Merge branch '3.x' into 3.x-jakarta-ee10

Author: rgcv

.github/dependabot.yml

@@ -16,22 +16,13 @@
 # under the License.
 
 version: 2
-# Add Maven Central explicitly to work around:
-#   https://github.com/dependabot/dependabot-core/issues/8329
-registries:
-  maven-central:
-    type: maven-repository
-    url: https://repo.maven.apache.org/maven2
-
 updates:
   # Dependencies for Maven
   - package-ecosystem: 'maven'
     directory: '/'
     schedule:
       interval: 'daily'
     open-pull-requests-limit: 50
-    registries:
-      - maven-central
     ignore:
       - dependency-name: "jakarta.platform:*"
         update-types: [ "version-update:semver-major" ]
@@ -82,8 +73,6 @@ updates:
     schedule:
       interval: 'daily'
     open-pull-requests-limit: 50
-    registries:
-      - maven-central
     ignore:
       - dependency-name: "jakarta.servlet.*:*"
         update-types: [ "version-update:semver-major" ]

.github/workflows/codeql.yml

@@ -60,18 +60,18 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Cache local Maven repository
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 #v4.0.2
+        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 #v4.2.3
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -81,11 +81,9 @@ jobs:
           # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # queries: security-extended,security-and-quality
 
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+      - run: |
+          echo "Run, Build Application using script"
+          ./mvnw package -DskipTests -Dmaven.build.cache.enabled=false
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -98,6 +96,6 @@ jobs:
       #     ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/maven.yml

@@ -33,20 +33,20 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up JDK
-        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           java-version: 17
           distribution: temurin
 
       - name: License Check
-        run: mvn apache-rat:check "-Drat.consoleOutput"
+        run: ./mvnw apache-rat:check "-Drat.consoleOutput"
 
       - name: Build with Maven
         run: >-
-          mvn verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs
+          ./mvnw verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs
           -Dgh_user=${{ github.actor }} -Dgh_token=${{ secrets.GITHUB_TOKEN }}
 
   build-all:
@@ -55,7 +55,7 @@ jobs:
     strategy:
       matrix:
         os: [ 'ubuntu-latest', 'windows-latest', 'macOS-latest' ]
-        jdk: [ 11, 17, 21, 22 ]
+        jdk: [ 11, 17, 21, 23 ]
         dist: [ 'temurin', 'adopt-openj9', 'zulu' ]
         exclude:
           # was already built
@@ -71,37 +71,37 @@ jobs:
           # no OpenJ9 21
           - dist: adopt-openj9
             jdk: 21
-          # no OpenJ9 22
+          # no OpenJ9 23
           - dist: adopt-openj9
-            jdk: 22
+            jdk: 23
       fail-fast: false
 
     runs-on: ${{ matrix.os }}
 
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up JDK
-        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           java-version: ${{ matrix.jdk }}
           distribution: ${{ matrix.dist }}
 
       - name: Build with Maven (Linux)
         if: matrix.os == 'ubuntu-latest' && matrix.jdk <= 17
         run: >-
-          mvn verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs
+          ./mvnw verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs
           -Dgh_user=${{ github.actor }} -Dgh_token=${{ secrets.GITHUB_TOKEN }}
 
       - name: Build with Maven (non-Linux or JDK > 17)
         if: matrix.os != 'ubuntu-latest' || matrix.jdk > 17
         run: >-
-          mvn verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs
+          ./mvnw verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs
           -Pskip_jakarta_ee_tests
 
       - name: Archive test run logs
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         if: always()
         with:
           name: test-logs-${{ matrix.os }}-${{ matrix.jdk }}-${{ matrix.dist }}

.github/workflows/scorecards.yml

@@ -42,12 +42,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # tag=v3.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v3.0.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 #tag=2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 #tag=2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -66,14 +66,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # tag=v4.4.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # tag=v4.6.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 #tag=v2
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 #tag=v2
         with:
           sarif_file: results.sarif

.github/workflows/stale.yml

@@ -38,3 +38,5 @@ jobs:
         with:
           # default is 60
           days-before-stale: 90
+          exempt-issue-labels: valid
+          exempt-pr-labels: valid

.jenkins.groovy

@@ -36,7 +36,7 @@ pipeline {
                     axis {
                         // https://cwiki.apache.org/confluence/display/INFRA/JDK+Installation+Matrix
                         name 'MATRIX_JDK'
-                        values 'jdk_11_latest', 'jdk_17_latest', 'jdk_21_latest', 'jdk_22_latest'
+                        values 'jdk_11_latest', 'jdk_17_latest', 'jdk_21_latest', 'jdk_23_latest'
                     }
                     // Additional axes, like OS and maven version can be configured here.
                 }
@@ -86,14 +86,14 @@ pipeline {
                     stage('License check') {
                         steps {
                             echo 'License check'
-                            sh 'mvn --batch-mode -Drat.consoleOutput=true apache-rat:check'
+                            sh './mvnw --batch-mode -Drat.consoleOutput=true apache-rat:check'
                         }
                     }
 
                     stage('Build') {
                         steps {
                             echo 'Building'
-                            sh 'mvn clean verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs \
+                            sh './mvnw clean verify --show-version --errors --batch-mode --no-transfer-progress -Pdocs \
                             -Dmaven.test.failure.ignore=true -Pskip_jakarta_ee_tests'
                         }
                         post {
@@ -116,7 +116,7 @@ pipeline {
                         }
                         steps {
                             echo 'Deploying'
-                            sh 'mvn --batch-mode clean deploy -Pdocs -DskipTests -DskipITs'
+                            sh './mvnw --batch-mode clean deploy -Pdocs -DskipTests -DskipITs'
                         }
                     }
 

.jenkins_maven_args

@@ -0,0 +1 @@
+-Dmaven.compiler.release=11

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+wrapperVersion=3.3.2
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip

README.md

@@ -2,7 +2,7 @@
 
 [![Maven Central](https://img.shields.io/maven-central/v/org.apache.shiro/shiro-core)](https://central.sonatype.com/artifact/org.apache.shiro/shiro-core/)
 [![Build Status](https://ci-builds.apache.org/buildStatus/icon?job=Shiro%2FShiro-all%2Fmain)](https://ci-builds.apache.org/job/Shiro/job/Shiro-all/job/main/)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/apache/shiro/badge)](https://api.securityscorecards.dev/projects/github.com/apache/shiro)
+[![OpenSSF Scorecard](https://img.shields.io/ossf-scorecard/github.com/apache/shiro?style=plastic&label=openssf%20scorecard)](https://deps.dev/project/github/apache%2Fshiro)
 [![Reproducible Builds](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/jvm-repo-rebuild/reproducible-central/master/content/org/apache/shiro/badge.json)](https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/shiro/README.md)
 
 Apache Shiro

core/src/main/java/org/apache/shiro/authc/credential/CredentialsMatcher.java

@@ -33,8 +33,6 @@
  *
  * @see SimpleCredentialsMatcher
  * @see AllowAllCredentialsMatcher
- * @see Md5CredentialsMatcher
- * @see Sha1CredentialsMatcher
  * @since 0.1
  */
 public interface CredentialsMatcher {