Releases: apache/creadur-rat
0.17
Apache Creadur RAT 0.17
RELEASE NOTES
The Apache Creadur RAT team is pleased to announce the release of Apache Creadur RAT 0.17
Apache RAT is a release audit tool. It improves accuracy and efficiency when checking
releases. It is heuristic in nature: making guesses about possible problems. It
will produce false positives and cannot find every possible issue with a release.
Its reports require interpretation.
In response to demands from project quality tool developers, RAT is available as a
library suitable for inclusion in tools. This POM describes that library.
Note that binary compatibility is not guaranteed between 0.x releases.
Apache RAT is developed by the Apache Creadur project, a language and build
agnostic home for software distribution comprehension and audit tools.
Release 0.17
Apart from many dependency updates and multiple bugfixes, this release brings
a major harmonization among all available UIs (CLI, Apache Ant, Apache Maven)
concerning parameters and configuration options to run RAT. Therefore please
consult the available extended and updated documentation over at the project's
webpage in order to see examples and overviews of the new configuration options!
RAT generates a more expressive report now as certain individually configurable
limits for counters exist. In case you do preprocessing of the report, you need
to adapt your scripts according to RAT's XSD schema.
Furthermore, the inclusion/exclusion configuration (e.g. .gitignore), parsing
and processing in RAT was overhauled - see RAT-476 for a known issue in that regard.
Many checkstyle, spotbugs and documentation issues were fixed.
Additionally, a new automated test suite was developed in order to ease testing
of edge cases and example licenses and custom license definitions.
RAT's homepage contents and its generation method were modernized and a lot of
new documentation was added to ease configuration of RAT in your project.
The next release will remove deprecated options and classes.
Thanks for your patience and all the feedback in the making of this release!
#bigKudosToClaude would be a proper release name.
Changes in this version include:
New features:
o RAT-489: Provide a central known issues section to the RAT homepage in order
to inform users more directly about already known challenges with
the current RAT version.
o RAT-481: Update scripts to generate RAT's webpage and fix multiple linking,
menu and documentation errors.
o RAT-128: Properly distinguish between Apache licenses 1.0, 1.1 and 2.0 and
rename to Apache license in reports.
o RAT-485: Add documentation of environment variables used in the RAT engine.
o RAT-362: Improve test and test result reporting for .gitignore parsing.
Introduce environment variable abstraction.
o RAT-469: Add more integration tests for CLI and Maven plugin to verify
configuration of valid licenses, ensure copyleft has to be enabled
explicitly. Thanks to pottlinger.
o RAT-479: Cleanup documentation and remove deprecated and outdated README
files in RAT's main repository.
o RAT-406: Added integration tests for command line combinations to ensure
marking a license as denied works.
o RAT-397: Migrate webpage to newer site-plugin stack and change skin of site.
Removed some of the reports as plugins are discontinued.
Rename to RAT consistently.
o RAT-473: Take global gitignore into account when determining which files to
audit and which to skip.
o RAT-398: Deprecated certain Ant report functionality in favour of new CLI
functionality. Deprecation information is printed to indicate how
the new options can be configured.
o RAT-98: Report skipped/excluded files and integrate testing of inclusion-
exclusion and DocumentNames to work under Unix, Windows and Mac.
o RAT-471: Integrate Creadur RAT into the updated develocity.apache.org instance. Thanks to clayjohnson.
o RAT-469: Verify that projects that configure valid other licenses than
the defaults, report correctly as well. Thanks to pottlinger.
o RAT-467: Add .externalToolBuilders to the default Eclipse exclusions during RAT runs.
o RAT-453: Change layout and rendering of RAT report to contain RAT version
information, counter values, encoding information of scanned files
and aggregation by license type.
o RAT-178: Added tests to TikaProcessorTests and DefaultAnalyserFactoryTest to
properly handle non-existent and unreadable files during processing
runs of our BinaryGuesser.
o RAT-405: Do not show sample output of scanned files in XML anymore. As files
are report different tooling can be used to edit/check the files.
o RAT-259: Add new option --input-source to explicitly specify which files
to scan for licenses.
o RAT-455: Disallow GPL license family by default as ASF does not allow this
license family.
o RAT-458: Added core integration test to verify log level can be set from
the command line.
o RAT-2: Added --input-exclude-size as an option to skip the scanning of very small files.
o RAT-81: Added encoding information of the file being read to the RAT report
in case of STANDARD document files. Added media type attribute in report for all files.
o RAT-399: Moved the ignore code into apache-rat-core and provide more
statistics in RAT report. Furthermore the CLI allows configuration
of counter minimum and maximum values,
e.g. maximum number of allowed unapproved licenses.
o RAT-358: Overhaul documentation of the new functionality of RAT 0.17.
Improve and comprehend the whole project webpage.
o RAT-390: Move and reimplement exclusion configuration from Maven plugin to
RAT core. ExclusionProcessor is the central place to handle file
inclusions and exclusions now.
o RAT-383: As part of the usage the harmonization generation of Ant documentation was added.
o RAT-384: As part of the usage harmonization XSD generation was added.
o RAT-378: As part of the usage harmonization among all UIs command line options
and their arguments as well as the management of the license
exclusion/inclusion and stylesheets were refactored.
o RAT-380: Commons-cli >=1.8.0 properly reports when deprecated CLI options are
used. RAT does not need to check for deprecated options anymore as
part of the usage harmonization among all UIs.
o RAT-323: As part of the harmonization efforts CLI options are centralized
into one class, which is used to generate specific classes
for Ant and Maven runs of RAT.
o RAT-391: Integrate develocity service from Gradle and link to current results from badge in README.md.
o RAT-345: Update build scripts and Maven wrapper in the RAT repo to Maven 3.9.11.
o RAT-374, RAT-381: Automatically generate commandline options/CLI help during
the build and include it into the project webpage. Adapt READMEs.
o RAT-377: Added ability to specify the level of reporting on STANDARD files
within a project. This necessitated an addition of a command line
option "--output-standard" to limit specify the level of detail in
the STANDARD file reporting. See command line help for more details.
By default, there is no change in the reporting and
only the presence of archives are reported.
Change also fixed a major issue in license sorting. Resulting in a
change in order and expanding the name space for licenses.
Licenses now must have a unique id within the family name space.
(for example family1/one is different from family2/one).
o RAT-372: Added ability to process archive files within a project to look for
license files. This necessitated an addition of a command line
option "--output-archive" to limit specify the level of detail in
the archive report. See command line help for more details. By
default, there is no change in the reporting and only the presence
of archives is reported.
This change also marked as deprecated the "-a", "--dir" and command line options.
This change also marks an architecture change from processing Files
to processing Documents in order to facilitate processing nested files in archives.
o RAT-314: Add integration test for new default exclude .mvn, that was introduced with v0.16.
o RAT-369: Integrate checkstyle and spotbugs into the build and webpage generation.
Most charset-related errors cannot be fixed until we break
JDK8-compliance and move to newer versions. Configured a maximum of
allowed bugs to fail the build if new errors are introduced.
o RAT-54: MIME Detection Using Apache Tika.
o RAT-355: Optionally export XML configuration file as part of run.
Added framework to inspect available licenses and matchers.
o RAT-77: Adds another stylesheet to explicitly output files with missing-headers.
Thus, "plain-rat" (default), "missing-headers", and
"unapproved-licenses" can be used in all RAT clients. From the CLI
the --output-style option allows to use a short name
(e.g. "--output-style missing-headers" or "--output-style unapproved-licenses").
Fixed Bugs:
o RAT-475: Added a workaround garbage collection call to flaky tests
if running on GitHubAction in order to fix deferred I/O cleanup
with jUnit's TempDir. Thanks to Arnould Enge...
v0.16.1 - 2024-01-24
Apache Creadur Rat 0.16.1
RELEASE NOTES
The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.16.1
Apache Rat is a release audit tool. It improves accuracy and efficiency when checking
releases. It is heuristic in nature: making guesses about possible problems. It
will produce false positives and cannot find every possible issue with a release.
Its reports require interpretation.
In response to demands from project quality tool developers, Rat is available as a
library suitable for inclusion in tools. This POM describes that library.
Note that binary compatibility is not guaranteed between 0.x releases.
Apache Rat is developed by the Apache Creadur project, a language and build
agnostic home for software distribution comprehension and audit tools.
As release 0.16 introduced breaking changes concerning the configurability of the Maven plugin, these configuration options are reintroduced albeit as deprecated elements. You need to adapt your configuration in contrast to pre-0.16 settings: please consult our webpage for more details and examples.
Apart from dependency updates the release contains new features in .gitignore-parser and reduces log spam of RAT.
The most important bugfix relates to performance issues (due to expensive regex scanning) in combination with the Copyright-matcher and SPDX-detection.
All feedback was used to overhaul the homepage to include how to configure custom licenses and matchers.
We migrated to jUnit5 and removed the 'apache-rat-api' module in this release.
Thanks for your patience and all the feedback in the making of this release!
Changes in this version include:
New features:
o RAT-342: Use Maven wrapper (with version 3.9.6) for reproducable local builds and on ASF Jenkins and Github Actions.
o RAT-348: Update gitignore-reader library to 1.3.1 to get latest changes in gitignore parsing. Thanks to Niels Basjes.
o RAT-346: Issue a warning if a user defined License family has the same name as an existing one. Thanks to Claude Warren.
o RAT-346: Migrate to JUnit5 and fix minor issues in tests and javadoc. Thanks to Claude Warren.
o RAT-325: Set log level default for CLI runs to WARN. This applies to test runs as well, as other UIs configure their logging natively. Thanks to Claude Warren.
o RAT-325: Add missing dejavu font in Javadoc, generate MOJO metadata in site and fix broken links in webpage.
Fixed Bugs:
o RAT-343: Reimplement old configuration elements for custom licenses in Maven plugin configurations (and updates to the webpage). Thanks to Claude Warren.
o RAT-343: Add integration test to allow enhanced testing of custom licenses. Thanks to Niels Basjes.
o RAT-349: Fix NPE by falling back to default stylesheet if none was configured before. Thanks to Niels Basjes.
o RAT-325: To improve the performance during SPDX processing a check to skip expensive regex operations was added. Thanks to Claude Warren.
o RAT-325: Internal logging feature enabled for license matching tests to avoid random test failures when manipulating System.out in test runs. Thanks to Claude Warren.
o RAT-325: Do not load fonts via Google/remotely, but use files hosted by ASF only and add privacy link to comply with ASF- and data protection/privacy regulations.
o RAT-344: Fix double output by deleting any existing RAT report before writing a fresh file during plugin runs.
Changes:
o RAT-339: Update mavenPluginPluginVersion from 3.10.2 to 3.11.0 and introduce goalPrefix in plugin configuration. Thanks to dependabot.
o RAT-339: Update junit-platform-runner from 1.8.1 to 1.10.1. Thanks to dependabot.
o RAT-339: Update junit from 5.10.0 to 5.10.1. Thanks to dependabot.
o RAT-339: Update actions/cache from 3.3.2 to 4.0.0. Thanks to dependabot.
o RAT-339: Update maven-surefire-plugin from 3.2.3 to 3.2.5. Thanks to dependabot.
o RAT-339: Update maven-jxr-plugin from 3.3.1 to 3.3.2. Thanks to dependabot.
o RAT-339: Update slf4j-simple from 2.0.9 to 2.0.11. Thanks to dependabot.
o RAT-339: Update assertj-core from 3.24.2 to 3.25.1. Thanks to dependabot.
Removed:
o RAT-346: Remove apache-rat-api module that contains misleading license-related classes. Thanks to Claude Warren.
Historical list of changes: https://creadur.apache.org/rat/changes-report.html
For complete information on Apache Creadur Rat, including instructions on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Creadur Rat website:
v0.16 - 2023-12-28
Apache Creadur Rat 0.16
RELEASE NOTES
The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.16
Apache Rat is a release audit tool. It improves accuracy and efficiency when checking
releases. It is heuristic in nature: making guesses about possible problems. It
will produce false positives and cannot find every possible issue with a release.
Its reports require interpretation.
In response to demands from project quality tool developers, Rat is available as a
library suitable for inclusion in tools. This POM describes that library.
Note that binary compatibility is not guaranteed between 0.x releases.
Apache Rat is developed by the Apache Creadur project, a language and build
agnostic home for software distribution comprehension and audit tools.
Apart from dependency updates and multiple bugfixes, this release brings the ability to use SPDX license identifiers and enhances the .gitignore-exclusion filterung during RAT runs.
Furthermore new CLI options were added and new file types can be used by default. This release makes RAT a fully Maven3-compatible plugin and removes deprecated Maven2 completely.
Thanks to all new contributors for improving RAT!
Changes in this version include:
New features:
o RAT-338: Update minimal build Maven version to 3.2.5 and maven dependencies to 3.9.6. Remove pre-JDK8 code constructs and minor refactorings. Thanks to Tamás Cservenák.
o RAT-335: Enhance .gitignore handling; support multiple .gitignore files and allow a more complete parsing of Git's ignore files. Thanks to Niels Basjes.
o RAT-322: Add configuration option to scan hidden directories: --scan-hidden-directories on the command line and scanHiddenDirectories as a Maven plugin parameter. Thanks to Jean-Baptiste Onofré.
o RAT-320: Add new command line option -o/--output to write RAT's output to a file. Thanks to Jean-Baptiste Onofré.
o RAT-329: Add markdown (MD) and yaml (YML/YAML) as a recognized extension for file and license processing. Thanks to Claude Warren.
o RAT-316: Add default exclusion of MANIFEST.MF as it must not contain comment lines to include a license.
o RAT-321: Allow text-based XML configuration of RAT. Thanks to Claude Warren.
Fixed Bugs:
o RAT-326: Fix existing javadoc build errors and add javadoc generation to existing GithubActions to not introduce build errors via merge requests.
o RAT-328: Ensure that System.out does not get closed during report generation and updated javadocs. Thanks to Claude Warren.
o RAT-311: Update commons-compress to 1.24.0 in order to circumvent CVE-2023-42503.
o RAT-251: Added SPDX processing for default licenses. Thanks to Claude Warren.
o RAT-315: Fix warnings when using RAT with newer Maven versions as methods from Maven v2 are deprecated. Minimum version of required Maven changed to 3.2.5. Thanks to Guillaume Nodet.
o RAT-317: Change log output level of SCM ignore parser from info to debug in order to produce less log output in RAT runs. Thanks to Gary Gregory.
o RAT-314: Add default recursive exclusion for maven-induced build artifacts in folder .mvn. Thanks to François Guillot.
o RAT-312: Remove Travis build as it is unreliable. Builds with ASF Jenkins and Github Actions remain as before.
Changes:
o RAT-311: Update actions/setup-java from 3.4.1 to 4.0.0. Thanks to dependabot.
o RAT-311: Update actions/cache from 3.0.11 to 3.3.2 Thanks to dependabot.
o RAT-311: Update actions/checkout from 3 to 4. Thanks to dependabot.
o RAT-311: Update mockito-core from 4.7.0 to 4.11.0, newer versions 5.x cannot be applied due to our JDK8-compatibility restriction. Thanks to dependabot.
o RAT-311: Update plexus-utils from 3.4.2 to 3.5.1, versions 4.x are for upcoming Maven4 and must not be applied here. Thanks to dependabot.
o RAT-311: Update maven-plugin-version from 3.6.4 to 3.8.2. Thanks to dependabot.
o RAT-311: Update wagon-ssh from 3.5.2 to 3.5.3. Thanks to dependabot.
o RAT-311: Update Ant from 1.10.12 to 1.10.14. Thanks to dependabot.
o RAT-311: Update ASF parent pom from 27 to 31 and update multiple maven plugin versions implicitly (surefire, release, project-info, enforcer, jxr). Thanks to dependabot.
o RAT-311: Update doxiaVersion from 1.11.1 to 1.12.0. Thanks to dependabot.
o RAT-311: Update maven-shared-utils from 3.3.4 to 3.4.2. Thanks to dependabot.
o RAT-311: Update org.slf4j:slf4j-simple from 1.7.36 to 2.0.9. Thanks to dependabot.
o RAT-311: Update commons-lang3 from 3.5 to 3.14.0. Thanks to dependabot.
o RAT-311: Update commons-compress from 1.21 to 1.25. Thanks to dependabot.
o RAT-311: Update commons-io from 2.11.0 to 2.15.1. Thanks to dependabot.
o RAT-311: Update commons-cli from 1.5.0 to 1.6.0. Thanks to dependabot.
o RAT-311: Update maven-pmd-plugin from 3.18.0 to 3.21.2. Thanks to dependabot.
o RAT-311: Update maven-dependency-plugin from 3.3.0 to 3.6.1. Thanks to dependabot.
o RAT-311: Update maven-compiler-plugin from 3.10.1 to 3.12.1. Thanks to dependabot.
o RAT-311: Update maven-javadoc-plugin from 3.4.1 to 3.6.3. Thanks to dependabot.
o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot.
o RAT-311: Update maven-enforcer-plugin from 3.1.0 to 3.4.1. Thanks to dependabot.
o RAT-311: Update extra-enforcer-rules from 1.6.1 to 1.7.0 Thanks to dependabot.
o RAT-311: Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot.
o RAT-311: Update animal-sniffer-maven-plugin from 1.22 to 1.23. Thanks to dependabot.
o RAT-311: Update maven-project-info-reports-plugin from 3.4.1 to 3.5.0. Thanks to dependabot.
o RAT-311: Update maven-surefire-plugin from 3.2.2 to 3.2.3. Thanks to dependabot.
Historical list of changes: https://creadur.apache.org/rat/changes-report.html
For complete information on Apache Creadur Rat, including instructions on how to submit bug reports,
patches, or suggestions for improvement, see the Apache Apache Creadur Rat website: