Bump the dependencies group across 1 directory with 52 updates

[dependabot]

Bumps the dependencies group with 52 updates in the / directory:

Package	From	To
org.apache.commons:commons-compress	1.27.1	1.28.0
org.apache.commons:commons-csv	1.14.0	1.14.1
commons-logging:commons-logging	1.3.5	1.3.6
com.fasterxml.jackson:jackson-bom	2.19.2	2.21.3
org.jctools:jctools-core	4.0.5	4.0.6
org.apache.kafka:kafka-clients	3.9.1	3.9.2
org.apache.rat:apache-rat-plugin	0.16.1	0.18
org.apache.groovy:groovy-bom	4.0.27	5.0.5
org.junit:junit-bom	5.13.4	6.0.3
org.junit.jupiter:junit-jupiter-engine	5.13.4	6.0.3
org.apache.activemq:activemq-broker	6.1.7	6.2.5
org.eclipse.angus:angus-activation	2.0.2	2.0.3
org.assertj:assertj-core	3.27.3	3.27.7
com.code-intelligence:jazzer	0.24.0	0.30.0
com.code-intelligence:jazzer-api	0.24.0	0.30.0
commons-codec:commons-codec	1.18.0	1.22.0
org.apache.commons:commons-dbcp2	2.13.0	2.14.0
commons-io:commons-io	2.19.0	2.22.0
org.apache.commons:commons-lang3	3.18.0	3.20.0
org.apache.commons:commons-pool2	2.12.1	2.13.1
com.google.guava:guava	33.4.8-jre	33.6.0-jre
com.google.guava:guava-testlib	33.4.8-jre	33.6.0-jre
jakarta.activation:jakarta.activation-api	2.1.3	2.1.4
org.eclipse.angus:jakarta.mail	2.0.3	2.0.5
jakarta.mail:jakarta.mail-api	2.1.3	2.1.5
com.google.code.java-allocation-instrumenter:java-allocation-instrumenter	3.3.4	3.3.5
org.jmdns:jmdns	3.6.1	3.6.3
net.java.dev.jna:jna	5.17.0	5.18.1
co.elastic.logging:log4j2-ecs-layout	1.7.0	1.8.0
org.apache.maven:maven-core	3.9.10	3.9.15
org.apache.maven:maven-model	3.9.10	3.9.15
org.openjdk.nashorn:nashorn-core	15.6	15.7
org.eclipse.platform:org.eclipse.osgi	3.23.100	3.24.100
org.codehaus.plexus:plexus-utils	3.6.0	3.6.1
org.codehaus.woodstox:stax2-api	4.2.2	4.3.0
org.xmlunit:xmlunit-core	2.10.3	2.11.0
org.xmlunit:xmlunit-matchers	2.10.3	2.11.0
org.tukaani:xz	1.10	1.12
com.github.luben:zstd-jni	1.5.7-4	1.5.7-8
biz.aQute.bnd:biz.aQute.bnd.annotation	7.1.0	7.2.3
com.google.errorprone:error_prone_annotations	2.38.0	2.49.0
io.fabric8:docker-maven-plugin	0.46.0	0.48.1
org.gradlex:gradle-module-metadata-maven-plugin	1.1	1.2
com.github.jnr:jnr-ffi	2.2.18	2.2.19
org.bouncycastle:bcpkix-jdk18on	1.83	1.84
org.json:json	20250517	20251224
co.elastic.clients:elasticsearch-java	9.2.0	9.3.4
org.elasticsearch.client:elasticsearch-rest-client	9.2.0	9.3.4
org.mongodb:bson	5.6.1	5.7.0
org.mongodb:mongodb-driver-core	5.6.1	5.7.0
org.mongodb:mongodb-driver-sync	5.6.1	5.7.0
org.springframework.cloud:spring-cloud-context	4.3.0	5.0.1

Updates org.apache.commons:commons-compress from 1.27.1 to 1.28.0

Changelog

Sourced from org.apache.commons:commons-compress's changelog.

Apache Commons Compress 1.28.0 Release Notes

The Apache Commons Compress team is pleased to announce the release of Apache Commons Compress 1.28.0.

Apache Commons Compress defines an API for working with compression and archive formats. These include bzip2, gzip, pack200, LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.

This is a feature and maintenance release. Java 8 or later is required.

This release updates Apache Commons Lang to 3.18.0 to pick up the fix for CVE-2025-48924 (https://nvd.nist.gov/vuln/detail/CVE-2025-48924), but is not affected by it.

Changes in this version

Changes in this version include the following.

New Features

•        Add GzipParameters.getModificationInstant(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.setModificationInstant(Instant). Thanks to Gary Gregory. 
  

•        Add GzipParameters.OS, setOS(OS), getOS(). Thanks to Gary Gregory. 
  

•        Add GzipParameters.toString(). Thanks to Gary Gregory. 
  

• COMPRESS-638: Add GzipParameters.setFileNameCharset(Charset) and getFileNameCharset() to override the default ISO-8859-1 Charset #602. Thanks to vincexjl, Gary Gregory, Piotr P. Karwasz.

•        Add support for gzip extra subfields, see GzipParameters.setExtra(HeaderExtraField) [#604](https://github.com/apache/commons-compress/issues/604). Thanks to ddeschenes-1, Gary Gregory. 
  

•        Add CompressFilterOutputStream and refactor to use. Thanks to Gary Gregory. 
  

•        Add ZipFile.stream(). Thanks to Gary Gregory. 
  

•        GzipCompressorInputStream reads the modification time (MTIME) and stores its value incorrectly multiplied by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        GzipCompressorInputStream writes the modification time (MTIME) the value incorrectly divided by 1,000. Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add optional FHCRC to GZIP header [#627](https://github.com/apache/commons-compress/issues/627). Thanks to Danny Deschenes, Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder allowing to customize the file name and comment Charsets. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberStart(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add GzipCompressorInputStream.Builder.setOnMemberEnd(IOConsumer) to monitor member parsing. Thanks to Gary Gregory. 
  

•        Add PMD check to default Maven goal. Thanks to Gary Gregory. 
  

•        Add SevenZFile.Builder.setMaxMemoryLimitKiB(int). Thanks to Gary Gregory. 
  

•        Add MemoryLimitException.MemoryLimitException(long, int, Throwable) and deprecate MemoryLimitException.MemoryLimitException(long, int, Exception). Thanks to Gary Gregory. 
  

• COMPRESS-692: Add support for zstd compression in zip archives. Thanks to Mehmet Karaman, Andrey Loskutov, Gary Gregory.

•        Add support for XZ compression in ZIP archives. Thanks to Gary Gregory. 
  

• COMPRESS-695: Add ZipArchiveInputStream.createZstdInputStream(InputStream) to provide a different InputStream implementation for Zstandard (Zstd) #649. Thanks to Gary Gregory.

•        Add org.apache.commons.compress.harmony.pack200.Pack200Exception.Pack200Exception(String, Throwable). Thanks to Gary Gregory. 
  

• COMPRESS-697: Move BitStream.nextBit() method to BitInputStream #663. Thanks to Fredrik Kjellberg, Gary Gregory.

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorInputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.XZCompressorOutputStream.builder/Builder(). Thanks to Gary Gregory. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdCompressorOutputStream.builder/Builder() [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

•        Add org.apache.commons.compress.compressors.xz.ZstdConstants [#666](https://github.com/apache/commons-compress/issues/666). Thanks to Gary Gregory, David Walluck, Piotr P. Karwasz. 
  

... (truncated)

Commits

• 852d9c2 Prepare for the release candidate 1.28.0 RC1
• f5eb9e2 Prepare for the next release candidate
• 36f204c Camel case parameter name
• 4c04e4a Use final
• 6cb7da1 Javadoc
• 563c9d2 Javadoc
• ce73bd8 Javadoc
• a464ae9 Better parameter names
• c0b2b84 Add TODO for next major version
• c76bc97 Use OpenVEX to document that we are not affected by CVE-2025-48924 in
• Additional commits viewable in compare view

Updates org.apache.commons:commons-csv from 1.14.0 to 1.14.1

Changelog

Sourced from org.apache.commons:commons-csv's changelog.

Apache Commons CSV 1.14.1 Release Notes

The Apache Commons CSV team is pleased to announce the release of Apache Commons CSV 1.14.1.

This document contains the release notes for the 1.14.1 version of Apache Commons CSV. Commons CSV reads and writes files in Comma Separated Value (CSV) format variations.

Commons CSV requires at least Java 8.

The Apache Commons CSV library provides a simple interface for reading and writing CSV files of various types.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version include:

Fixed Bugs

• CSV-318: CSVPrinter.printRecord(Stream) hangs if given a parallel stream. Thanks to Joseph Shraibman, Gary Gregory.
• CSV-318: CSVPrinter now uses an internal lock instead of synchronized methods. Thanks to Joseph Shraibman, Gary Gregory.

•       org.apache.commons.csv.CSVPrinter.printRecords(ResultSet) now writes one record at a time using a lock. Thanks to Gary Gregory.
  

Changes

•       Bump org.apache.commons:commons-parent from 81 to 85 [#542](https://github.com/apache/commons-csv/issues/542). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-io:commons-io from 2.18.0 to 2.20.0. Thanks to Gary Gregory.
  

•       Bump com.opencsv:opencsv from 5.10 to 5.11.2 [#545](https://github.com/apache/commons-csv/issues/545), [#551](https://github.com/apache/commons-csv/issues/551), [#553](https://github.com/apache/commons-csv/issues/553). Thanks to Gary Gregory, Dependabot.
  

•       Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 [#556](https://github.com/apache/commons-csv/issues/556). Thanks to Gary Gregory, Dependabot.
  

•       Bump commons-codec:commons-codec from 1.18.0 to 1.19.0. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-csv/changes.html

For complete information on Apache Commons CSV, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons CSV website:

https://commons.apache.org/proper/commons-csv/

Download page: https://commons.apache.org/proper/commons-csv/download_csv.cgi

Have fun! -Apache Commons CSV team

---

Commits

• e14ef86 Ignore macOS file
• d8724bf Prepare for the release candidate 1.14.1 RC1
• b76971c Prepare for the next release candidate
• b66814e Merge pull request #557 from apache/dependabot/github_actions/github/codeql-a...
• 9c95e92 Bump github/codeql-action from 3.29.2 to 3.29.4
• 1fb3716 Bump commons-codec:commons-codec from 1.18.0 to 1.19.0
• 7b72c50 Merge some string literals
• 9658373 Update the GitHub pull request template for AI
• 67192a9 Bump commons-io:commons-io from 2.19.0 to 2.20.0
• 59164c8 Bump com.opencsv:opencsv from 5.11.1 to 5.11.2 #553
• Additional commits viewable in compare view

Updates commons-logging:commons-logging from 1.3.5 to 1.3.6

Changelog

Sourced from commons-logging:commons-logging's changelog.

Apache Commons Logging 1.3.6 Release Notes

The Apache Commons Logging team is pleased to announce the release of Apache Commons Logging 1.3.6.

Apache Commons Logging is a thin adapter allowing configurable bridging to other, well-known logging systems.

This is a feature and maintenance release. Java 8 or later is required.

Changes in this version

Fixed Bugs

•           Fix running spotbugs:check: Unable to parse configuration of mojo. Thanks to Gary Gregory.
  

•           Update deprecated call in PathableClassLoader.addLogicalLib(String). Thanks to Gary Gregory.
  

•           Fix malformed Javadoc comments. Thanks to Gary Gregory.
  

•           Fix log level in Slf4jLogFactory.error(Object, Throwable) [#416](https://github.com/apache/commons-logging/issues/416). Thanks to Gary Gregory.
  

Changes

•           Bump org.apache.commons:commons-parent from 81 to 97 [#361](https://github.com/apache/commons-logging/issues/361), [#367](https://github.com/apache/commons-logging/issues/367), [#388](https://github.com/apache/commons-logging/issues/388), [#409](https://github.com/apache/commons-logging/issues/409), [#410](https://github.com/apache/commons-logging/issues/410). Thanks to Gary Gregory, Dependabot.
  

•           Bump org.slf4j:slf4j-api from 2.0.16 to 2.0.17 [#344](https://github.com/apache/commons-logging/issues/344). Thanks to Gary Gregory, Dependabot.
  

•           Bump com.h3xstream.findsecbugs:findsecbugs-plugin from 1.13.0 to 1.14.0 [#360](https://github.com/apache/commons-logging/issues/360). Thanks to Gary Gregory, Dependabot.
  

•           Bump log4j2.version from 2.24.3 to 2.25.3 [#371](https://github.com/apache/commons-logging/issues/371), [#412](https://github.com/apache/commons-logging/issues/412). Thanks to Gary Gregory, Dependabot.
  

•           Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.20.0 [#373](https://github.com/apache/commons-logging/issues/373). Thanks to Gary Gregory, Dependabot.
  

•           Bump ch.qos.logback:logback-core from 1.3.14 to 1.3.16 [#411](https://github.com/apache/commons-logging/issues/411).. Thanks to Gary Gregory, Dependabot.
  

Historical list of changes: https://commons.apache.org/proper/commons-logging/changes.html

Download it from https://commons.apache.org/proper/commons-logging/download_logging.cgi

For complete information on Apache Commons Logging, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Logging website:

https://commons.apache.org/proper/commons-logging/

---

Commits

• 141c9ea Prepare for the release candidate 1.3.6 RC1
• 05cbf46 Prepare for release
• 3ea5f4d Prepare for the next release candidate
• d8e5e80 Simplify
• 694754e Simpler description.
• 97e7660 Fix log level in Slf4jLogFactory.error(Object, Throwable) #416
• 07452cc fix LogLevel (#416)
• c8c20de Bump github/codeql-action from 4.32.4 to 4.32.5
• b879d3e Bump org.apache.commons:commons-parent from 96 to 97.
• 5b2e759 Add security page.
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.19.2 to 2.21.3

Commits

• 374fbd0 [maven-release-plugin] prepare release jackson-bom-2.21.3
• 7059df7 Prep for 2.21.3 release
• 2fd60bd Merge branch '2.20' into 2.21
• b82a364 Merge branch '2.19' into 2.20
• ef4e013 Merge branch '2.18' into 2.19
• 536ae51 Post-release dep version bump
• 536c533 [maven-release-plugin] prepare for next development iteration
• 426b778 [maven-release-plugin] prepare release jackson-bom-2.18.7
• a73cda9 Prep for 2.18.7 release
• 76b4a05 Post-release dep version bump
• Additional commits viewable in compare view

Updates org.jctools:jctools-core from 4.0.5 to 4.0.6

Release notes

Sourced from org.jctools:jctools-core's releases.

Add VarHandle queues and other minor fixups

NOTE: This will be the last release with JDK6 bytecode for jctools-core. The next release will be 5.0.0 and will compile with the 1.8 target, allowing for method handles.

This release has 2 artifacts. The old jctools-core with the following changes:

• Where plain access to field is used by queues, the field is not volatile and volatile access is done using Unsafe.
• Use a generated ConcurrentCircularXXXQueue instead of hand rolled base classes in generated code.
• Padding blocks formatting is improved in generated code.

The release introduces a new artifact, jctools-core-jdk11 which included generated VarHandle queues (padded and unpadded). These queues do not rely on Unsafe, and offer better performance than the AtomicFieldUpdater generated code. We expect many users will prefer these variants going forward to break their reliance on Unsafe.

The majority of the VarHandle work is a great contribution from @​amarziali , thanks!!! We also thank @​franz1981 for his help reviewing and profiling the code.

Commits

• 81fc9f7 Add VH package info
• b43fb9a Remove la optimization from VH queues in the absence of evidence it improve...
• b8b6eb5 Improve baseline
• e06b852 Generate atomic queues after builder changes
• 97aa7b4 Prep atomic generator for generating base classes
• e17024a Generate VH LinkedArray queues
• 85f8938 Regenerate queues with padding block
• 845e8ff Fix up volatile/plain fields access and prep for LinkedArray queues
• dc94426 Nicer formatting for padding blocks
• 7c77981 Fix test timeout due to slow clear on linked queues
• Additional commits viewable in compare view

Updates org.apache.kafka:kafka-clients from 3.9.1 to 3.9.2

Updates org.apache.rat:apache-rat-plugin from 0.16.1 to 0.18

Updates org.apache.groovy:groovy-bom from 4.0.27 to 5.0.5

Commits

• See full diff in compare view

Updates org.junit:junit-bom from 5.13.4 to 6.0.3

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.junit.jupiter:junit-jupiter-engine from 5.13.4 to 6.0.3

Release notes

Sourced from org.junit.jupiter:junit-jupiter-engine's releases.

JUnit 6.0.3 = Platform 6.0.3 + Jupiter 6.0.3 + Vintage 6.0.3

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.2...r6.0.3

JUnit 6.0.2 = Platform 6.0.2 + Jupiter 6.0.2 + Vintage 6.0.2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.1...r6.0.2

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

... (truncated)

Commits

• 36e3253 Release 6.0.3
• 295561f Finalize 6.0.3 release notes
• ea18076 Fix deadlock in NamespacedHierarchicalStore.computeIfAbsent() (#5348)
• 869e232 Add 5.14.3 release notes
• d4b34c4 Fix links to User Guide
• 5c8fb0f Reliably support JRE.OTHER with @⁠EnabledOnJre and @⁠DisabledOnJre
• febb13f Check out entire repo so switching to main branch works in last step
• 71fba90 Install poppler-utils for pdfinfo
• 740e9e0 Update API baseline
• 2ba535f Use release branch of examples repo
• Additional commits viewable in compare view

Updates org.apache.activemq:activemq-broker from 6.1.7 to 6.2.5

Release notes

Sourced from org.apache.activemq:activemq-broker's releases.

Apache ActiveMQ 6.2.5

What's Changed

• Bump to 6.2.5-SNAPSHOT version by @​jbonofre in apache/activemq#1892
• [6.2.x] SSL handshake write timeout enforcement (#1883) by @​cshannon in apache/activemq#1894
• [6.2.x] Minor bug fix for BrokerView#validateAllowedUri (#1900) by @​cshannon in apache/activemq#1902
• [6.2.x] Restrict URL protocol types loaded by XBeanBrokerFactory (#1910) by @​cshannon in apache/activemq#1915
• compilation-fix by @​cshannon in apache/activemq#1919
• [6.2.x] Make brokerName immutable in RegionBroker (#1917) by @​cshannon in apache/activemq#1923
• [6.2.x] Add Http discovery transport to denied list for JMX (#1918) by @​cshannon in apache/activemq#1925
• [6.2.x] Update resource cleanup on queueBrowse servlet (#1912) by @​cshannon in apache/activemq#1928
• [6.2.x] Update DestinationView uri resolution (#1914) by @​cshannon in apache/activemq#1930
• fix(webconsole): the webconsole now redirect to the slave.jsp when required (slave broker with startAsync="true") [6.2.x] by @​jbonofre in apache/activemq#1934
• [6.2.x] Queue browse improvements in webconsole (#1938) by @​cshannon in apache/activemq#1942
• [6.2.x] Add more transport types to the denied list for JMX (#1949) by @​cshannon in apache/activemq#1952
• [6.2.x] Add remote file filtering for XBeanBrokerFactory (#1950) by @​cshannon in apache/activemq#1954

Full Changelog: apache/activemq@activemq-6.2.4...activemq-6.2.5

Apache ActiveMQ 6.2.4

What's Changed

• [6.2.x] Bump version to 6.2.4-SNAPSHOT by @​jbonofre in apache/activemq#1868
• [6.2.x] Ensure AMQP protocol marshals messages before passing to broker (#1859) by @​cshannon in apache/activemq#1860
• [6.2.x] Backport MQTT fixes by @​cshannon in apache/activemq#1884
• [6.2.x] Properly handle SSL handshake updates by @​cshannon in apache/activemq#1886

Full Changelog: apache/activemq@activemq-6.2.3...activemq-6.2.4

Apache ActiveMQ 6.2.3

What's Changed

• [6.2.x] Update copyright year in the bin distribution NOTICE by @​jbonofre in apache/activemq#1817
• Bump version to 6.2.3-SNAPSHOT by @​cshannon in apache/activemq#1834
• Fix FactoryFinder path resolution in Windows (#1831) by @​cshannon in apache/activemq#1836
• [6.2.x] Prevent a VM transport from being used with BrokerView by @​cshannon in apache/activemq#1844
• [6.2.x] Add 6.2.3 in spring schemas by @​jbonofre in apache/activemq#1838
• [6.2.x] Also validate nested composite URIs used with BrokerView (#1847) by @​cshannon in apache/activemq#1848

Full Changelog: apache/activemq@activemq-6.2.2...activemq-6.2.3

Apache ActiveMQ 6.2.2

What's Changed

• [6.2.x] Backport: Improve FactoryFinder Validation (#1793) by @​jbonofre in apache/activemq#1799
• Backport: remove the annotation on the ProtocolConverterTest (#1793) by @​jbonofre in apache/activemq#1801
• Upgrade the spring.schemas in preparation for the 6.2.2 release by @​jbonofre in apache/activemq#1804
• Update copyright year in the NOTICE file by @​jbonofre in apache/activemq#1806
• fix(assembly): add missing jolokia-core to assembly descriptor by @​jbonofre in apache/activemq#1808
• [6.2.x] Bump jackson-version from 2.21.0 to 2.21.1 (#1709) by @​jbonofre in apache/activemq#1810

... (truncated)

Commits

• cfa7998 [maven-release-plugin] prepare release activemq-6.2.5
• 881ce9d Add remote file filtering for XBeanBrokerFactory (#1950) (#1954)
• e19cc3e Add more transport types to the denied list for JMX (#1949) (#1952)
• 0982ba4 Queue browse improvements in webconsole (#1938) (#1942)
• 1dabafb fix(webconsole): the webconsole now redirect to the slave.jsp when required (...
• 2b8455b #1913 Update DestinationView uri resolution (#1914)
• 1b7b1e0 #1911 Update resource cleanup on queueBrowse servlet (#1912)
• 3b3dc08 Add Http discovery transport to denied list for JMX (#1918) (#1925)
• 8c929d0 Make brokerName immutable in RegionBroker (#1917) (#1923)
• eccbe4c compilation-fix (#1919)
• Additional commits viewable in compare view

Updates org.eclipse.angus:angus-activation from 2.0.2 to 2.0.3

Commits

• 6eff4c5 Prepare release org.eclipse.angus:angus-activation-project:2.0.3
• bcb3375 jaf api 2.1.4 (#55)
• 84e5a0d Rename resources so javax and jakarta can live in same classpath #174
• c3c4d67 Merge pull request #46 from eclipse-ee4j/2.0.2-RELEASE
• 354de40 Update README.md
• c62baf3 Update TCK-Results.md
• 6cda1e7 Prepare next development cycle for 2.1.0-SNAPSHOT
• See full diff in compare view

Updates org.assertj:assertj-core from 3.27.3 to 3.27.7

Release notes

Sourced from org.assertj:assertj-core's releases.

v3.27.7

🔒 Security

Core

• Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)
  • See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly reporting it!

🚫 Deprecated

Core

• Deprecate XmlStringPrettyFormatter with no replacement

🐛 Bug Fixes

Guava

• Navigation to assertj-core or guava types from assertj-guava Javadoc site has unnecessary header #3478

🔨 Dependency Upgrades

Core

• Upgrade to Byte Buddy 1.18.3
• Upgrade to JUnit BOM 5.14.1

Guava

• Upgrade to Guava 33.5.0-jre

v3.27.6

🐛 Bug Fixes

Core

• Add missing export for org.assertj.core.annotation #3951

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​duponter

v3.27.5

⚡ Improvements

Core

• ByteBuddy in AssertJ 3.27.4 not compatible with Java 25 #3946

... (truncated)

Commits

• e840716 [maven-release-plugin] prepare release assertj-build-3.27.7
• 85ca7eb Deprecate XmlStringPrettyFormatter
• 77081dc Merge commit from fork
• b68fc24 Bump github/codeql-action from 4.31.9 to 4.31.10 in the github-actions group ...
• 0cf5bb6 Bump kotlin.version from 2.1.0 to 2.2.21
• d393ef1 Abort tests when symbolic links cannot be created (#3788)
• 2212433 Add IntelliJ custom inspection for test class names
• 5717d02 Update JetBrains icon
• a8ec20b Add icon for JetBrains products
• c05fb3d Bump Maven to 3.9.12 and Wrapper to 3.3.4
• Additional commits viewable in compare view

Updates com.code-intelligence:jazzer from 0.24.0 to 0.30.0

Release notes

Sourced from com.code-intelligence:jazzer's releases.

v0.30.0

What's Changed

• fix: Use getCanonicalName() for array codegen in autofuzz reproducers by @​kyakdan in CodeIntelligenceTesting/jazzer#1043
• feat: add exploreState(byte) overload with auto-generated call-site id by @​kyakdan in CodeIntelligenceTesting/jazzer#1032
• feat: Maximize API by @​kyakdan in CodeIntelligenceTesting/jazzer#1036
• feat: Add minimize API by @​kyakdan in CodeIntelligenceTesting/jazzer#1038
• feat: Enable exploreState without value profile by @​kyakdan in CodeIntelligenceTesting/jazzer#1037
• feat: add hooks for Set.contains & Set.remove by @​onionpsy in CodeIntelligenceTesting/jazzer#1030
• feat: add hook for Enum.valueOf by @​onionpsy in CodeIntelligenceTesting/jazzer#1031
• feat: add float/double comparison tracking to instrumentor by @​kyakdan in CodeIntelligenceTesting/jazzer#1045
• feat: add @​ElementOf annotation by @​simonresch in CodeIntelligenceTesting/jazzer#1028
• feat: extend ValuePool by new fields : files, and maxMutations by @​oetr in CodeIntelligenceTesting/jazzer#1033
• feat: ValuePool can now reference suppliers in any class by @​oetr in CodeIntelligenceTesting/jazzer#1046
• chore: update internal jacoco version to 0.8.14 by @​simonresch in CodeIntelligenceTesting/jazzer#1047
• chore: disable FilePathTraversal in an autofuzz test by @​oetr in CodeIntelligenceTesting/jazzer#1042
• chore: increase test timeout for the selffuzz test by @​oetr in CodeIntelligenceTesting/jazzer#1040
• chore: update bazel dependencies by @​simonresch in CodeIntelligenceTesting/jazzer#1041
• chore(deps): update maven deps by @​simonresch in CodeIntelligenceTesting/jazzer#1039

Full Changelog: CodeIntelligenceTesting/jazzer@v0.29.1...v0.30.0

v0.29.1

What's Changed

• fix: use user-friendly type names in exception messages by @​Marcono1234 in CodeIntelligenceTesting/jazzer#1024
• fix: support lists of arbitrary types by

[ppkarwasz]

@dependabot recreate