Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
56f45f2
JCRVLT-830 IT on DocView level to showcase the problem
joerghoh Feb 2, 2026
7d2557d
JCRVLT-830 add an extension of the WorkspaceFilter
joerghoh Feb 26, 2026
b16c845
JCRVLT-830 integrate this new check into the importer
joerghoh Feb 26, 2026
72b8e25
remove unnecessary demo file
joerghoh Feb 26, 2026
08af40c
renamed method (PR feedback)
joerghoh Feb 26, 2026
b5275ef
spotless
joerghoh Feb 26, 2026
8711844
improve signature
joerghoh Feb 27, 2026
4b2462c
JCRVLT-830 fix incorrect parameter
joerghoh Mar 18, 2026
24f55db
JCRVLT-830 make this new behavior configurable (not yet exposed)
joerghoh Mar 18, 2026
966b78a
JCRVLT-830 allow to configure the behavior via OSGI
joerghoh Mar 18, 2026
d71a9b5
JCRVLT-830 update some javadoc
joerghoh Jun 17, 2026
0b2a9d1
JCRVLT-830 sonar feedback
joerghoh Jun 17, 2026
b88c798
JCRVLT-830 reduce the invocations of subtree coverage checks
joerghoh Jul 6, 2026
504ee17
JCRVLT-842: FileVault 4.2.0 Candidate Release Notes (#415)
reschke Feb 23, 2026
cbef017
[maven-release-plugin] prepare release jackrabbit-filevault-4.2.0
reschke Feb 23, 2026
4c61aa9
[maven-release-plugin] prepare for next development iteration
reschke Feb 23, 2026
a28b661
trivial: Fix TOCs
kwin Apr 17, 2026
57fa0f6
Remove transitive unused Maven dependencies
kwin Apr 28, 2026
c160a74
JCRVLT-844 Improve logging when loading InstallHook fails
kwin Apr 28, 2026
12c4551
Explain in more detail how filters are chosen (#420)
santiagozky May 22, 2026
cd52fb7
Remove unnecessary null guard
kwin Jun 7, 2026
5d75044
Update terminology for OSGi container to OSGi runtime
kwin Jun 11, 2026
df5f63a
Build with GHA
kwin May 15, 2026
b91573e
Fix environment variables used for Nexus Deployment from GHA
kwin Jun 12, 2026
89235c4
Use Build Status Badge for GHA instead of Jenkins
kwin Jun 12, 2026
b21b9ed
Update dependency-check-m-p to 12.2.2
kwin Jun 12, 2026
ae6b77f
Update README with prerequisites and build instructions
kwin Jun 12, 2026
c681762
Upgrade to Bnd 7.3.0
kwin Jun 12, 2026
0ba59b5
Remove unused old ASF logo
kwin Jun 18, 2026
6da7e95
JCRVLT-847 Move spotless execution to "verify" phase
kwin Jun 18, 2026
c0d73b9
Auto-delete branches on merge
kwin Jun 18, 2026
fa23333
Documentation: Separate Build from Runtime Prerequisites
kwin Jun 18, 2026
995f01d
JCRVLT-847 Explicitly ignore spotless execution in m2e
kwin Jun 19, 2026
c6c62ae
Update jackrabbit-packagetype validation details
kwin Jun 20, 2026
9eceee6
Add missing item to release notes for 4.0.0 (#426)
kwin Jun 29, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions .asf.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# https://cwiki.apache.org/confluence/display/INFRA/git+-+.asf.yaml+features#Git.asf.yamlfeatures-GitHubsettings
# https://github.com/apache/infrastructure-asfyaml/blob/main/README.md
github:
description: "Apache Jackrabbit FileVault"
homepage: https://jackrabbit.apache.org/filevault/index.html
Expand All @@ -14,7 +14,10 @@ github:
- JCR
- SLING
- FELIX
dependabot_alerts: true
dependabot_alerts: false
dependabot_updates: false
protected_branches:
master: {}
pull_requests:
# auto-delete head branches after being merged
del_branch_on_merge: true
127 changes: 127 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# ~ Licensed to the Apache Software Foundation (ASF) under one
# ~ or more contributor license agreements. See the NOTICE file
# ~ distributed with this work for additional information
# ~ regarding copyright ownership. The ASF licenses this file
# ~ to you under the Apache License, Version 2.0 (the
# ~ "License"); you may not use this file except in compliance
# ~ with the License. You may obtain a copy of the License at
# ~
# ~ http://www.apache.org/licenses/LICENSE-2.0
# ~
# ~ Unless required by applicable law or agreed to in writing,
# ~ software distributed under the License is distributed on an
# ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# ~ KIND, either express or implied. See the License for the
# ~ specific language governing permissions and limitations
# ~ under the License.

name: Build
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
name: ${{ matrix.namePrefix }} Maven build (${{ matrix.os }}, JDK ${{ matrix.jdk }})
strategy:
matrix:
os: [ubuntu-latest]
jdk: [17, 21, 25]
include:
# lengthy build steps should only be performed on linux with Java 21 (deployment)
- os: ubuntu-latest
jdk: 21
isMainBuildEnv: true
namePrefix: 'Main '
# just build on latest LTS JDK with windows/mac os
- os: windows-latest
jdk: 25
- os: macOS-latest
jdk: 25
fail-fast: true
runs-on: ${{ matrix.os }}
steps:
- name: Git clone
uses: actions/checkout@v6
- name: Set up JDK
uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: ${{ matrix.jdk }}
cache: maven
server-id: apache.snapshots.https # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_APACHE_NEXUS_USERNAME # env variable for username in deploy
server-password: MAVEN_APACHE_NEXUS_PASSWORD # env variable for token in deploy
# sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
- name: Set environment variables
shell: bash
run: |
if [ "${{github.ref}}" = "refs/heads/master" ] && [ "${{github.event_name}}" = "push" ] && [ "${{github.repository_owner}}" = "apache" ] && [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then
echo 'Running on main branch of the canonical repo'
echo "MVN_ADDITIONAL_OPTS=-DdeployAtEnd=true -Pdependency-check -DnvdApiKeyEnvironmentVariable=NVD_API_KEY" >> $GITHUB_ENV
echo "MVN_GOAL=deploy" >> $GITHUB_ENV
else
echo 'Running outside main branch/canonical repo'
if [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then
echo "MVN_ADDITIONAL_OPTS=-Pdependency-check -DnvdApiKeyEnvironmentVariable=NVD_API_KEY" >> $GITHUB_ENV
else
echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV
fi
echo "MVN_GOAL=install site" >> $GITHUB_ENV
fi
- name: Build
env:
# secrets were provided in https://issues.apache.org/jira/browse/INFRA-27930?
NVD_API_KEY: ${{ secrets.NIST_NVD_API_KEY }}
MAVEN_APACHE_NEXUS_USERNAME: ${{ secrets.NEXUS_USER }}
MAVEN_APACHE_NEXUS_PASSWORD: ${{ secrets.NEXUS_PW }}
shell: bash
# executing ITs requires installing artifacts to the local repository
run: mvn -B ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }} -Pjacoco-report -Dlogback.configurationFile=vault-core/src/test/resources/logback-only-errors.xml
- name: Upload build result
uses: actions/upload-artifact@v7
with:
name: compiled-classes-and-coverage
# compare with https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/languages/java/#java-analysis-and-bytecode
path: |
**/target/**/*.class
**/target/site/jacoco*/*.xml

# execute analysis in a separate job for better visualization and usage of matrix builds
# https://docs.sonarsource.com/sonarcloud/advanced-setup/ci-based-analysis/sonarscanner-for-maven/#invoking-the-goal
sonar:
name: SonarQube Analysis
runs-on: ubuntu-latest
needs: build
# not supported on forks, https://portal.productboard.com/sonarsource/1-sonarqube-cloud/c/50-sonarcloud-analyzes-external-pull-request
if: ${{ github.repository == 'apache/jackrabbit-filevault' }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK
uses: actions/setup-java@v5
with:
java-version: 21
distribution: temurin
cache: maven
- name: Download compiled classes
uses: actions/download-artifact@v8
with:
name: compiled-classes-and-coverage
- name: Cache SonarQube packages
uses: actions/cache@v5
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Analyze with SonarQube
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
run: mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:5.7.0.6970:sonar -Dsonar.projectKey=apache_jackrabbit-filevault -Dsonar.organization=apache -Dsonar.scanner.skipJreProvisioning=true
20 changes: 17 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[![ASF Jira](https://img.shields.io/badge/ASF%20JIRA-JCRVLT-orange)](https://issues.apache.org/jira/projects/JCRVLT/summary)
[![License](https://img.shields.io/badge/License-Apache%202.0-red.svg)](https://www.apache.org/licenses/LICENSE-2.0)
[![Maven Central](https://img.shields.io/maven-central/v/org.apache.jackrabbit.vault/vault-cli.svg?label=Maven%20Central)](https://search.maven.org/artifact//org.apache.jackrabbit.vault/vault-cli)
[![Build Status](https://ci-builds.apache.org/buildStatus/icon?job=Jackrabbit%2Ffilevault%2Fmaster)](https://ci-builds.apache.org/job/Jackrabbit/job/filevault/job/master/)
[![Build Status](https://github.com/apache/jackrabbit-filevault/actions/workflows/build.yml/badge.svg)](https://github.com/apache/jackrabbit-filevault/actions/workflows/build.yml)
[![SonarCloud Status](https://sonarcloud.io/api/project_badges/measure?project=apache_jackrabbit-filevault&metric=alert_status)](https://sonarcloud.io/summary/overall?id=apache_jackrabbit-filevault)
[![SonarCloud Coverage](https://sonarcloud.io/api/project_badges/measure?project=apache_jackrabbit-filevault&metric=coverage)](https://sonarcloud.io/component_measures?metric=Coverage&view=list&id=apache_jackrabbit-filevault)
[![SonarCloud Bugs](https://sonarcloud.io/api/project_badges/measure?project=apache_jackrabbit-filevault&metric=bugs)](https://sonarcloud.io/project/issues?resolved=false&types=BUG&id=apache_jackrabbit-filevault)
Expand All @@ -25,9 +25,23 @@ Please refer to the documentation at
<https://jackrabbit.apache.org/filevault/>


Building FileVault
Runtime Prerequisites
===========================================

Java 11 or higher

Runtime Dependencies
--------------------

- Jackrabbit 2.20.17+ (JCR Commons, SPI, SPI Commons)
- Oak Jackrabbit API 1.22.4+
- Commons IO 2.18.0+
- Commons Collections 4.1+
- SLF4J 1.7+

Build
=========

You can build FileVault like this:

mvn clean install
Expand All @@ -38,7 +52,7 @@ For more instructions, please see the documentation at:
<https://jackrabbit.apache.org/building-jackrabbit.html>

Building FileVault Site
============================================
-----------------------

The FileVault documentation lives as Markdown files in `src/site/markdown` such
that it easy to view e.g. from GitHub. The Maven site plugin
Expand Down
46 changes: 35 additions & 11 deletions RELEASE-NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Release Notes -- Apache Jackrabbit FileVault -- Version 3.8.4
Release Notes -- Apache Jackrabbit FileVault -- Version 4.2.0

Introduction
------------
Expand All @@ -10,6 +10,28 @@ The Vault Command Line Interface aka "vlt" provides a subversion like
utility to work and develop with repository content.


Changes in Jackrabbit FileVault 4.2.0
--------------------------------------

Release Notes - Jackrabbit FileVault - Version 4.2.0
This version requires Java 11 or above
The OSGi bundles depend on Jackrabbit 2.20.17+ (JCR Commons, SPI, SPI Commons), Oak JR API 1.22.4+, Commons IO 2.18+, Commons Collections 4.1+ and SLF4J 1.7+

Improvement
[JCRVLT-782] - Introduce spotless-maven-plugin
[JCRVLT-825] - Remove Patch Support (extracting files from packages to filesystem)
[JCRVLT-831] - For collection of namespace prefixes, avoid iterating over sibling nodes not contained in the filter(s)
[JCRVLT-832] - No test coverage for handling namespace information in PATH typed property values
[JCRVLT-839] - Unconditional child node iteration in AggregateImpl.walk()

Test
[JCRVLT-834] - add test coverage for namespace prefixes on sibling nodes in ordered collections


Task
[JCRVLT-823] - add .DS_Store to .gitignore
[JCRVLT-836] - log durations and number of nodes in AggregateImpl node walk


Changes in Jackrabbit FileVault 4.1.4
--------------------------------------
Expand All @@ -18,16 +40,16 @@ Release Notes - Jackrabbit FileVault - Version 4.1.4
This version requires Java 11 or above
The OSGi bundles depend on Jackrabbit 2.20.17+ (JCR Commons, SPI, SPI Commons), Oak JR API 1.22.4+, Commons IO 2.18+, Commons Collections 4.1+ and SLF4J 1.7+

** Improvement
* [JCRVLT-816] - Fix Security warnings
* [JCRVLT-817] - All properties are checked twice if they are protected
* [JCRVLT-818] - Vault CLI contains embedded vulnerable libraries
* [JCRVLT-819] - Upgrade JLine 1.0 to 3.x
* [JCRVLT-822] - avoid costly check if a property is protected
Improvement
[JCRVLT-816] - Fix Security warnings
[JCRVLT-817] - All properties are checked twice if they are protected
[JCRVLT-818] - Vault CLI contains embedded vulnerable libraries
[JCRVLT-819] - Upgrade JLine 1.0 to 3.x
[JCRVLT-822] - avoid costly check if a property is protected

** Task
* [JCRVLT-813] - read node and property definitions lazy
* [JCRVLT-814] - Remove redundant calculations in DocViewImporer
Task
[JCRVLT-813] - read node and property definitions lazy
[JCRVLT-814] - Remove redundant calculations in DocViewImporer


Changes in Jackrabbit FileVault 4.1.2
Expand All @@ -47,14 +69,16 @@ This version requires Java 11 or above
The OSGi bundles depend on Jackrabbit 2.20.17+ (JCR Commons, SPI, SPI Commons), Oak JR API 1.22.4+, Commons IO 2.7+, Commons Collections 4.1+ and SLF4J 1.7+

Bug

[JCRVLT-800] - Version command is broken
[JCRVLT-807] - PackageProperties.getDateProperty() should not log exception on log level

Improvement

[JCRVLT-748] - Fix XSD namespaces
[JCRVLT-764] - Require Java 11
[JCRVLT-790] - Upgrade embedded Jackrabbit/Oak version to 2.22.1/1.82.0
[JCRVLT-801] - jackrabbit-packagetype validator should detect conflicting filter rules
[JCRVLT-801] - Update ASF Parent to version 24
[JCRVLT-805] - DocViewImporter: remove redundant name calculation
[JCRVLT-808] - Improve multi-module code coverage
[JCRVLT-809] - DocViewImporter: logIgnoredProtectedProperties can slow down package import
Expand Down
42 changes: 34 additions & 8 deletions parent/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ Apache Jackrabbit FileVault is a project of the Apache Software Foundation.</des
<scm child.scm.connection.inherit.append.path="false" child.scm.developerConnection.inherit.append.path="false" child.scm.url.inherit.append.path="false">
<connection>scm:git:https://gitbox.apache.org/repos/asf/jackrabbit-filevault.git</connection>
<developerConnection>scm:git:https://gitbox.apache.org/repos/asf/jackrabbit-filevault.git</developerConnection>
<tag>master</tag>
<tag>jackrabbit-filevault-4.2.0</tag>
<url>https://github.com/apache/jackrabbit-filevault/tree/${project.scm.tag}</url>
</scm>

Expand All @@ -85,13 +85,13 @@ Apache Jackrabbit FileVault is a project of the Apache Software Foundation.</des
</issueManagement>

<ciManagement>
<system>Jenkins</system>
<url>https://ci-builds.apache.org/blue/organizations/jenkins/Jackrabbit%2Ffilevault/activity</url>
<system>github</system>
<url>https://github.com/apache/jackrabbit-filevault/actions/workflows/build.yml</url>
</ciManagement>

<properties>
<!-- CI-friendly version, https://maven.apache.org/maven-ci-friendly.html -->
<revision>4.1.5-SNAPSHOT</revision>
<revision>4.2.1-SNAPSHOT</revision>
<!-- for dependencies used for calculating OSGi import-package version ranges the minimally supported version should be used to be backwards compatible in OSGi containers -->
<jackrabbit.min.version>2.20.17</jackrabbit.min.version>
<!-- for embedded dependencies the newest version should be used -->
Expand All @@ -104,15 +104,15 @@ Apache Jackrabbit FileVault is a project of the Apache Software Foundation.</des
<commons-io.version>2.18.0</commons-io.version>
<!-- passed to integration test as property "oak", set to true to test with Oak, false means test with Jackrabbit 2 -->
<test.oak>true</test.oak>
<bnd.version>7.2.1</bnd.version>
<bnd.version>7.3.0</bnd.version>
<minimalJavaBuildVersion>17</minimalJavaBuildVersion>
<javaVersion>11</javaVersion>
<sling.url>http://localhost:4502</sling.url>
<!-- identical to the minimum version -->
<sling.api.version>2.27.6</sling.api.version>
<!-- is overwritten by https://www.eclemma.org/jacoco/trunk/doc/prepare-agent-mojo.html -->
<jacoco.command />
<project.build.outputTimestamp>2025-10-21T10:22:56Z</project.build.outputTimestamp>
<project.build.outputTimestamp>2026-02-23T13:52:50Z</project.build.outputTimestamp>
</properties>

<!-- ====================================================================== -->
Expand Down Expand Up @@ -357,11 +357,14 @@ Apache Jackrabbit FileVault is a project of the Apache Software Foundation.</des
</dependencies>
<executions>
<execution>
<?m2e ignore?>
<!-- explicit ignore necessary for m2e due to https://github.com/eclipse-m2e/m2e-core/issues/2193,
syntax described in https://eclipse.dev/m2e/documentation/release-notes-17.html#new-syntax-for-specifying-lifecycle-mapping-metadata-->
<id>spotless-format</id>
<goals>
<goal>${spotless.action}</goal>
</goals>
<phase>process-sources</phase>
<phase>verify</phase>
</execution>
</executions>
</plugin>
Expand Down Expand Up @@ -514,7 +517,7 @@ Bundle-Category: jackrabbit
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>12.1.6</version>
<version>12.2.2</version>
<executions>
<execution>
<goals>
Expand All @@ -530,6 +533,29 @@ Bundle-Category: jackrabbit
</execution>
</executions>
</plugin>
<!-- <plugin>-->
<!-- <groupId>org.eclipse.m2e</groupId>-->
<!-- <artifactId>lifecycle-mapping</artifactId>-->
<!-- <version>1.0.0</version>-->
<!-- <configuration>-->
<!-- <lifecycleMappingMetadata>-->
<!-- <pluginExecutions>-->
<!-- <pluginExecution>-->
<!-- <pluginExecutionFilter>-->
<!-- <groupId>com.diffplug.spotless</groupId>-->
<!-- <artifactId>spotless-maven-plugin</artifactId>-->
<!-- <goals>-->
<!-- <goal>apply</goal>-->
<!-- </goals>-->
<!-- </pluginExecutionFilter>-->
<!-- <action>-->
<!-- <ignore />-->
<!-- </action>-->
<!-- </pluginExecution>-->
<!-- </pluginExecutions>-->
<!-- </lifecycleMappingMetadata>-->
<!-- </configuration>-->
<!-- </plugin>-->
</plugins>
</pluginManagement>
<plugins>
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
</distributionManagement>

<properties>
<project.build.outputTimestamp>2025-10-21T10:22:56Z</project.build.outputTimestamp>
<project.build.outputTimestamp>2026-02-23T13:52:50Z</project.build.outputTimestamp>
<!-- this project uses cross-module reports with one aggregate, https://docs.sonarsource.com/sonarcloud/enriching/test-coverage/java-test-coverage/#add-coverage-in-a-multi-module-maven-project -->
<sonar.coverage.jacoco.xmlReportPaths>${project.basedir}/target/site/jacoco-aggregate/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
</properties>
Expand Down
2 changes: 1 addition & 1 deletion src/site/markdown/acls.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
Access Control Lists
=================

<!-- MACRO{toc} -->
<!-- MACRO{toc|fromDepth=2} -->

Overview
----------
Expand Down
2 changes: 1 addition & 1 deletion src/site/markdown/authorizables.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
Authorizables
=================

<!-- MACRO{toc} -->
<!-- MACRO{toc|fromDepth=2} -->

Overview
----------
Expand Down
Loading
Loading