Apache Maven Jarsigner Plugin Version 1.3 Released

The Maven team is pleased to announce the release of the Maven Jarsigner Plugin, version 1.3.

This plugin signs and verifies the project artifacts using the jarsigner tool. See the plugin´s site for more details:

This plugin is meant to supercede the existing jar:sign and jar:verify goals from the Maven Jar Plugin which will be deprecated in a future release.

To use the updated plugin in your projects, you need to add the following snippet to the plugins or plugin management section of your POM:

1<plugin>
2  <groupId>org.apache.maven.plugins</groupId>
3  <artifactId>maven-jarsigner-plugin</artifactId>
4  <version>1.3</version>
5  <executions>
6    ...
7  </executions>
8</plugin>

Release Notes - Maven Jar Signer Plugin - Version 1.3

Bug:

• MJARSIGNER-13 - signing in multi-module project fails on windows
• MJARSIGNER-21 - jars signed using Java 7 have "invalid SHA1 signature"
• MJARSIGNER-26 - Jar Signer does not support protected authentication path
• MJARSIGNER-29 - verbose parameter is not filled in jarsigner requests

Improvements:

• MJARSIGNER-28 - verify mojo can also use keystore and alias parameters

New Features:

• MJARSIGNER-12 - It should be possible to save the keystore in one location for multi module projects
• MJARSIGNER-16 - Add the option -tsa to the configuration
• MJARSIGNER-18 - Support for Jar plugin´s "errorWhenNotSigned" option
• MJARSIGNER-24 - Use Password Encryption in pom.xml

Tasks:

• MJARSIGNER-9 - Add toolchain in JarSignMojo.java#getJDKCommandExe()
• MJARSIGNER-22 - Add french translations
• MJARSIGNER-25 - use maven-plugin-tools´ java 5 annotations
• MJARSIGNER-27 - Use maven-jarsigner 1.3
• MJARSIGNER-31 - Update maven-shared-utils to 0.5
• MJARSIGNER-32 - Update requirements to maven 2.1.0

Enjoy,

The Maven team.