Bump the dependencies group across 1 directory with 29 updates

[dependabot]

Bumps the dependencies group with 28 updates in the / directory:

Package	From	To
ch.qos.logback:logback-classic	1.5.18	1.5.23
com.fasterxml.jackson.core:jackson-core	2.20.0	2.20.1
com.fasterxml.jackson.dataformat:jackson-dataformat-xml	2.20.0	2.20.1
com.github.dasniko:testcontainers-keycloak	3.8.0	4.0.1
commons-io:commons-io	2.20.0	2.21.0
de.fraunhofer.iosb.ilt:FROST-Client-Dynamic	2.31	2.32
de.grundid.opendatalab:geojson-jackson	1.14	3.0
org.apache.commons:commons-dbcp2	2.13.0	2.14.0
org.apache.commons:commons-lang3	3.18.0	3.20.0
org.apache.commons:commons-text	1.14.0	1.15.0
org.junit:junit-bom	5.13.4	6.0.1
org.junit.platform:junit-platform-suite	1.13.4	6.0.1
org.liquibase:liquibase-core	4.33.0	5.0.1
org.mariadb.jdbc:mariadb-java-client	3.5.6	3.5.7
org.testcontainers:junit-jupiter	1.21.3	1.21.4
org.testcontainers:postgresql	1.21.3	1.21.4
org.apache.maven.plugins:maven-assembly-plugin	3.7.1	3.8.0
org.apache.maven.plugins:maven-jar-plugin	3.4.2	3.5.0
org.apache.maven.plugins:maven-dependency-plugin	3.8.1	3.9.0
org.codehaus.mojo:exec-maven-plugin	3.5.1	3.6.3
com.diffplug.spotless:spotless-maven-plugin	2.46.1	3.1.0
org.apache.maven.plugins:maven-war-plugin	3.4.0	3.5.1
org.owasp:dependency-check-maven	12.1.5	12.1.9
org.apache.maven.plugins:maven-release-plugin	3.1.1	3.3.1
org.jacoco:jacoco-maven-plugin	0.8.13	0.8.14
org.apache.maven.plugins:maven-source-plugin	3.3.1	3.4.0
org.sonatype.central:central-publishing-maven-plugin	0.8.0	0.9.0
org.testcontainers:mariadb	1.21.3	1.21.4

Updates ch.qos.logback:logback-classic from 1.5.18 to 1.5.23

Release notes

Sourced from ch.qos.logback:logback-classic's releases.

Logback 1.5.23

2025-12-21 Release of logback version 1.5.23

• In response to issues/959 file name collisions are detected at configuration time by analyzing the configuration file and no longer at run time. This avoids the ConcurrentModificationException reported in the issue.

• ZIP and XZ compression now use a BufferedOutputStream when writing to the compressed file. This issue was reported in issues/988.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 0bcc3feb54a6d99caac70969ee5f8334aad1fbaf associated with the tag v_1.5.23. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.22

2025-12-11 Release of logback version 1.5.22

• In order to prevent involuntary information leakage, Logback will no longer output the value of a substituted variable, if the variable name contains any of the case-insensitive strings "password", "secret" or "confidential". This problem was reported by Chintan Rohila in issues/986.

• Logback now takes the overridden toString() method of Throwable subclasses into account when printing stack traces. This issue was reported in LOGBACK-543 by Alvin Chee, with a fix provided in PR 404 by Brett Kail.

• Instead of limit-counting guard, Logback now uses a tumbling-window guard to rate limit internal error messages.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 572379aabd2f672b49593e4020696c624541e5b0 associated with the tag v_1.5.22. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.21

2025-11-10 Release of logback version 1.5.21

• Invocations of turbo filters in isDebugEnabled, isInfoEnabled()... remain as they were, untouched. However, any installed instances of TurboFilter are now invoked also from within the log(LoggingEvent) method of Logger with the contents of the LoggingEvent, typically via the fluent API. This fixes issues/871.

• Removed reentry-guard in most subclasses of UnsynchronizedAppenderBase where it was not needed.

• Initialization procedure has been simplified by removing the step instantiating a SerializedModelConfigurator. However, it is still possible to set up SerializedModelConfigurator as a custom configurator.

• JsonEncoder is now friendlier to derivation by sub-classes as requested in issues/979.

• Fixed XMLLayout thread safety issue reported in LOGBACK-427.

• Removed superfluous buffering in Zip, GZ and XZ compression code.

• A bit-wise identical binary of this version can be reproduced by building from source code at commit fed6f37ffe3449e40f6a9fffe050936a33116bd1 associated with the tag v_1.5.21. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

Logback 1.5.20

2025-10-19 Release of logback version 1.5.20

• Due to potential vulnerabilities associated with dynamic, i.e. runtime, java code compilation and execution (using Janino), the 'condition' attribute within the <if> element is deprecated and will be removed in 2027.

An online migration service is provided to help with the transition.

The <condition> element, new in this version, admits custom PropertyEvaluator as a recommended alternative. See also the updated documentation on conditional configuration.

• Initialization procedure was incorrectly reported as having been simplified in this version, i.e. version 1.5.20 by removing the step instantiating a SerializedModelConfigurator. The actual simplification was done in version 1.5.21

• A bit-wise identical binary of this version can be reproduced by building from source code at commit 930fb15c993a4344bcecc6ba2225c12a2c38e676 associated with the tag v_1.5.20. Release built using Java "21" 2023-10-17 LTS build 21.0.1.+12-LTS-29 under Linux Debian 11.6.

... (truncated)

Commits

• 0bcc3fe prepare release 1.5.23
• 4627dbd better to use BufferedOutputStream during ZIP and XZ compression, especially ...
• 299f091 add collision test in presence of conditional processing
• b446f3f In Context, remove collision map
• a3eb14d in response to issues/959, collision detection is now done by FileCollisionAn...
• 681b2be remove unused method, minor comment edits
• 17a3edf start work on 1.5.23-SNAPSHOT
• 572379a prepare release 1.5.22
• 39d17ea fix status printing of variable substitution when the variable name contains ...
• 75509a9 fix PR 404, LOGBACK-543
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-core from 2.20.0 to 2.20.1

Commits

• 440a470 [maven-release-plugin] prepare release jackson-core-2.20.1
• 8bb7c4e Prep for 2.20.1 release
• 25f77be Merge branch '2.19' into 2.20
• d7e3877 Post-release dep version bump
• 11b4ac9 [maven-release-plugin] prepare for next development iteration
• 8836225 [maven-release-plugin] prepare release jackson-core-2.19.4
• 68e64f7 Prep for 2.19.4 release
• 6e81a4f Merge branch '2.19' into 2.20
• bad4b9b Post-release dep version bump
• 35ecb54 [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.20.0 to 2.20.1

Commits

• 338bbdc [maven-release-plugin] prepare release jackson-dataformat-xml-2.20.1
• 53a2b39 Prep for 2.20.1 release
• d293443 Merge branch '2.19' into 2.20
• 5a91bcd Post-release dep version bump
• 750c806 [maven-release-plugin] prepare for next development iteration
• 1915b3a [maven-release-plugin] prepare release jackson-dataformat-xml-2.19.4
• 0bdeb4a Prep for 2.19.4 release
• 31f8391 Merge branch '2.19' into 2.20
• ace9643 Post-release dep version bump
• 178a88b [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates com.fasterxml.jackson.core:jackson-databind from 2.20.0 to 2.20.1

Commits

• See full diff in compare view

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.20.0 to 2.20.1

Commits

• 338bbdc [maven-release-plugin] prepare release jackson-dataformat-xml-2.20.1
• 53a2b39 Prep for 2.20.1 release
• d293443 Merge branch '2.19' into 2.20
• 5a91bcd Post-release dep version bump
• 750c806 [maven-release-plugin] prepare for next development iteration
• 1915b3a [maven-release-plugin] prepare release jackson-dataformat-xml-2.19.4
• 0bdeb4a Prep for 2.19.4 release
• 31f8391 Merge branch '2.19' into 2.20
• ace9643 Post-release dep version bump
• 178a88b [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates com.github.dasniko:testcontainers-keycloak from 3.8.0 to 4.0.1

Release notes

Sourced from com.github.dasniko:testcontainers-keycloak's releases.

v4.0.1

Bugs

• Set DEBUG_PORT to bind explicitly with "0.0.0.0" for debug compatibility (#260)

Full Changelog: dasniko/testcontainers-keycloak@v4.0.0...v4.0.1

v3.9.1

Bugs

• Set DEBUG_PORT to bind explicitly with "0.0.0.0" for debug compatibility (#260)

Full Changelog: dasniko/testcontainers-keycloak@v3.9.0...v3.9.1

v3.9.0

What's Changed

• adjust debug settings to changed configuration starting from Keycloak 26.4+ by @​dasniko
  ‼️If you still use Keycloak 26.3 and lower AND use the DEBUG options, DON'T use this version, please stick on v3.8 of this library. When using debugging options with this version, you'll have to use Keycloak 26.4+‼️
• chore(deps): bump several dependencies to most recent versions by @​dependabot[bot]
• chore: bump several dependencies to most recent versions by @​dependabot[bot]

Full Changelog: dasniko/testcontainers-keycloak@v3.8.0...v3.9.0

Commits

• 4202548 [maven-release-plugin] prepare release v4.0.1
• bafba81 Set DEBUG_PORT to bind explicitly with "0.0.0.0" for debug compatibility (#260)
• b1f2585 [maven-release-plugin] prepare for next development iteration
• 22fcc62 [maven-release-plugin] prepare release v4.0.0
• b722b79 extend version compatibility table
• 9597fb0 revert changes for upcoming kc release
• 67c8c68 set to Keycloak 26.4
• 86d1ae3 chore(deps-dev): bump junit-jupiter.version from 5.13.4 to 6.0.1 (#248)
• 673d287 chore(deps): bump testcontainers from 1.21.3 to 2.0.2 (#242)
• d3eb4a7 disable failing test temporarily
• Additional commits viewable in compare view

Updates commons-io:commons-io from 2.20.0 to 2.21.0

Changelog

Sourced from commons-io:commons-io's changelog.

Apache Commons IO 2.21.0 Release Notes

The Apache Commons IO team is pleased to announce the release of Apache Commons IO 2.21.0.

Introduction

The Apache Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more.

Version 2.21.0: Java 8 or later is required.

New features

o FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_RB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.FileUtils.ONE_QB #763. Thanks to strangelookingnerd, Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], int, int, long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(byte[], long). Thanks to Gary Gregory. o Add org.apache.commons.io.output.ProxyOutputStream.writeRepeat(int, long). Thanks to Gary Gregory. o Add length unit support in FileSystem limits. Thanks to Piotr P. Karwasz. o Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation. Thanks to Piotr P. Karwasz. o Add org.apache.commons.io.file.PathUtils.getPath(String, String). Thanks to Gary Gregory. o Add org.apache.commons.io.channels.ByteArraySeekableByteChannel. Thanks to Gary Gregory. o Add IOIterable.asIterable(). Thanks to Gary Gregory. o Add NIO channel support to AbstractStreamBuilder. Thanks to Piotr P. Karwasz. o Add CloseShieldChannel to close-shielded NIO Channels #786. Thanks to Piotr P. Karwasz. o Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize #790. Thanks to Piotr P. Karwasz.

Fixed Bugs

o When testing on Java 21 and up, enable -XX:+EnableDynamicAgentLoading. Thanks to Gary Gregory. o When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE. Thanks to Gary Gregory. o ValidatingObjectInputStream does not validate dynamic proxy interfaces. Thanks to Stanislav Fort, Gary Gregory. o BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set. Thanks to Piotr P. Karwasz. o BoundedInputStream.available() correctly accounts for the maximum read limit. Thanks to Piotr P. Karwasz. o Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int). Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow. Thanks to Piotr P. Karwasz. o Javadoc general improvements. Thanks to Gary Gregory, Piotr P. Karwasz. o IOUtils.toByteArray() now throws EOFException when not enough data is available #796. Thanks to Piotr P. Karwasz. o Fix IOUtils.skip() usage in concurrent scenarios. Thanks to Piotr P. Karwasz. o [javadoc] Fix XmlStreamReader Javadoc to indicate the correct class that is built #806. Thanks to J Hawkins.

Changes

o Bump org.apache.commons:commons-parent from 85 to 91 #774, #783, #808. Thanks to Gary Gregory, Dependabot.

... (truncated)

Commits

• 54073d3 Prepare for the release candidate 2.21.0 RC1
• f141f09 Prepare for the next release candidate
• adcf135 Add license header
• 0f499d0 Use new oak logo
• 34a961c Use HTTPS in URL
• 9e51118 Use HTTPS in URL
• d715865 Add dependabot email [skip ci]
• 3d6a7e1 Javadoc
• ad875d5 Bump actions/upload-artifact from 4.6.2 to 5.0.0 (#810)
• bc01dee Bump github/codeql-action from 4.30.9 to 4.31.2 (#811)
• Additional commits viewable in compare view

Updates de.fraunhofer.iosb.ilt:FROST-Client-Dynamic from 2.31 to 2.32

Changelog

Sourced from de.fraunhofer.iosb.ilt:FROST-Client-Dynamic's changelog.

Version 2.32

Updates

• Bumped Dependencies.
• Updated V2 model implementation.
• Updated create methods to return the new Entity.
• Added that Entities can create their own selfLink, both absolute and relative.

Commits

• 06eadef Release v2.32
• a4aaf9c Bump the dependencies group across 1 directory with 4 updates (#185)
• 2a2c9bc [CI] Skip dependency analysis for PRs
• 2789f2e Updated V2 model implementation
• d570866 Added that Entities can create their own selfLink, both absolute and relative
• 38e48c3 Updated create methods to return the new Entity
• f8f7ca0 Bump the dependencies group with 3 updates (#183)
• b8ff050 [CI] Added authentication for ossindex
• e53571c Bump the dependencies group across 1 directory with 7 updates (#182)
• 3b966e8 [CI] Use CVD cache for PR builds
• Additional commits viewable in compare view

Updates de.grundid.opendatalab:geojson-jackson from 1.14 to 3.0

Commits

• 9808af9 [maven-release-plugin] prepare release geojson-jackson-3.0 [ci skip]
• f865bf5 inc version to align with jackson
• dc01b79 [maven-release-plugin] prepare for next development iteration
• 1178e49 [maven-release-plugin] prepare release geojson-jackson-1.19 [ci skip]
• 0a07d8f release config update
• fdda76c [maven-release-plugin] prepare for next development iteration
• 8448366 [maven-release-plugin] prepare release geojson-jackson-1.17 [ci skip]
• 6f57a75 [maven-release-plugin] rollback the release of geojson-jackson-1.17
• b844be4 updated deps
• d43b90c [maven-release-plugin] prepare for next development iteration
• Additional commits viewable in compare view

Updates org.apache.commons:commons-dbcp2 from 2.13.0 to 2.14.0

Updates org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0

Updates org.apache.commons:commons-text from 1.14.0 to 1.15.0

Changelog

Sourced from org.apache.commons:commons-text's changelog.

Apache Commons Text 1.15.0 Release Notes

The Apache Commons Text team is pleased to announce the release of Apache Commons Text 1.15.0.

Apache Commons Text is a set of utility functions and reusable components for processing and manipulating text in a Java environment.

Release 1.15.0. This is a feature and maintenance release. Java 8 or later is required.

New features

•        Add experimental CycloneDX VEX file [#683](https://github.com/apache/commons-text/issues/683). Thanks to Piotr P. Karwasz, Gary Gregory.
  

• TEXT-235: Add Damerau-Levenshtein distance #687. Thanks to LorgeN, Gary Gregory.

•        Add unit tests to increase coverage [#719](https://github.com/apache/commons-text/issues/719). Thanks to Michael Hausegger, Gary Gregory.
  

•        Add new test for CharSequenceTranslator#with() [#725](https://github.com/apache/commons-text/issues/725). Thanks to Michael Hausegger, Gary Gregory.
  

•        Add tests and assertions to org.apache.commons.text.similarity to get to 100% code coverage [#727](https://github.com/apache/commons-text/issues/727), [#728](https://github.com/apache/commons-text/issues/728). Thanks to Michael Hausegger.
  

Fixed Bugs

•        Fix exception message typo in XmlStringLookup.XmlStringLookup(Map, Path...). Thanks to Gary Gregory.
  

• TEXT-236: Inserting at the end of a TextStringBuilder throws a StringIndexOutOfBoundsException. Thanks to Pierre Post, Sumit Bera, Alex Herbert, Gary Gregory.

•        Fix TextStringBuilderTest.testAppendToCharBuffer() to use proper argument type [#724](https://github.com/apache/commons-text/issues/724). Thanks to Michael Hausegger.
  

•        Fix Apache RAT plugin console warnings. Thanks to Gary Gregory.
  

•        Fix site XML to use version 2.0.0 XML schema. Thanks to Gary Gregory.
  

•        Removed unreachable threshold verification code in src/main/java/org/apache/commons/text/similarity [#730](https://github.com/apache/commons-text/issues/730). Thanks to Michael Hausegger.
  

•        Enable secure processing for the XML parser in XmlStringLookup in case the underlying JAXP implementation doesn't [#729](https://github.com/apache/commons-text/issues/729). Thanks to 김민재 (minjas0507), Gary Gregory, Piotr Karwasz.
  

Changes

•        Bump org.apache.commons:commons-parent from 85 to 93 [#704](https://github.com/apache/commons-text/issues/704), [#723](https://github.com/apache/commons-text/issues/723), [#726](https://github.com/apache/commons-text/issues/726). Thanks to Gary Gregory.
  

•        Bump commons.bytebuddy.version from 1.17.6 to 1.18.2 [#696](https://github.com/apache/commons-text/issues/696), [#722](https://github.com/apache/commons-text/issues/722). Thanks to Gary Gregory.
  

•        Bump graalvm.version from 24.2.2 to 25.0.1 [#703](https://github.com/apache/commons-text/issues/703), [#716](https://github.com/apache/commons-text/issues/716). Thanks to Gary Gregory, Dependabot.
  

•        Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0. Thanks to Gary Gregory.
  

•        Bump commons-io:commons-io from 2.20.0 to 2.21.0. Thanks to Gary Gregory.
  

Historical list of changes: https://commons.apache.org/proper/commons-text/changes.html

For complete information on Apache Commons Text, including instructions on how to submit bug reports, patches, or suggestions for improvement, see the Apache Commons Text website:

https://commons.apache.org/proper/commons-text

Download page: https://commons.apache.org/proper/commons-text/download_text.cgi

... (truncated)

Commits

• 04e9374 Prepare for the release candidate 1.15.0 RC1
• 502c4c4 Prepare for the next release candidate
• c6e17ec Use direct access
• 58e1e12 Simplify XML FSP (#731)
• b5052c9 Bump actions/setup-java from 5.0.0 to 5.1.0
• 2e2d4bc Revert "Bump actions/setup-java from 5.0.0 to 5.1.0"
• b0ddbd1 Bump actions/setup-java from 5.0.0 to 5.1.0
• 1c2d382 Add tests with external DTD
• ed3df4b Internal clean up
• bb508f3 Bump actions/checkout from 6.0.0 to 6.0.1
• Additional commits viewable in compare view

Updates org.junit:junit-bom from 5.13.4 to 6.0.1

Release notes

Sourced from org.junit:junit-bom's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

... (truncated)

Commits

• d774b9c Release 6.0.1 (second attempt)
• 8178545 Mark module as deprecated for removal
• 7b43fcc Back to snapshots for further development
• a5ef746 Release 6.0.1
• 008be8d Finalize 5.14.1 release notes
• b2c55a8 Finalize 6.0.1 release notes
• 866c01a Add note about duplicate test execution with @​Suite (#5080)
• de88e88 Fix broken links in documentation
• 9dd132d Add Valhalla EA to workflow matrix
• fedda88 Make jdk.jfr import optional in OSGi manifest (#5092)
• Additional commits viewable in compare view

Updates org.junit.platform:junit-platform-suite from 1.13.4 to 6.0.1

Release notes

Sourced from org.junit.platform:junit-platform-suite's releases.

JUnit 6.0.1 = Platform 6.0.1 + Jupiter 6.0.1 + Vintage 6.0.1

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0...r6.0.1

JUnit 6.0.0 = Platform 6.0.0 + Jupiter 6.0.0 + Vintage 6.0.0

See Release Notes.

New Contributors

• @​2897robo made their first contribution in junit-team/junit-framework#4525
• @​strangelookingnerd made their first contribution in junit-team/junit-framework#4683
• @​eric6iese made their first contribution in junit-team/junit-framework#4717
• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823
• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r5.14.0...r6.0.0

JUnit 6.0.0-RC3 = Platform 6.0.0-RC3 + Jupiter 6.0.0-RC3 + Vintage 6.0.0-RC3

See Release Notes.

New Contributors

• @​mehulimukherjee made their first contribution in junit-team/junit-framework#4913
• @​lslonina made their first contribution in junit-team/junit-framework#4629

Full Changelog: junit-team/junit-framework@r6.0.0-RC2...r6.0.0-RC3

JUnit 6.0.0-RC2 = Platform 6.0.0-RC2 + Jupiter 6.0.0-RC2 + Vintage 6.0.0-RC2

See Release Notes.

Full Changelog: junit-team/junit-framework@r6.0.0-RC1...r6.0.0-RC2

JUnit 6.0.0-RC1 = Platform 6.0.0-RC1 + Jupiter 6.0.0-RC1 + Vintage 6.0.0-RC1

See Release Notes.

New Contributors

• @​raccoonback made their first contribution in junit-team/junit-framework#4822
• @​currenjin made their first contribution in junit-team/junit-framework#4823

Full Changelog: junit-team/junit-framework@r6.0.0-M2...r6.0.0-RC1

JUnit 6.0.0-M2 = Platform 6.0.0-M2 + Jupiter 6.0.0-M2 + Vintage 6.0.0-M2

See Release Notes.

... (truncated)

Commits

• See full diff in compare view

Updates org.liquibase:liquibase-core from 4.33.0 to 5.0.1

Release notes

Sourced from org.liquibase:liquibase-core's releases.

Liquibase v5.0.1

Liquibase Community 5.0.1 is a minor patch release

See the Liquibase Community 5.0.1 Release Notes for the complete set of release information.

IMPORTANT

As of Liquibase 5.0, the Community releases on GitHub no longer include Pro/Secure features and do not support Liquibase Secure license keys. Liquibase Pro and Secure customers should download their releases from liquibase.com/download-secure.

Additional Information

License corrections for Maven

The license block for Maven users has been corrected to use the Functional Source License (FSL).

• Name: Functional Source License, Version 1.1, ALv2 Future License
• URL: https://fsl.software/FSL-1.1-ALv2.template.md

Changelog

-[(#7350) Update licensing and documentation for OSS distribution](liquibase/liquibase#7350) by @​filipelautert

Full Changelog: v5.0.0...v5.0.1

Liquibase v5.0.0

Liquibase Community 5.0 is a major release

See the Liquibase Community 5.0 Release Notes for the complete set of release information.

⚠️ MAJOR CHANGES IN COMMUNITY AND COMMERCIAL DISTRIBUTIONS

Liquibase is evolving to better serve both open-source contributors and enterprise customers by introducing a clearer separation between its open source Community and the commercial Secure offering. This change is designed to ensure that each distribution is optimized for its respective users: providing open-source Community users with flexibility and control, while delivering scalability, reliability, and governance for Secure enterprise teams. The changes provide Liquibase Secure customers:

• Developer Productivity. Enable developers with autonomy and guardrails built directly into their daily workflow.
• Secure Automation. Embed governance, security, and compliance into every change automatically.
• Change Insights. Deliver audit-ready visibility so every change is trusted, explainable, and observable.

The new structure enables Liquibase to more effectively support developers at all stages—from experimentation and community collaboration to mission-critical deployments. Therefore, starting with this Liquibase 5.0 release, only the open source Community distribution is available at the traditional Github, Docker, and Maven access channels.

If you need the Secure commercial offering, please visit Liquibase.com

• Learn more Liquibase 5.0

Liquibase Community Licensing Change

Additionally, Liquibase Community is now licensed under the Functional Source License (FSL). See LICENSE file at the root of the distribution for details. Starting with Liquibase 5.0, contributors will be asked to sign a one-time Contributor License Agreement (CLA). This is handled automatically by CLA Assistant when you open your first pull request.

Liquibase 5.0 Community Release Notable Changes

Liquibase Package Manager (LPM) integrated to enable users to install, update, and manage their dependencies

• The open source Liquibase Community 5.0 ships without extensions, drivers, and many other packages and dependencies. This change provides a much lighter, modular, and customizable Liquibase experience for Community users. Importantly, this flexibility both allows and requires users to manage their Liquibase dependencies for their specific needs.
• Liquibase Package Manager is now integrated and available for use directly from within the Community CLI experience with a new liquibase lpm command as the preferred method for managing dependencies.
• Learn more at the LPM README

Liquibase Community 5.0+ ships with the Functional Source License (FSL)

• "The Functional Source License (FSL) is a Fair Source license that converts to Apache 2.0 or MIT after two years. It is designed for SaaS companies that value both user freedom and developer sustainability. FSL provides everything a developer needs to use and learn from your software without harmful free-riding."

... (truncated)

Changelog

Sourced from org.liquibase:liquibase-core's changelog.

Liquibase Community 5.0.1 is a minor patch release

See the Liquibase Community 5.0.1 Release Notes for the complete set of release information.

License corrections for Maven

The license block for Maven users has been corrected to use the Functional Source License (FSL).

• Name: Functional Source License, Version 1.1, ALv2 Future License
• URL: https://fsl.software/FSL-1.1-ALv2.template.md

Changelog

-(#7350) Update licensing and documentation for Community distribution by @​filipelautert

Changes in version 5.0.0 (2025.09.30)

Liquibase Community 5.0 is a major release

See the Liquibase Community 5.0 Release Notes for the complete set of release information.

MAJOR CHANGES IN COMMUNITY AND COMMERCIAL DISTRIBUTIONS

Liquibase is evolving to better serve both open-source contributors and enterprise customers by introducing a clearer separation between its Community and the commercial Secure offering. This change is designed to ensure that each distribution is optimized for its respective users: providing Community users with flexibility and control, while delivering scalability, reliability, and governance for Secure enterprise teams. The changes provide Liquibase Secure customers:

• Developer Productivity. Enable developers with autonomy and guardrails built directly into their daily workflow.
• Secure Automation. Embed governance, security, and compliance into every change automatically.
• Change Insights. Deliver audit-ready visibility so every change is trusted, explainable, and observable.

The new structure enables Liquibase to more effectively support developers at all stages—from experimentation and community collaboration to mission-critical deployments. Therefore, starting with this Liquibase 5.0 release, only the Community distribution is available at the traditional Github, Docker, and Maven access channels. If you need the Secure commercial offering, please visit Liquibase.com

• Learn more Liquibase 5.0

Liquibase Community Licensing Change

Additionally, Liquibase Community is now licensed under the Functional Source License (FSL). See LICENSE file at the root of the distribution for details. Starting with Liquibase 5.0, contributors will be asked to sign a one-time Contributor License Agreement (CLA). This is handled automatically by CLA Assistant when you open your first pull request.

Liquibase 5.0 Community Release Notable Changes

Liquibase Package Manager (LPM) integrated to enable users to install, update, and manage their dependencies

• Liquibase Community 5.0 ships without extensions, drivers, and many other packages and dependencies. This change provides a much lighter, modular, and customizable Liquibase experience for Community users. Importantly, this flexibility both allows and requires users to manage their Liquibase dependencies for their specific needs.
• Liquibase Package Manager is now integrated and available for use directly from within the Community CLI experience with a new liquibase lpm command as the preferred method for managing dependencies.
• Learn more at the LPM README

Liquibase Community 5.0+ ships with the Functional Source License (FSL)

• "The Functional Source License (FSL) is a Fair Source license that converts to Apache 2.0 or MIT after two years. It is designed for SaaS companies that value both user freedom and developer sustainability. FSL provides everything a developer needs to use and learn from your software without harmful free-riding."
• Learn more at https://fsl.software/

SnowFlake JDBC Driver CVE Fix

• Liquibase 5.0 patches a vulnerability found in Snowflake JDBC driver (CVE-2025-24789) and resolves issue with logicalfilepath reported in 4.31.0. Note: Neither Community nor the commercial Secure products were affected by this CVE.

Java 8 and Java 11 support is deprecated

• The minimal Java dependency for Liquibase 5.0+ is Java 17. This update enables Liquiabase to build, test, and ship with modern and more secure dependencies.

ValueDate Checksum bug fix

... (truncated)

Commits

• 06b9ef9 Update changelog for version 5.0.1 release
• 3bb6b5a Update changelog for Liquibase Community 5.0.1 release and correct Maven lice...
• 3247cb1 Update license names in POM files to reflect FSL-1.1-ALv2 using SPDIX format
• 788da81 Update license information in README to reflect Functional Source License
• 5ec0f6d Handle spaces in the Java version check
• db577f4 DAT-20879 (#7351)
• c5fbb43 Update licensing and documentation for OSS distribution (#7350)
• bcd8e5b chore: update LICENSE to Functional Source License, Version 1.1
• 4386ac1 DAT-20868 DevOps :: OSS: failure on javadocs and xsds (#7315)
• d6e2ccb Update readme with license information (#7308)
• Additional commits viewable in