ODL Parent release notes

Version 13.1.4

This is a bug-fix upgrade from version 13.1.3.

Third-party dependencies

Plugin upgrades

Version 13.1.3

This is a bug-fix upgrade from version 13.1.2.

Bug fixes

  • SingleFeatureTest plugin execution would fail with a missing required class. This has now been fixed. See ODLPARENT-314 for more information.

  • SingleFeatureTest execution coupled with infrautils’ ready service could cause a NullPointerException point to a missing version. This has now been fixed. See ODLPARENT-317 for more information.

  • template-feature-parent performed superfluous replacements in version strings. This has now been fixed. See ODLPARENT-315 for more information.

Third-party dependencies

Plugin upgrades

Version 13.1.2

This is a bug-fix upgrade from version 13.1.1.

Bug fixes

  • SingleFeatureTest execution did not account for asynchronous bundle updates. This has now been fixed. See ODLPARENT-312 for more information.

Third-party dependencies

Plugin upgrades

Version 13.1.1

This is a bug-fix upgrade from version 13.1.0.

Third-party dependencies

Version 13.1.0

This is a bug-fix/feature upgrade from version 13.0.11.

Potentially breaking change

This release unfortunately ended up adopting SLF4J-2 as a transitive dependency. This upgrade is transparent to normal users. Unfortunately backend integrations needs to be updated to use the new logger loading mechanism.

Improvements and new features

  • SingleFeatureTest is now executed by a dedicated Maven plugin, leading to faster execution times and better multi-threaded behaviour. See ODLPARENT-262 for more information.

  • sporbugs-maven-plugin now runs with spotbugs.fork=false. This setting improves build time by removing the need to warm up a JVM for each SpotBugs analysis.

  • Apache Derby is now excluded from PAX JDBC features due to a vulnerability which is not fixed in a suitable release. See ODLPARENT-306 for more information.

Third-party dependencies

Plugin upgrades

Version 13.0.11

This is a bug-fix upgrade from version 13.0.10.

Third-party dependencies

Plugin upgrades

Version 13.0.10

This is a bug-fix upgrade from version 13.0.9.

Bug fixes

  • Previous upgrade of commons-lang3 caused duplicate packaging against. This has been fixed.

Improvements

  • The SpotBugs upgrade to 4.8.2+ is more touching about CT_CONSTRUCTOR_THROW. Fixing these is quite verbose and flaky. This release globally disables this check.

  • Single Feature Test is now enabled for all Java versions <= 21.

Third-party dependencies

Plugin upgrades

Version 13.0.9

This is a bug-fix upgrade from version 13.0.8.

Bug fixes

  • The SpotBugs upgrade to 4.8.2 ends up emitting a lot of SE_PREVENT_EXT_OBJ_OVERWRITE violations, which cannot be sanely fixed. This check is now globally disabled.

Third-party dependencies

Version 13.0.8

This is a bug-fix upgrade from version 13.0.7.

Improvements and new features

  • single-feature-test now supports injection of test-only feature dependencies. This allows testing features which require externally-provided dependencies to complete their wiring. See ODLPARENT-257 for more information.

Third-party dependencies

Plugin upgrades

Version 13.0.7

This is a bug-fix upgrade from version 13.0.6.

Bug fixes

The Dropwizard Metrics upgrade to 4.2.21 ends up making metics-graphite failing to load in Karaf. This has been rectified by reverting back to 4.2.20.

Third-party dependencies

Plugin upgrades

Version 13.0.6

This is a bug-fix upgrade from version 13.0.5.

Third-party dependencies

Plugin upgrades

Version 13.0.5

This is a bug-fix upgrade from version 13.0.4.

Third-party dependencies

Plugin upgrades

Version 13.0.4

This is a bug-fix upgrade from version 13.0.3.

Third-party dependencies

Plugin upgrades

Version 13.0.3

This is a bug-fix upgrade from version 13.0.2.

Bug fixes

  • The upgrade of javax.inject to 1.2.2.1 is a silent switch to Jakarta EE and has been rolled back to version 1.0.20.2.

Version 13.0.2

This is a bug-fix upgrade from version 13.0.1.

Third-party dependencies

Plugin upgrades

Version 13.0.1

This is a bug-fix upgrade from version 13.0.0.

Bug fixes

  • Generated features included org.eclipse.jdt.annotation and value annotation JARs. This has been corrected by excluding from generation See ODLPARENT-302 for details.

Version 13.0.0

This is a major upgrade from version 12, with breaking changes; downstream projects may need to make changes to upgrade to this version.

Bug fixes

  • Declaration of annotation artifacts for spotbugs-annotations, org.eclipse.jdt.annotation and modernizer-maven-annotations are no longer by default as <scope>provided</scope>. This means that users of these annotations need to explicitly depend on them. Note that spotbugs-annotations are not provided at runtime and therefore should be used with <optional>true</optional>. See ODLPARENT-300 for details.

  • Default configuration now includes test-scoped dependency to jassert-core. Users are encouraged to migrate assertions from Hamcrest to AssertJ. See ODLPARENT-295 for details.

Upstream version removals

The following upstream dependencies have been removed from dependency/plugin management:

  • Declaration of commons-lang has been removed. This dependency is not used by any active downstream and commons-lang3 already provides better or equivalent replacements.

Third-party dependencies

Plugin upgrades

Version 12.0.6

This is a bug-fix upgrade from version 12.0.5.

Third-party dependencies

Plugin upgrades

Version 12.0.5

This is a bug-fix upgrade from version 12.0.4.

Bug fixes

  • cyclonedx-maven-plugin has been rolled back to version 2.7.5 because newer versions execute incredibly slowly on large dependency graphs.

Third-party dependencies

Version 12.0.4

This is a bug-fix upgrade from version 12.0.4.

Third-party dependencies

Plugin upgrades

Version 12.0.3

This is a bug-fix upgrade from version 12.0.2.

Bug fixes

  • The configuration of spotbugs-maven-plugin was incorrect in that it referenced FindBugs settings. This issue is reported with maven-3.9.0 and later and has now been corrected. See ODLPARENT-299 for details.

Third-party dependencies

Plugin upgrades

Version 12.0.2

This is a security bug-fix upgrade from version 12.0.1.

New features

  • Two new features, odl-asm and odl-apache-spifly have been added. See ODLPARENT-296 for details.

Third-party dependencies

Plugin upgrades

Version 12.0.1

This is a security bug-fix upgrade from version 12.0.0.

Improvements and new features

  • junit-jupiter-params is now a test dependency. This allows using JUnit 5 parameterized types without further declarations.

Third-party dependencies

Plugin upgrades

Version 12.0.0

This is a major upgrade from version 11, with breaking changes; downstream projects may need to make changes to upgrade to this version.

Upstream version removals

The following upstream dependencies have been removed from dependency/plugin management:

  • Declaration of Enunciate has been removed. This dependency is not used by any active downstream.

  • The opt-in for generating HTML4 Javadoc documentation has been removed.

Third-party dependencies

Plugin upgrades

Version 11.0.1

This is a bug-fix upgrade from version 11.0.0.

Improvements and new features

  • An alternative way of defining features has been introduced. This is hosted by the template-feature-parent and unlike single-feature-parent, only performs replacement of versions in a provided template. See ODLPARENT-235 for more information.

Third-party dependencies

Plugin upgrades

Version 11.0.0

This is a major upgrade from version 10, with breaking changes; downstream projects may need to make changes to upgrade to this version.

Improvements and new features

  • Minimum required Java version is 17. Attempts to build a downstream project or load in a previous Java version will result in a failure.

  • The declaration for argparse4j has been addded. See ODLPARENT-289 for more information.

Upstream version removals

The following upstream dependencies have been removed from dependency/plugin management:

  • Declaration of Google Truth has been removed. This dependency is not used by any active downstream. See ODLPARENT-283 for more information.

  • Declaration of commons-codec has been removed. This dependency is not used by any active downstream. See ODLPARENT-285 for more information.

  • Declaration of commons-fileupload has been removed. This dependency is not used by any active downstream. See ODLPARENT-286 for more information.

  • Declaration of commons-net has been removed. This dependency is not used by any active downstream. See ODLPARENT-287 for more information.

  • Declaration of jsonassert has been removed. This dependency is not used by any active downstream. See ODLPARENT-288 for more information.

  • Declaration of jung has been removed. This dependency is not used by any active downstream. See ODLPARENT-290 for more information.

  • Declaration of spring-osgi-mock has been removed. This dependency is not used by any active downstream.

Third-party dependencies

Plugin upgrades

Version 10.0.0

This is a major upgrade from version 9, with breaking changes; downstream projects may need to make changes to upgrade to this version.

Log4Shell and similar vulnerabilities

This release addresses following security issues by its adopting log4j-2.17.1, logback-1.2.10 and pax-logging-2.0.14:

Upstream version removals

The following upstream dependencies have been removed from dependency/plugin management:

  • Declaration of blueprint-maven-plugin has been removed. This plugin has not seen a release in 3 years and its use typically leads to split container definitions. Users are advised to migrate to either hand-written Blueprint XML files or, preferrably, migrate to OSGi Declarative Services. See ODLPARENT-267 for more information.

  • The declaration and execution of maven-pmd-plugin has been removed. See ODLPARENT-269 for more information.

  • All Xtend dependency and plugin declarations have been removed. Xtend is currently only used by a single artifact in MD-SAL, hence the dependency is best managed there. Furthermore Xtend is facing challenges around maintainership, hence its use is discouraged. See ODLPARENT-273 for more information.

  • All Powermock dependency declarations have been removed. We have very few remaining downstream users, who can manage this dependency themselves. The version of Mockito we declare has facilities to cover all use cases previously covered only by PowerMock. See ODLPARENT-275 for more information.

  • Declarations of osgi.annotation, osgi.cmpn and osgi.core have been removed. These are monolithic JARs providing, which are no longer shipped in OSGi Release 8. Users are advised to use component dependencies, such as org.osgi.annotation.bundle, org.osgi.framework, org.osgi.service.component.annotations and similar. See ODLPARENT-277 for more information.

  • The H2 Database version declaration has been removed. It is used only by as single downstream user, who also provides its OSGi packaging and hence it is best maintained there.

Improvements and new features

  • Minimum Maven version required to build projects using odlparent has been raised to 3.8.3. See ODLPARENT-260 for more information.

  • Unit tests are now using JUnit 5 Jupiter Engime for unit test execution, with JUnit 4 tests supported by junit-vintage-engine. This enables downstreams to use the much more modern JUnit 5 APIs as well as the corresponding Mockito integration out of the box. See ODLPARENT-271 for more information.

  • A CycloneDX SBOM is generated by default for all artifacts using odlparent-lite. See ODLPARENT-280 for more information.

  • netty-transport-native-epoll is now supported on Linux/AArch64. See ODLPARENT-241 for more information.

  • A number of stale Karaf custom.properties have been removed. See ODLPARENT-34 for more information.

  • Karaf features are now tested when building with Java versions up to and including 17.

  • SpotBugs analysis is now enabled when building with Java versions up to and including 17.

Third-party dependencies

Plugin upgrades

Version 9.0.8

This is a bug-fix upgrade from version 9.0.7.

Bug fixes

  • The fix for ODLPARENT-220 ended up changing behavior and packaging INFO.yaml instead of PROJECT_INFO.yaml. This has now been fixed.

Version 9.0.7

This is a bug-fix upgrade from version 9.0.6.

Bug fixes

  • The upgrade of maven-dependency-plugin to version 3.2.0 has caused a regression in accuracy of reports, with quite a few false positives being generated. The declaration has been rolled back to version 3.1.2 with a few tweaks to improve JDK compatibility. See ODLPARENT-270 for more information.

Improvements

  • The declaration and invocation of script-maven-plugin has been replaced with a dedicated plugin providing the same functionality in a much more performant way. See ODLPARENT-220 for more information.

  • A new parent pom.xml, bnd-parent, is now available as an alternative to the existing bundle-parent. It has a more streamlined integration with other plugins, for example maven-jar-plugin, and a much healthier community. See ODLPARENT-258 for more information.

  • The definition of odl-karaf-feat-jdbc feature has been reworked to not pull in the entire enterprise feature repository, leading to significant savings in terms of Karaf distribution size for most downstream projects. See ODLPARENT-266 for more information.

  • The declaration of maven-compiler-plugin is now available in odlparent-lite. This is improves locality, as the JDK version enforcement is already part of odlparent-lite.

Third-party dependencies

Version 9.0.6

This is a bug-fix upgrade from version 9.0.5.

Third-party dependencies

Plugin upgrades

Version 9.0.5

This is a minor upgrade from version 9.0.4.

Bug fixes

  • Previous patch to address Bouncy Castle missed a critical piece for populating boot class path. This has now been corrected.

Version 9.0.4

This is a minor upgrade from version 9.0.3.

Bug fixes

  • The upgrade to Bouncy Castle 1.69 turned out to be broken due to some code movement and introduction of a new bcutil-jdk15on artifact. It has also highlighted duplicate packaging, where Karaf’s features would install version 1.66, while we have been on a newer version for some time. Both these issues have now ween resolved. See ODLPARENT-254 for more information.

Version 9.0.3

This is a minor upgrade from version 9.0.2.

Third-party dependencies

Plugin upgrades

Version 9.0.2

This is a minor upgrade from version 9.0.1.

Bug fixes

  • The upgrade to Karaf 4.3.0 caused a slight misalignment of org.apache.felix.metatype and org.osgi.service.event versions, leading to an unnecessary rewiring of the container most notably during Single Feature Test. This has now been corrected. See ODLPARENT-253 for more information.

  • stax-utils component has a default dependency on com.bea.xml:jsr174-ri, which is not resolvable from Maven Central. This artifact is not needed with modern JRE versions, hence add an explicit exclusion.

Third-party dependencies

Version 9.0.1

This is a minor upgrade from version 9.0.0.

Bug fixes

The upgrade of duplicate-finder-maven-plugin ended up triggering build failures on .api_description files packaged in artifacts. This regression has now been fixed.

Third-party dependencies

Plugin upgrades

  • maven-bundle-plugin 4.2.1 → 5.1.2, release notes: * 5.1.1 * 5.1.2

Version 9.0.0

This is a major upgrade from version 8, with breaking changes; downstream projects may need to make changes to upgrade to this version.

Upstream version removals

The following upstream dependencies have been removed from dependency management:

  • javax.inject:javax.inject. This dependency should be provided by target runtime. Furthermore we provide the same functionality via com.guicedee.services:javax.inject, which is properly declared and is a JPMS module. See ODLPARENT-246 for more information.

Improvements

  • The configuration of maven-compiler-plugin has been updated to expand javac warning options to include almost all of them.

  • The default description in parent pom.xml has been updated to only include ${project.artifactId}, not a generic blurb. See ODLPARENT-244 for more information.

  • The single-feature-test substrate has been updated to allow Java Flight Recorder to be enabled during testing runs. This feature has falled into disrepair as the JFR facility has been productized.

  • Configuration of various components has been updated to be deactivated when executing with JDK versions newer than 11, so that odlparent infrastructure works out of the box with JDK 16, albeit sacrificing some validation. Most notably SpotBugs and Single Feature Test are disabled, with corresponding notices displayed.

  • We now expose the ability to check dependency declaration consistency via maven-dependency-plugin’s analyze-only goal. This functionality is enabled by default, but does not cause the build to fail when inconsistencies are found. It can be disabled by on a per-artifact basis by definining odlparent.dependency.skip property to true. It can also be configured to fail the build on a per-artifact basis by defining odlparent.dependency.enforce property to true.

Third-party dependencies

Plugin upgrades

Version 8.1.1

This is a minor upgrade from version 8.1.0.

Improvements

Third-party dependencies

Plugin upgrades

Version 8.1.0

This is a minor upgrade from version 8.0.1, with some potentially-breaking changes.

The most prominent is the upgrade to Karaf 4.3.0, which brings in a host of updates to related components – including OSGi Release 7 and Jackson 2.11.x.

Feature updates

  • The odl-jackson-2.10 feature and artifact were renamed to odl-jackson-2.11 to reflect the bump in Jackson version.

Third-party dependencies

Plugin upgrades

Version 8.0.1

This is a minor big-fix/enhancement update from verision 8.0.0.

Improvements

  • javax.inject is now provided by the artifact from GuicedEE. This improves things a lot, as it is a proper jar (not MANIFEST.MF warning), it also is a JPMS module, hence can be used for linkage. This dependency is properly scope=provided, so it should not leak into runtimes where it should not be. See ODLPARENT-247 for details.

  • Transitive dependencies of Guava are now mostly filtered from runtime, so that we do not require wrap for them. We still retain checker-qual, as we are actively using those and it is a proper bundle. See ODLPARENT-248 for details.

Third-party dependencies

Version 8.0.0

This is a major upgrade from version 7, with breaking changes; downstream projects may need to make changes to upgrade to this version.

Improvements

  • modernizer-maven-plugin configuration has been updated to issue warnings for constructs improved in all Java versions up to and including Java 11.

  • modernizer-maven-plugin is configured by default to fail the build when it issues any warnings. This behavior can be opted-out of on a per-artifact basis by defining odlparent.modernizer.enforce property to false.

Upstream version removals

The following upstream dependencies have been removed from dependency management:

  • javax.json. This dependency is used only in Neutron project, hence this version is best maintained there. See ODLPARENT-238 for details.

  • All org.eclipse.persistence artifacts. These dependencies are only used in Neutron, which actually duplicates the declarations, hence they are best maintained there. See ODLPARENT-237 for details.

  • All org.apache.sshd and net.i2p.crypto artifacts. Overriding versions does not play nice with Karaf’s versions during feature:install, causing issues when the installing over an SSH connection. NETCONF project is providing a repackaged version in OpenDaylight namespace. See ODLPARENT-233 for details.

  • jettison. This dependency is used only in LISP Flow Mapping project for integration tests, hence this version is best maintained there. See ODLPARENT-239 for details.

  • All com.typesafe, io.aeron, org.agrona, org.scala-lang declarations. Akka is removing their support for OSGi, with no working releases in their current 2.6.x. branch. Since dealing with these requires quite a bit of dance, which needs to sit outside of odlparent POM, the controller project will package Akka to the extent it needs. See ODLPARENT-243 for details.

  • org.apache.felix.dependencymanager and org.apache.felix.dependencymanager.shell. These components are ancient, having been replaced by either Blueprint or Declarative Services. The only project using these is AAA, hence it is best to maintain these declarations there.

Feature removals

  • odl-apache-sshd feature has been removed, mirroring the removal of related dependency declarations. See ODLPARENT-233 for details.

  • odl-akka-all, odl-akka-scala-2.13, odl-akka-system-2.5, odl-akka-clustering-2.5 and odl-akka-persistence-2.5 features. mirroring the removal of related dependency declarations. See ODLPARENT-243 for details.

Third-party dependencies

Plugin upgrades

Version 7.0.5

This is a bug-fix upgrade from version 7.0.4.

Bug fixes

  • odl-netty-4 feature definition specified both x86_64 and aarch64 artifacts for netty-native-epoll. This actually results only in aarch64 package being installed, rendering epoll unavailable on x86_64 architecture. This has been corrected by removing the aarch64 package. See ODLPARENT-240 for details.

Version 7.0.4

This is a security/bug-fix upgrade from version 7.0.3.

Bug fixes

  • Single Feature Test setup of the JVM for Karaf container ended up using wrong versions of Karaf components, leading to a failure to initialize OSGiLocator and subsequent warnings with stack traces. This has now been corrected. See ODLPARENT-228 for details.

  • Pax-Exam setup interacts badly with pipes used by maven-surefire plugin, leading to pauses lasting around 30 seconds after SFT test success. This has now been worked around by using maven-surefire-plugin version 3.0.0-M5, with TCP sockets used for communication. See ODLPARENT-179 for details.

  • Our Jersey dependency was held back on version 2.25.1 during Neon upgrade cycle, mostly due to large-scale incompatibilities around JAX-RS version. We have upgraded to Karaf-4.2.8+, which pulls in JAX-RS 2.1, hence re-aligning to a more modern version, 2.27, is now feasible. See ODLPARENT-208 for details.

Third-party dependencies

Plugin upgrades

Version 7.0.3

This is a security/bug-fix upgrade from version 7.0.2. Changes in this release pertain strictly to Karaf packaging and do not affect other runtimes.

Bug fixes

  • Felix SCR 2.1.16, as shipping before Karaf-4.2.9, contains a bug, which could lead to NullPointerException being thrown when components were examined. This has been rectified via upgrade to Felix SCR 2.1.20. See ODLPARENT-236 for details.

  • Karaf-4.2.8 changed packaged log4j2 version, rendering the configuration supplied with ODLPARENT-231 inconsistent. This has led to a warning being printed in the Karaf console on each startup. This has now been corrected.

  • Karaf-4.2.8 is packaging pax-logging-1.11.4, which embeds a a vulnerable version of log4j2 (2.3.0). This would render the upgrades delivered in version 7.0.2 ineffective at runtime, potentially leading to exposure. This has been corrected with upgrade of pax-logging to 1.11.6, which is packaging log4j2-2.3.2.

Version 7.0.2

This is a security/bug-fix upgrade from version 7.0.1.

Improvements

  • Infrastructure for identifying confidential log messages was added, along with Karaf configuration update to routing such messages into a separate log file. See ODLPARENT-231 for details.

  • Netty has been disconnected from Javassist way back in its 4.1.9 release, but we failed to notice. This has now been rectified by odl-netty-4 not depending on odl-javassist-3.

Third-party dependencies

Plugin upgrades

Version 7.0.1

This is a bug-fix upgrade from version 7.0.0.

Bug fixes

  • Upgrade of maven-javadoc-plugin is causing issues in downstream javadoc jobs and therefore it has been reverted. See ODLPARENT-229 for details.

Third-party dependencies

Version 7.0.0

This is a major upgrade from version 6, with breaking changes; downstream projects may need to make changes to upgrade to this version.

Property removals

  • enforcer.version and projectinfo properties were removed. These properties do not serve any legal purpose as the plugins referenced by them are declared in pluginManagement section.

Upstream version removals

The following upstream dependencies have been removed from dependency management:

  • immutables.org/value without <classifier>annotations</classifier>

  • javax.xml.bind/jaxb-api, replaced with jakarta.xml.bind/jakarta.xml.bind-api

  • com.google.inject/guice

  • com.mycila.guice.extensions/mycila-guice-jsr250

  • org.apache.shiro/shiro-core

  • org.apache.shiro/shiro-web

Feature removals

  • odl-akka-leveldb-0.10 feature was removed. This feature provided leveldb-backed implementation of Akka Persistence, which is not supported for production environments by upstream. Furthermore this feature relied on a custom-built binary, which we do not have a means to reproduce – limiting our portability. The controller project, which is the only downstream user of persistence provides an alternative implementation, hence we are removing this historical baggage. See ODLPARENT-213 for details.

  • odl-caffeine-2 feature was removed. This feature provided a JSR-107 JCache implementation, an API deemed to be problematic where high-performance and correctness in required.

New features

  • OSGi R6 Declarative Services enabled in Karaf. The scr feature is now part of startup features, hence Service Component Runtime can be used without incurring an additional refresh. See ODLPARENT-227 for details.

Third-party dependencies

Plugin upgrades

Version 6.0.5

This is a bug-fix upgrade from version 6.0.4.

Third-party dependencies

Plugin upgrades

Version 6.0.4

This is a bug-fix upgrade from version 6.0.3.

Bug fixes

  • single-feature-test was using outdated repositories, including Maven Central, which broke on Jan 15, 2020. This has been corrected.

Third-party dependencies

Plugin upgrades

  • maven-assembly-plugin 2.2-beta5 → 3.2.0

  • maven-archetype-plugin 3.1.1 → 3.1.2

Version 6.0.3

This is a bug-fix upgrade from version 6.0.2.

Bug fixes

  • The fix for ODLPARENT-216 ended up breaking org.kohsuke.metainf-services integration. While this could be fixed in downstreams by adding proper </annotationProcessorPaths> entry, it is a regression from 6.0.1.

Version 6.0.2

This is a security/bug-fix upgrade from version 6.0.1.

Bug fixes

  • single-feature-parent was setting up Karaf repositories incorrectly, leading to the test using unpatched Karaf resources. This has now been fixed and the test run is using environment equivalent to the contents of the distribution. See ODLPARENT-209 for details.

  • immutables.org integration relied on pre-JDK9 way of integration, where the annotation processor was just dropped as a dependency. This does not work with JDK9+ artifacts which are also explicit JMPS modules. Note that users are advised to switch to depending on the annotations-classified artifact. See ODLPARENT-216 for details.

  • Assembled Karaf distribution did not perform proper JDK checks and allowed launching with JDK8, leading to a failure to install OpenDaylight components with an error stack, which confuses users not familiar with OSGi. The distribution now refuses to start with anything other than JDK11. See ODLPARENT-218 for details.

Third-party dependencies

Plugin upgrades

Version 6.0.1

This is a security/bug-fix upgrade from version 6.0.0.

Bug fixes

  • karaf-plugin ignored exceptions coming from its failure to resolve ${karaf.etc} variable. This has now been fixed and the URL handling has been revised to fix build on Windows. See ODLPARENT-214 for details.

  • leveldb-jni jar, which has been seeded to nexus.opendaylight.org long time ago is not published in Maven Central. This has been resolved by repackaging this jar and publishing it from odlparent. See ODLPARENT-210 for details.

Third-party dependencies

Version 6.0.0

This is a major upgrade from version 5, with breaking changes; projects will need to make changes to upgrade to this version.

Java 11 is required

This release sets maven.compiler.release=11 and enforces that the JDK used to build is Java 11+. As there may be issues with various maven plugins when faced with JDK9+ constructs and JDK11+ classes, target release can be controlled on a per-artifact basis (i.e. target Java 10 with maven.compiler.release=10 property).

This release has been validated with openjdk-11.0.4 and is not supported on any lower version. As usual, we recommend using latest available JDK/JRE for Java 11 during development and deployment.

Checkstyle/SpotBugs/Modernizer run by default

With this release code artifacts always run maven-checkstyle-plugin, spotbugs-maven-plugin and modernizer-maven-plugin. Checkstyle and SpotBugs run in enforcing mode, i.e. will fail build if any violations are found. Modernizer is configured to report Java 8-compatible constructs and will not fail the build unless instructed to do so.

Behavior of each of these is controlled via a maven property on a per-artifact basis:

  • odlparent.checkstyle.enforce controls checkstyle enforcement: defaults to true, but can be set to false

  • odlparent.checkstyle.skip controls checkstyle invocation: defaults to false, but can be set to true

  • odlparent.spotbugs.enforce controls SpotBugs enforcement: defaults to true, but can be set to false

  • odlparent.spotbugs.skip controls SpotBugs invocation: defaults to false, but can be set to true

  • odlparent.modernizer.enforce controls modernizer enforcement: defaults to false, but can be set to true

  • odlparent.modernizer.skip controls modernizer invocation: defaults to false, but can be set to true

  • odlparent.modernizer.target controls modernizer Java version: defaults to 1.8, but can be set to 1.11 or similar

Bug fixes

  • blueprint container had org.apache.aries.blueprint.preemptiveShutdown set to false to enable it to work with Config Subsystem. As that component is long gone, this property has been removed as part of ODLPARENT-34. Furthermore, system properties related to Config Subsystem/NETCONF integration have been removed as well.

Upstream version removals

The following upstream dependencies have been removed from dependency management:

  • com.google.code.findbugs/jsr305

Third-party dependencies

The dependency on xmlunit-assertj and modernizer-maven-annotations has been added and the following dependencies have been upgraded:

Plugin upgrades

Version 5.0.1

This is a bug-fix upgrade from version 5.0.0.

Third-party dependencies

The following dependencies have been upgraded:

Plugin upgrades

New plugins

  • modernizer-maven-plugin declared, allowing downstreams to more easily activate it, and so detect code which should be updated to more modern equivalent.

New features

  • odl-caffeine-2 provides a pre-packaged feature for the Caffeine caching framework, along with the Guava compabitility layer.

Version 5.0.0

This is a major upgrade from version 4, with breaking changes; projects will need to make changes to upgrade to this version.

The most significant change is ODLPARENT-198, which removes JSR305 from default dependencies and does not present it at class path by default.

Deleted artifacts

findbugs has been removed, as its only purpose was to provide FindBugs rule definitions. Equivalent definitions are available in spotbugs.

Bug fixes

  • blueprint-maven-plugin used to scan the entire classpath, resulting in potential conflicts across projects. Scanning is now limited to ${project.groupId}, limiting conflict domain to single project. See ODLPARENT-109.

  • bundle-maven-plugin configuration ignored generated ServiceLoader service entries, which has now been fixed. See ODLPARENT-197.

  • Bundle tests are now enabled by default. See ODLPARENT-158 and ODLPARENT-80 for details.

  • Karaf log file rollover was not explictly set up, leading to inability to easily override the defaults. See ODLPARENT-153 for details.

  • Karaf log file used to use default maximum 16MiB file size, this has now been increased to 64MiB. See ODLPARENT-154.

  • features-test excluded opendaylight-karaf-empty’s transitive dependencies, leading to the need to re-declare them in single-feature-parent. This re-declaration was forgotten in for bcpkix-framework-ext and bcprov-framework-ext bundles, which lead to them not being present in the local repository. See ODLPARENT-130.

Upstream version removals

The following upstream dependencies have been removed from dependency management:

  • cassandra-driver-core

  • org.codehaus.enunciate/enunciate-core-annotations

  • org.jboss.resteasy/jaxrs-api

  • org.json/json

  • org.osgi/org.osgi.compendium

Removed features

  • odl-jersey-1

  • features-akka feature repository has been integrated into features-odlparent

Third-party dependencies

The following dependencies have been upgraded:

Plugin removals

  • gmaven-plugin

  • maven-findbugs-plugin

Plugin upgrades

Version 4.0.9

This is a bug-fix upgrade from version 4.0.8.

Bug fixes

  • karaf-plugin invocation in karaf4-parent caused previously patched features to be overwritten with their stock versions, referencing bundles which were not populated in the local repository. (See ODLPARENT-194.)

  • karaf-plugin version in karaf4-parent is now provided through plugin management so downstreams can override it without needing to repeat its configuration.

  • karaf-plugin no longer reads features twice when running discovery, speeding up the process a bit.

  • Recent versions of the SpotBugs Maven plugin use SLF4J 1.8 beta 2, which can’t use the 1.7.25 implementation we provide; we therefore provide an implementation of 1.8 beta 2 when SpotBugs is used. (See ODLPARENT-184.)

New features

  • odl-woodstox wraps the Woodstox StAX implementation which is imposed on us by Karaf.

Version 4.0.8

This is a bug-fix and minor upstream bump upgrade from version 4.0.7.

Bug fixes

  • bcprov-ext-jdk15on is a superset of bcprov-jdk15on, so there’s no need to ship both; we now only ship the former. In addition, we install the Bouncy Castle JARs in lib/boot so that they continue to be available on the boot classpath (JDK 9 removes the extension mechanism which was used previously), and provide the corresponding bundles from the boot classpath instead of using separate JARs in the system repository. (See ODLPARENT-183 and ODLPARENT-185.)

  • A dependency check has been added to ensure that we don’t run into the TrieMap dependency bug in 4.0.6 again.

  • Dependencies pulled in by features are now checked for convergence, and karaf-plugin warns when it finds diverging dependencies (the same artifact with two different versions). Upstream-provided features are patched to avoid the following divergences (and upgrade some dependencies in the process):

    • Aries utilities 1.1.0/1.1.3 (upgraded to 1.1.3).

    • Commons Beanutils 1.8.3/1.9.3 (upgraded to 1.9.3).

    • Commons Codec 1.8/1.10 (upgraded to 1.11).

    • javax.mail 1.4.4/1.4.7 (upgraded to 1.4.7).

    (See ODLPARENT-189.)

New features

  • odl-dropwizard-metrics provides Dropwizard Metrics (which are also available in dependency management).

  • enunciate-maven-plugin is added as the replacement for maven-enunciate-plugin.

Third-party dependencies

The following dependencies are no longer provided by the JVM, starting with version 11, but we make them available via dependency management for projects which need them:

  • javax.annotation-api.

  • JAXB (jaxb-core, jaxb-impl).

The following dependencies have been upgraded:

Version 4.0.7

This is a bug-fix release, correcting the triemap import declaration.

Version 4.0.6

This is a bug-fix and minor upstream packaging upgrade from version 4.0.5.

Bug fixes

Single-feature-test was broken with JDK 9 and later and Karaf 4.2.2; this release adds the additional JVM configuration needed.

Third-party dependencies

This release adds the triemap BOM to dependency management.

Version 4.0.5

This is a bug-fix release: the Karaf Maven plugin, in version 4.2.2, is broken in some cases we need in OpenDaylight; we revert to 4.2.1 in karaf4-parent to avoid this.

Version 4.0.4

This is a bug-fix release, reverting the change made in 4.0.3 to handle building with either zip or tar.gz Karaf archives (which breaks builds in our infrastructure, without the empty Karaf archive).

Version 4.0.3

This is a bug-fix and minor upstream bump upgrade from version 4.0.2.

Bug fixes

  • Our FindBugs configuration for JDK 9 and later caused the plugin to run everywhere; instead, this version defines the findbugs.skip property to disable the plugin in modules where it would be used otherwise.

  • The PowerMock declarations in dependency management missed powermock-api-mockito2, which is necessary for modules using PowerMock with Mockito 2.

  • The “quick” profile (-Pq) now skips SpotBugs.

  • JSR-305 annotations are now optional, which fixes a number of issues when building with newer JDKs.

  • We provide JAXB with JDK 11 and later (where it is no longer provided by the base platform).

  • odlparent-artifacts has been updated to accurately represent the artifacts provided.

  • javax.activation is now excluded from generated features (it’s provided on Karaf’s boot classpath).

  • When the build is configured to build Karaf distributions in tar.gz archives, but not zip archives, features-test used to fail; it will now used whichever is available (ODLPARENT-174).

  • Explicit GCs are disabled by default, so that calls to System.gc() are ignored (ODLPARENT-175).

  • Null checks are disabled in SpotBugs because of bad interactions with newer annotations and the bytecode produces by JDK 11 and later for try-with-resources.

  • Akka Persistence expects LevelDB 0.10, so we now pull in that version instead of 0.7.

Dependency convergence

A number of dependencies have been added or constrained so that projects using this parent can enforce dependency convergence:

  • Karaf’s framework feature is used as an import POM, so that we converge by default on the versions used in Karaf.

  • The following dependencies have been added to dependency management:

    • commons-beanutils

    • the Checker Framework

    • Error Prone annotations

    • javax.activation

    • xml-apis

New features

The following Karaf features have been added:

  • odl-antlr4 (providing antlr4-runtime);

  • odl-gson (providing gson);

  • odl-jersey-2 (providing Jersey client, server, and container servlet, along with the necessary feature dependencies);

  • odl-servlet-api (providing javax.servlet-api);

  • odl-stax2-api (providing stax2-api);

  • odl-ws-rs-api (providing javax.ws.rs-api);

A new sonar-jacoco-aggregate profile can be used to produce Sonar reports with aggregated JaCoCo reports. Additionally, Sonar builds (run with -Dsonar) are detected and run with a number of irrelevant plugins disabled.

Upstream version upgrades

Plugin version upgrades

Version 4.0.2

This is a bug-fix and minor upstream bump upgrade from version 4.0.1.

Bug fixes

Previous releases overrode Karaf’s jre.properties; this is no longer necessary, and was causing failures with Java 9 and later (our version of jre.properties didn’t have the appropriate settings for anything after Java 8). This release drops that override. See ODLPARENT-168 for details.

Upstream version upgrades

Plugin version upgrades

Version 4.0.1

This is a bug-fix and minor upstream bump upgrade from version 4.0.0.

Bug fixes

The JaCoCo execution profile was incorrect, breaking Sonar; the report is now written correctly, so that Sonar can find it.

The Blueprint Maven plugin fails when it encounters Java 9 classes; this is fixed by forcefully upgrading its dependency on xbean-finder. See ODLPARENT-167 for details.

Upstream version upgrades

Upstream version additions

  • Mockito Inline is added alongside Mockito Core, to ensure that the versions are kept in sync.

Plugin version upgrades

Version 4.0.0

This is a major upgrade from version 3, with breaking changes; projects will need to make changes to upgrade to this version.

This Wiki page has detailed step-by-step migration instructions.

ODL Parent 4 requires Maven 3.5.3 or later; this is needed in particular to enable SpotBugs support with current versions of the SpotBugs plugin.

Known issues

This release’s SpotBugs support doesn’t handle Guava 25.1 correctly, resulting in false-positives regarding null handling; see ODLPARENT-161 for details. Until this is fixed, the corresponding warnings are disabled, which matches our existing FindBugs configuration (which suffers from the a variant of this, with the same consequences).

We are planning on upgrading Akka during the 4.x cycle, even if it results in a technically breaking upgrade. This is currently blocked on an OSGi bug in Akka; see Akka issue 25579 for details.

Blueprint and OSGi service handling

Previous releases used an OpenDaylight-specific directory for Blueprint XML files, org/opendaylight/blueprint. It turned out this wasn’t useful, so version 4 uses the default directory, OSGI-INF/blueprint.

The Maven bundle plugin is now configured to omit the Import-Service and Export-Service headers, since they are deprecated, unnecessary in OpenDaylight, and liable to cause issues.

With previous releases of OpenDaylight, projects were encouraged to use Pax CDI API annotations to describe their Blueprint beans, services and injections; with version 4, Blueprint annotations should be used instead:

  • modules should depend on org.apache.aries.blueprint:blueprint-maven-plugin-annotation, with the <optional>true</optional> flag, instead of org.ops4j.pax.cdi:pax-cdi-api;

  • @OsgiServiceProvider on bean definitions is replaced by @Service;

  • @OsgiService at injection points is replaced by @Reference;

  • @OsgiService on bean definitions, while technically wrong, can be seen in the OpenDaylight codebase; this is replaced by @Service;

  • service lists can be injected using @ReferenceList.

See this Gerrit patch for an example.

Compiler settings

Builds now warn about unchecked type uses (such as raw types where generics are available).

JUnit and Mockito are always available as test dependencies and no longer need to be declared in POMs.

New build profiles

An OWASP profile is now available to run OWASP’s dependency checker; this will check all third-party dependencies against the NVD vulnerability database. To enable this, run Maven with -Powasp.

Build profile changes

-Pq now skips Modernizer.

New features

odl-akka-leveldb-0.10 wraps LevelDB 0.10 for Akka.

odl-apache-commons-codec wraps Apache Commons Codec.

odl-apache-commons-lang3 wraps Apache Commons Lang 3.

odl-apache-commons-net wraps Apache Commons Net.

odl-apache-commons-text wraps Apache Commons Text.

odl-apache-sshd wraps Apache SSHD.

odl-guava provides the default ODL version of Guava; it should be used instead of odl-guava-23 or the new odl-guava-25.

odl-jackson-2.9 wraps Jackson 2.9.

New FindBugs and SpotBugs settings

FindBugs and SpotBugs are configured with the SLF4J extension (version 1.4.0 for FindBugs, 1.4.1 for SpotBugs). This will flag misused SLF4J calls, in particular message templates which don’t match the arguments, and invalid placeholders (e.g. %s instead of {}).

Deleted artifacts

aggregator-parent was unusable outside odlparent and has been removed. Instead, the maven.deploy.skip and maven.install.skip properties are available to disable deploying and installing artifacts.

Upstream version upgrades

This version upgrades the following third-party dependencies:

Upstream version additions

The following upstream dependencies have been added to dependency management:

  • Apache SSHD 2.0.0, with EdDSA and Netty support (EdDSA is provided by net.i2p.crypto:eddsa).

  • Blueprint annotations (org.apache.aries.blueprint:blueprint-maven-plugin-annotation).

  • Log4J2.

  • Pax Web 7.2.3 (synchronised with Karaf).

Upstream version removals

The following upstream dependencies have been removed from dependency management:

  • Google Protobuf.

  • Our repackaging of Jersey Servlet.

  • JUnit’s junit-dep, which has long been obsolete.

  • LevelDB (which is still available as features).

  • Pax CDI API — Blueprint annotations should be used instead.

Plugin version upgrades

The following plugins have been upgraded:

Version 3.1.3

This version fixes the following issues:

  • ODLPARENT-156: xtend-maven-plugin’s dependencies end up pulling in conflicting dependencies. ODL Parent now constrains part of its dependency tree to avoid this.

This version adds odl-jackson-2.8 to odlparent-artifacts.

Version 3.1.2

This version fixes the following issues:

  • INFRAUTILS-41: jre.properties includes com.sun.management so that it can be enabled if necessary. (This doesn’t add a dependency on com.sun.management, it allows bundles to use it if it is present.)

  • ODLPARENT-136: SingleFeatureTest pulls in org.osgi.compendium.

  • ODLPARENT-144: org.apache.karaf.scr.management is whitelisted so that it no longer affects SingleFeatureTest.

  • ODLPARENT-146: null-related FindBugs checks which produce false-positives with Guava 23.6 and later are disabled, so that this really is fully backwards-compatible with 3.0 and later.

  • ODLPARENT-148: SingleFeatureTest preserves target/SFT/karaf.log.

This version includes the following improvements:

  • custom.properties no longer includes OVSDB-specific configuration.

  • The odl-jersey-1 feature includes the Jersey client.

  • Redundant bundle dependency declarations in SingleFeatureTest have been removed (these are declarations which are also present in our base Karaf distribution).

  • Build errors involving invalid feature or bundle URLs now indicate which feature is at fault.

  • Obsolete Log4J overrides have been removed from SingleFeatureTest.

When building using JDK 9 or 10, the default settings have been changed as follows to avoid errors or extraneous warnings:

  • SFT is disabled (it needs Karaf 4.2 or later);

  • Javadocs are generated as HTML 4;

  • SpotBugs is disabled on JDK 10 or later;

  • FindBugs is disabled on JDK 9 or later.

The following third-party dependencies have been upgraded:

The following Maven plugin has been upgraded:

Version 3.1.1

This version fixes the following issues:

  • ODLPARENT-137: restore the OpenDaylight prompt.

  • ODLPARENT-146: Guava 23.6 switched from @Nullable to @NullableDecl, which causes false positives in FindBugs’ NP_NONNULL_PARAM_VIOLATION rule; we’re disabling the rule for now.

Version 3.1.0

This version fixes the following issues:

  • Mycila dependencies are now “compile” scoped rather than “test”; this allows child projects to use Guice with Mycila more easily.

  • The duplicate finder now ignores web.xml and BluePrint XML files.

This version includes the following improvements:

  • The -Pq profile skips Maven Modernizer, in preparation for its future integration (and its use in child projects).

  • An OWASP profile, -Powasp is available for vulnerability checking.

  • A new odl-jackson-2.8 feature provides Jackson 2.8 to child projects.

The following third-party dependencies have been added to dependency management:

The following third-party dependencies have been upgraded:

The following Maven plugins have been upgraded:

  • FindBugs 3.0.4 → 3.0.5

  • Git commit id 2.2.2 → 2.2.4; release notes:

Version 3.0.3

This version fixes the following issues:

  • ODLPARENT-136: features-test needs org.osgi.compendium.

  • Jackson dependencies are declared using jackson-bom to ensure all they remain consistent.

  • find-duplicate-classpath-entries is run in the “verify” phase rather than the “validate” phase, which is too early.

  • The version of Jetty we pull in is now aligned with that declared in Karaf, resolving a number of restart and dependency issues.

  • Pulling in the wrap feature unconditionally is no longer necessary, so karaf4-parent no longer does so.

  • metainf-services are declared with scope “provided” to avoid their being included in downstream features (it’s a build-time dependency only).

  • leveldb-api is excluded from odl-akka-leveldb-0.7, and jsr250-api from enunciate-core-annotations, to avoid duplicate having classes on the classpath.

  • Since the ssh feature is excluded from generated features, our Karaf need to enable it at boot in all cases.

  • bundle-test-lib is now a bundle.

  • Since we use static SLF4J loggers, the SLF4J_LOGGER_SHOULD_BE_NON_STATIC rule needs to be disabled in our FindBugs configuration (this allows downstream projects to enable findbugs-slf4j without having to deal with all the resulting false-positives).

  • org.apache.karaf.scr.management is white-listed in SFT to avoid failures apparently related to that component (which we don’t care about).

This version upgrades the following third-party dependencies:

Version 3.0.2

This version fixes the following issues:

  • SingleFeatureTest uses the configured local Maven repository for Pax Exam.

  • JavaDoc links are disabled for now to speed up builds. A new javadoc-links profile enables the links.

  • Conditional feature dependencies are processed, ensuring our distribution is complete.

  • Startup features are adjusted for Karaf 4.1, avoiding unnecessary refreshes.

  • The hiddenField Checkstyle check is disabled for abstract methods.

  • The default logging configuration uses Log4J2, which is the new default in Karaf 4.1.

This version upgrades the following dependencies or plugins:

  • maven-enforcer-plugin 1.4.1 → 3.0.0-M1

  • maven-javadoc-plugin 3.0.0-M1 → 3.0.0

Version 3.0.1

This version fixes the following issues:

  • Karaf pulls in an invalid Hibernate feature repository, breaking downstream dependencies pulling in the “war” feature. populate-local-repo corrects the repository dependency.

Version 3.0.0

Compiler settings

Build now show compiler warnings and deprecation warnings. This doesn’t affect the result or require any changes currently, it just makes the issues more visible.

New Checkstyle rules

Checkstyle has been upgraded from 7.6 to 8.4 (see the Checkstyle release notes for details), and Sevntu from 1.21.0 to 1.24.2 (note that the latter’s group identifier changed from com.github.sevntu.checkstyle to com.github.sevntu-checkstyle; you might need to update your IDE’s configuration).

The following Checkstyle rules are enabled; this might require changes in projects which enforce Checkstyle validation:

Karaf

Karaf has been upgraded to 4.1.3. This should be transparent for dependent projects.

Karaf distributions

  • When building a Karaf distribution using karaf4-parent, projects can specify which archives to build: the karaf.archiveZip property will enable ZIP files if true, and karaf.archiveTarGz will enable gzip-compressed tarballs if true. By default both are enabled.

  • Our Karaf distribution provides Bouncy Castle at startup. Auto-generated feature descriptors take this into account (they won’t embed a Bouncy Castle dependency).

Feature removals

  • The odl-triemap-0.2 feature wrapping com.github.romix:java-concurrent-hash-trie-map was rendered obsolete by YANG Tools’ implementation and has been removed.

Feature additions

  • odl-javassist-3 provides Javassist in a feature.

  • odl-jung-2.1 provides JUNG in a feature.

Upstream version upgrades

The following upstream dependencies have been upgraded:

Upstream version additions

The following upstream dependencies have been added to dependency management:

  • Commons Text, org.apache.commons:commons-text (this will allow downstreams to migrate from commons-lang3’s WordUtils, which is deprecated)

Upstream version removals

The following upstream dependencies have been removed from dependency management (they are obsolete and unused):

  • Chameleon MBeans

  • Eclipse Link

  • Equinox HTTP service bridge

  • equinoxSDK381 artifacts

  • Coda Hale Metrics, which are mostly unused and should eventually be wrapped by InfraUtils

  • com.google.code.findbugs:jsr305 (which must not be used; this is enforced — annotations should be used instead)

  • Felix File Install and Web Console

  • Gemini Web

  • Orbit

  • org.mockito:mockito-all (which must not be used; this is enforced — mockito-core should be used instead)

  • Spring Framework

  • txw2

  • Xerces

  • xml-apis

Plugin version upgrades

The following plugins have been upgraded:

  • org.apache.servicemix.tooling:depends-maven-plugin 1.3.1 → 1.4.0

  • org.apache.felix:maven-bundle-plugin 2.4.0 → 3.3.0

  • maven-compiler-plugin 3.6.1 → 3.7.0

  • maven-dependency-plugin 3.0.1 → 3.0.2

  • maven-enforcer-plugin 1.4.1 → 3.0.0-M1

  • maven-failsafe-plugin 2.18.1 → 2.20.1

  • maven-javadoc-plugin 2.10.4 → 3.0.0-M1

  • maven-shade-plugin 2.4.3 → 3.1.0

New plugins

  • The Maven Find Duplicates plugin can be enabled by setting the duplicate-finder.skip property to false.

  • The SpotBugs Maven plugin can now be used instead of the FindBugs plugin (both are available, so no change is required). To use SpotBugs, replace org.codehaus.mojo:findbugs-maven-plugin with com.github.spotbugs:spotbugs-maven-plugin.