Noteworthy

Besides dismissing a few CVEs, this version modernizes test coverage and dependency-check plugin.

Changelog

Changed

• Upgrade to latest 6.5.3 OWASP dependency-check Maven plugin. [BUILD-571]

• Replace Clover with JaCoCo. [BUILD-543]

  • Provide new technology-agnostic properties for skipping code coverage execution and for setting minimal coverage

    • Use codeCoverageThreshold instead of cloverCoverageThreshold

    • Use skipCodeCoverage instead of skipClover

  • Provide new enable-code-coverage profile

    • Use it instead of enable-clover

Fixed

• Dismiss h2 vulnerabilities. [BUILD-663]

• Dismiss false positives related to daisydiff-magnolia-1.2.1. [BUILD-696]

• Dismiss metadata-extractor CVE. [BUILD-704]

Upgrading

Upgrading should be straightforward. Core artifacts will start being updated with Magnolia 6.2.18 release.