You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BREAKING:redactErrorDetails default changed from true to false. Error messages now expose underlying
details by default. To preserve the previous behavior, set redactErrorDetails=true explicitly when configuring the
engine.
Codebase reformatted with Palantir Java Format via Spotless. No functional changes; subsequent contributions are
enforced by spotless:check in the validate phase.
Build
Reproducible builds enabled via project.build.outputTimestamp and pinned manifest entries (Built-By, Build-Jdk).
The CI release pipeline overrides the timestamp with the tag's commit timestamp.
Switched Maven Central publishing to central-publishing-maven-plugin with autoPublish=true and waitUntil=published.
GPG signing now CI-friendly: --pinentry-mode loopback and bestPractices=true.
maven-shade-plugin filters and transformers tightened to remove duplicate META-INF/MANIFEST.MF warnings and
preserve license/notice files from shaded dependencies.
maven-jar-plugin configured with addDefaultEntries=false to avoid non-deterministic manifest entries.
CI
New: matrix build across Ubuntu and Windows, JDK 21 and 25 (fail-fast: false).
New: concurrency control cancels in-progress runs on PR updates.
New: Surefire reports uploaded as artifacts on failure (retention-days: 14).
New: tag-driven release workflow validates pom.xml version against the pushed tag and captures the commit timestamp
for reproducible deploys.
New: branch protection on main; tag protection on v*.
Security
OWASP Dependency-Check wired into the release profile (verify phase), failing the release on CVSS ≥ 7. Reports
uploaded as workflow artifacts.
