vector of this plugin, since the generated json file would need to contain data that would trigger this specific bug in the dependency. If an adversary has access to the content to the location where the generated file is residing, I would assume he can also modify the any local file (including project files) and hence would not need to go through the pain and exploit this problem....

Getting the latest release

The plugin is available from Maven Central (see here), so you don't have to configure any additional repositories to use this plugin. All you need to do is to configure it inside your project as dependency:

<dependency>
    <groupId>pl.project13.maven</groupId>
    <artifactId>git-commit-id-plugin</artifactId>
    <version>2.2.6</version>
</dependency>

Known Issues / Limitations:

• This plugin is unfortunately not working with Heroku which is due to the fact how Heroku works. In summary Heroku does not copy over the .git-repository but in order to determine the git properties this plugin relies on the fact that it has access to the git-repository. A somewhat workaround to get some information is outlined in #279 (comment)

Reporting Problems

If you find any problem with this plugin, feel free to report it here