docs/3.0.0-SNAPSHOT/release-notes.html - archiva-web-content - Git at Google

 <!DOCTYPE html>


 <!--
  | Generated by Apache Maven Doxia Site Renderer 1.11.1 from src/site/apt/release-notes.apt.vm
  | Rendered using Apache Maven Fluido Skin 1.11.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
     <title>Archiva Documentation &#x2013; Release Notes for Archiva 3.0.0-SNAPSHOT</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.11.0.min.css" />
     <link rel="stylesheet" href="./css/site.css" />
     <link rel="stylesheet" href="./css/print.css" media="print" />
     <script src="./js/apache-maven-fluido-1.11.0.min.js"></script>
     <!-- Google Analytics -->
     <script>
       (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
             m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
       })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
       ga('create', 'UA-140879-5', 'auto');
       ga('send', 'pageview');
       ga('set', 'anonymizeIp', true);
       ga('set', 'forceSSL', true);
     </script>

     <!-- Matomo -->
     <script>
         var _paq = window._paq = window._paq || [];
                 _paq.push(['disableCookies']);
                     _paq.push(['trackPageView']);
                     _paq.push(['enableLinkTracking']);

         (function() {
             var u="https://analytics.apache.org";
             _paq.push(['setTrackerUrl', u+'/matomo.php']);
             _paq.push(['setSiteId', '10']);
             var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
             g.async=true; g.src=u+'/matomo.js'; s.parentNode.insertBefore(g,s);
         })();
     </script>
     <!-- End Matomo Code -->
   </head>
   <body class="topBarDisabled">
     <a href="https://github.com/apache/archiva">
       <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
         src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
         alt="Fork me on GitHub">
     </a>
     <div class="container-fluid">
       <header>
         <div id="banner">
           <div class="pull-left"><a href="http://archiva.apache.org/" id="bannerLeft"><img src="http://archiva.apache.org/images/archiva.png"  alt="Apache Archiva" style="" /></a></div>
           <div class="pull-right"><a href="https://www.apache.org/" id="bannerRight"><img src="https://www.apache.org/images/asf_logo_wide_2016.png"  alt="Apache Software Foundation" style="" /></a></div>
           <div class="clear"><hr/></div>
         </div>

         <div id="breadcrumbs">
           <ul class="breadcrumb">
       <li class=""><a href="https://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
       <li class=""><a href="../../index.html" title="Archiva">Archiva</a><span class="divider">/</span></li>
       <li class=""><a href="index.html" title="Archiva Documentation">Archiva Documentation</a><span class="divider">/</span></li>
     <li class="active ">Release Notes for Archiva 3.0.0-SNAPSHOT</li>
         <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2022-07-25</li>
           <li id="projectVersion" class="pull-right">Version: 3.0.0-SNAPSHOT</li>
           </ul>
         </div>
       </header>
       <div class="row-fluid">
         <header id="leftColumn" class="span2">
           <nav class="well sidebar-nav">
   <ul class="nav nav-list">
    <li class="nav-header">Introduction</li>
     <li><a href="quick-start.html" title="Quick Start"><span class="none"></span>Quick Start</a></li>
     <li><a href="tour/index.html" title="Feature Tour"><span class="none"></span>Feature Tour</a></li>
     <li class="active"><a><span class="none"></span>Release Notes</a></li>
     <li><a href="../../download.html" title="Downloads"><span class="none"></span>Downloads</a></li>
    <li class="nav-header">Users Guide</li>
     <li><a href="userguide/browsing.html" title="Browsing"><span class="none"></span>Browsing</a></li>
     <li><a href="userguide/searching.html" title="Searching"><span class="none"></span>Searching</a></li>
     <li><a href="userguide/delete-artifact.html" title="Deleting an Artifact"><span class="none"></span>Deleting an Artifact</a></li>
     <li><a href="userguide/using-repository.html" title="Using as a repository"><span class="none"></span>Using as a repository</a></li>
     <li><a href="userguide/deploy.html" title="Deploying to repository"><span class="none"></span>Deploying to repository</a></li>
     <li><a href="userguide/virtual-repositories.html" title="Configuring Virtual Repositories"><span class="none"></span>Configuring Virtual Repositories</a></li>
     <li><a href="userguide/rss.html" title="Rss Feeds in Archiva"><span class="none"></span>Rss Feeds in Archiva</a></li>
     <li><a href="userguide/querying-artifacts.html" title="Querying Artifacts"><span class="none"></span>Querying Artifacts</a></li>
    <li class="nav-header">Administrators Guide</li>
     <li><a href="adminguide/installing.html" title="Installing Archiva"><span class="icon-chevron-right"></span>Installing Archiva</a></li>
     <li><a href="adminguide/databases.html" title="Databases"><span class="none"></span>Databases</a></li>
     <li><a href="adminguide/repositories-content-storage.html" title="Repositories Content Storage"><span class="none"></span>Repositories Content Storage</a></li>
     <li><a href="adminguide/security.html" title="Security"><span class="icon-chevron-right"></span>Security</a></li>
     <li><a href="adminguide/configuration.html" title="Archiva Configuration"><span class="icon-chevron-right"></span>Archiva Configuration</a></li>
     <li><a href="adminguide/webservices/rest.html" title="REST Apis"><span class="none"></span>REST Apis</a></li>
     <li><a href="adminguide/configuration-files.html" title="Configuration Files"><span class="none"></span>Configuration Files</a></li>
     <li><a href="adminguide/system-status.html" title="System Status"><span class="none"></span>System Status</a></li>
     <li><a href="adminguide/logging.html" title="Log Files"><span class="icon-chevron-right"></span>Log Files</a></li>
     <li><a href="adminguide/reports.html" title="Reports"><span class="none"></span>Reports</a></li>
    <li class="nav-header">Customising Archiva</li>
     <li><a href="customising/writing-consumer.html" title="Writing a Consumer Plugin"><span class="none"></span>Writing a Consumer Plugin</a></li>
    <li class="nav-header">More Information</li>
     <li><a href="https://cwiki.apache.org/confluence/display/ARCHIVA/Index" class="externalLink" title="Archiva Wiki"><span class="none"></span>Archiva Wiki</a></li>
    <li class="nav-header">ASF</li>
     <li><a href="https://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How Apache Works"><span class="none"></span>How Apache Works</a></li>
     <li><a href="https://www.apache.org/foundation/" class="externalLink" title="Foundation"><span class="none"></span>Foundation</a></li>
     <li><a href="https://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsoring Apache"><span class="none"></span>Sponsoring Apache</a></li>
     <li><a href="https://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"><span class="none"></span>Thanks</a></li>
    <li class="nav-header">Project Documentation</li>
     <li><a href="project-info.html" title="Project Information"><span class="icon-chevron-right"></span>Project Information</a></li>
   </ul>
           </nav>
           <div class="well sidebar-nav">
 <form id="search-form" action="https://www.google.com/search" method="get" >
   <input value="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/" name="sitesearch" type="hidden"/>
   <input class="search-query" name="q" id="query" type="text" />
 </form>
 <script>asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
             <div id="poweredBy">
               <div class="clear"></div>
     <div id="twitter" style="border:none; margin-top: 10px">
     <a href="https://twitter.com/archiva" class="twitter-follow-button" data-show-count="false" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow archiva</a>
     <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
     </div>
               <div class="clear"></div>
               <div class="clear"></div>
 <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /></a>
             </div>
           </div>
         </header>
         <main id="bodyColumn"  class="span10" >
 <section>
 <h2><a name="Release_Notes_for_Archiva_3.0.0-SNAPSHOT"></a>Release Notes for Archiva 3.0.0-SNAPSHOT</h2>
 <p>The Apache Archiva team is pleased to announce the release of Archiva 3.0.0-SNAPSHOT. Archiva is <a class="externalLink" href="http://archiva.apache.org/download.html"> available for download from the web site</a>.</p>
 <p>Archiva is an application for managing one or more remote repositories, including administration, artifact handling, browsing and searching.</p>
 <p>If you have any questions, please consult:</p>
 <ul>
 <li>the web site: <a class="externalLink" href="http://archiva.apache.org/">http://archiva.apache.org/</a></li>
 <li>the archiva-user mailing list: <a class="externalLink" href="http://archiva.apache.org/mailing-lists.html">http://archiva.apache.org/mailing-lists.html</a></li></ul><section>
 <h3><a name="New_in_Archiva_3.0.0-SNAPSHOT"></a>New in Archiva 3.0.0-SNAPSHOT</h3>
 <p>Apache Archiva 3.0.0-SNAPSHOT is a security fix release:</p><section>
 <h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
 <ul>
 <li>There are no compatibility changes</li></ul></section><section>
 <h4><a name="New_Feature"></a>New Feature</h4>
 <ul>
 <li>There are no new features in this release.</li></ul></section><section>
 <h4><a name="Improvements"></a>Improvements</h4>
 <ul>
 <li>There are no improvements</li></ul></section><section>
 <h4><a name="Bug.2FSecurity_Fix"></a>Bug/Security Fix</h4>
 <ul>
 <li>CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability</li></ul></section></section></section><section>
 <h2><a name="Previous_Release_Notes"></a>Previous Release Notes</h2><section>
 <h3><a name="Release_Notes_for_Archiva_2.2.7"></a>Release Notes for Archiva 2.2.7</h3>
 <p>Apache Archiva 2.2.7 is a security fix release:</p>
 <p>Released: 2022-12-22</p><section>
 <h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
 <ul>
 <li>[MRM-2021] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact which allows to change the behaviour for v=LATEST search.</li></ul></section><section>
 <h4><a name="New_Feature"></a>New Feature</h4>
 <ul>
 <li>There are no new features in this release.</li></ul></section><section>
 <h4><a name="Improvements"></a>Improvements</h4>
 <ul>
 <li>There are no improvements</li></ul></section><section>
 <h4><a name="Bug.2FSecurity_Fix"></a>Bug/Security Fix</h4>
 <ul>
 <li>[MRM-2027] Update of the log4j2 version to 2.17.0</li>
 <li>[MRM-2020] Fixed the behaviour of the startup script, if ARCHIVA_BASE is set (separating installation and data directory)</li>
 <li>[MRM-2022] Fixed the handling of X-XSRF-TOKEN header in Javascript calls</li></ul></section></section><section>
 <h3><a name="Release_Notes_for_Archiva_2.2.6"></a>Release Notes for Archiva 2.2.6</h3>
 <p>Apache Archiva 2.2.6 is a security fix release:</p>
 <p>Released: 2021-12-15</p><section>
 <h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
 <ul>
 <li>No API changes or known side effects.</li></ul></section><section>
 <h4><a name="New_Feature"></a>New Feature</h4>
 <ul>
 <li>There are no new features in this release.</li></ul></section><section>
 <h4><a name="Improvements"></a>Improvements</h4>
 <ul>
 <li>There are no improvements</li></ul></section><section>
 <h4><a name="Bug.2FSecurity_Fix"></a>Bug/Security Fix</h4>
 <ul>
 <li>Update of the log4j2 version to mitigate the log4j2 vulnerability (CVE-2021-44228)</li>
 <li>Deactivated directory listings by the file servlet</li></ul></section></section><section>
 <h3><a name="Release_Notes_for_Archiva_2.2.5"></a>Release Notes for Archiva 2.2.5</h3>
 <p>Apache Archiva 2.2.5 is a bug fix release:</p>
 <p>Released: 2020-06-19</p><section>
 <h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
 <ul>
 <li>No API changes or known side effects.</li></ul></section><section>
 <h4><a name="New_Feature"></a>New Feature</h4>
 <ul>
 <li>There are no new features in this release.</li></ul></section><section>
 <h4><a name="Improvements"></a>Improvements</h4>
 <ul>
 <li>There are no improvements</li></ul></section><section>
 <h4><a name="Bug_Fix"></a>Bug Fix</h4>
 <ul>
 <li>[MRM-2008] Fix for group names with slashes</li>
 <li>Better handling of LDAP filter </li></ul></section></section><section>
 <h3><a name="Release_Notes_for_Archiva_2.2.4"></a>Release Notes for Archiva 2.2.4</h3>
 <p>Apache Archiva 2.2.4 is a bug fix release:</p>
 <ul>
 <li>Fixes for handling of artifacts</li>
 <li>Improved validation of REST calls</li></ul><section>
 <h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
 <p>No API changes or known side effects.</p>
 <p>Released: 2019-04-30</p></section><section>
 <h4><a name="New_Feature"></a>New Feature</h4>
 <ul>
 <li>There are no new features in this release.</li></ul></section><section>
 <h4><a name="Improvements"></a>Improvements</h4>
 <ul>
 <li>Adding additional validation to REST service calls for artifact upload</li></ul></section><section>
 <h4><a name="Bug_Fix"></a>Bug Fix</h4>
 <ul>
 <li>[MRM-1972] Stored XSS in Web UI Organization Name</li>
 <li>[MRM-1966] Repository-purge not working</li>
 <li>[MRM-1958] Purge by retention count deletes files but leaves history on website.</li>
 <li>[MRM-1929] Repository purge is not reflected in index</li></ul></section></section><section>
 <h3><a name="Release_Notes_for_Archiva_2.2.3"></a>Release Notes for Archiva 2.2.3</h3><section>
 <h4><a name="New_in_Archiva_2.2.3"></a>New in Archiva 2.2.3</h4>
 <p>Apache Archiva 2.2.3 is a bug fix release: &gt;&gt;&gt;&gt;&gt;&gt;&gt; Stashed changes</p>
 <ul>
 <li>Some fixes for the REST API were added to detect requests from unknown origin</li>
 <li>Some bugfixes were added</li></ul></section></section><section>
 <h3><a name="Compatibility_Changes"></a>Compatibility Changes</h3>
 <ul>
 <li>The REST services are now checking for the origin of the requests by analysing Origin and Referer header of the HTTP requests and adding an validation token to the Header. This prevents requests from malicious sites if they are open in the same browser. If you use the REST services from other clients you may change the behaviour with the new configuration properties for the redback security (<code>rest.csrffilter.*</code>, <code>rest.baseUrl</code>). For more information see <a href="./adminguide/customising-security.html">Archiva Security Configuration</a> and the <a href="/redback/integration/rest.html">Redback REST documentation </a>.
 <p><b>Note:</b> If your archiva installation is behind a reverse proxy or load balancer, it may be possible that the Archiva Web UI does not load after the upgrade. If this is the case you may access the WebUI via localhost or edit archiva.xml manually. In the &quot;Redback Runtime Configuration&quot; properties you have to enter the base URLs of your archiva installation to the <code>rest.baseUrl</code> field.</p></li>
 <li>Archiva uses redback for authentication and authorization in version 2.6</li></ul></section><section>
 <h3><a name="Release_Notes"></a>Release Notes</h3>
 <p>The Archiva 3.0.0-SNAPSHOT features set can be seen in the <a href="./tour/index.html"> feature tour</a>.</p></section><section>
 <h3><a name="Changes_in_Archiva_3.0.0-SNAPSHOT"></a>Changes in Archiva 3.0.0-SNAPSHOT</h3>
 <p>Released: <b>2022-07-25</b></p><section>
 <h4><a name="New_Feature"></a>New Feature</h4></section><section>
 <h4><a name="Improvement"></a>Improvement</h4>
 <ul>
 <li>[MRM-1925] - Make User-Agent header configurable for HTTP requests</li>
 <li>[MRM-1861], [MRM-1924] - Increasing timeouts for repository check</li>
 <li>[MRM-1937] - Prevent creating initial admin user with wrong name.</li>
 <li>Adding origin header validation checks for REST requests</li></ul></section><section>
 <h4><a name="Bugs_fixed"></a>Bugs fixed</h4>
 <ul>
 <li>[MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact</li>
 <li>[MRM-1874] - Login Dialog triggers multiple events (+messages)</li>
 <li>[MRM-1908] - Logged on users can write any repository</li>
 <li>[MRM-1909] - Remote repository check fails for https://repo.maven.apache.org/maven2</li>
 <li>[MRM-1923] - Fixing bind issue with certain ldap servers, when user not found</li>
 <li>[MRM-1926] - Invalid checksum files in Archiva repository after download from remote repository</li>
 <li>[MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse proxy</li>
 <li>[MRM-1933] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError</li>
 <li>[MRM-1940] - Slashes appended to remote repo url</li></ul></section><section>
 <h4><a name="Task"></a>Task</h4></section></section><section>
 <h3><a name="History"></a>History</h3>
 <p>Archiva was started in November 2005, building a simple framework on top of some existing repository conversion tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing. From January 2006 a web application was started to visualise the information and to start incorporating functionality from the unmaintained maven-proxy project.</p>
 <p>Development continued through many stops and starts. Initial versions of Archiva were built from source by contributors, and the first alpha version was not released until April 2007. Some significant changes were made to improve performance and functionality in June 2007 and over the next 6 months and a series of alpha and beta releases, a concerted effort was made to release the 1.0 version.</p>
 <p>Archiva became an Apache &quot;top level project&quot; in March 2008.</p></section></section>
         </main>
       </div>
     </div>
     <hr/>
     <footer>
       <div class="container-fluid">
         <div class="row-fluid">
 <div class="row">
       <div class="span6 offset1">Apache Archiva, Archiva, Apache, the Apache feather logo, and the Apache Archiva project logos are trademarks of The Apache Software Foundation.</div>
       </div>
       <div class="row">
         &nbsp;
       </div>
       <div class="row">
       <div class="span6 offset2">
       <p>
         <a href="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/privacy-policy.html">Privacy Policy</a>
         </p>
       </div>
       </div>
         </div>
       </div>
     </footer>
 <script>
 	if(anchors) {
 	  anchors.add();
 	}
 </script>
   </body>
 </html>
	<!DOCTYPE html>


	<!--
	\| Generated by Apache Maven Doxia Site Renderer 1.11.1 from src/site/apt/release-notes.apt.vm
	\| Rendered using Apache Maven Fluido Skin 1.11.0
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
	<title>Archiva Documentation – Release Notes for Archiva 3.0.0-SNAPSHOT</title>
	<link rel="stylesheet" href="./css/apache-maven-fluido-1.11.0.min.css" />
	<link rel="stylesheet" href="./css/site.css" />
	<link rel="stylesheet" href="./css/print.css" media="print" />
	<script src="./js/apache-maven-fluido-1.11.0.min.js"></script>
	<!-- Google Analytics -->
	<script>
	(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]\|\|function(){
	(i[r].q=i[r].q\|\|[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
	m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
	})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
	ga('create', 'UA-140879-5', 'auto');
	ga('send', 'pageview');
	ga('set', 'anonymizeIp', true);
	ga('set', 'forceSSL', true);
	</script>

	<!-- Matomo -->
	<script>
	var _paq = window._paq = window._paq \|\| [];
	_paq.push(['disableCookies']);
	_paq.push(['trackPageView']);
	_paq.push(['enableLinkTracking']);

	(function() {
	var u="https://analytics.apache.org";
	_paq.push(['setTrackerUrl', u+'/matomo.php']);
	_paq.push(['setSiteId', '10']);
	var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
	g.async=true; g.src=u+'/matomo.js'; s.parentNode.insertBefore(g,s);
	})();
	</script>
	<!-- End Matomo Code -->
	</head>
	<body class="topBarDisabled">
	<a href="https://github.com/apache/archiva">
	<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
	src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
	alt="Fork me on GitHub">
	</a>
	<div class="container-fluid">
	<header>
	<div id="banner">
	<div class="pull-left"><a href="http://archiva.apache.org/" id="bannerLeft"><img src="http://archiva.apache.org/images/archiva.png" alt="Apache Archiva" style="" /></a></div>
	<div class="pull-right"><a href="https://www.apache.org/" id="bannerRight"><img src="https://www.apache.org/images/asf_logo_wide_2016.png" alt="Apache Software Foundation" style="" /></a></div>
	<div class="clear"><hr/></div>
	</div>

	<div id="breadcrumbs">
	<ul class="breadcrumb">
	<li class=""><a href="https://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
	<li class=""><a href="../../index.html" title="Archiva">Archiva</a><span class="divider">/</span></li>
	<li class=""><a href="index.html" title="Archiva Documentation">Archiva Documentation</a><span class="divider">/</span></li>
	<li class="active ">Release Notes for Archiva 3.0.0-SNAPSHOT</li>
	<li id="publishDate" class="pull-right"><span class="divider">\|</span> Last Published: 2022-07-25</li>
	<li id="projectVersion" class="pull-right">Version: 3.0.0-SNAPSHOT</li>
	</ul>
	</div>
	</header>
	<div class="row-fluid">
	<header id="leftColumn" class="span2">
	<nav class="well sidebar-nav">
	<ul class="nav nav-list">
	<li class="nav-header">Introduction</li>
	<li><a href="quick-start.html" title="Quick Start"><span class="none"></span>Quick Start</a></li>
	<li><a href="tour/index.html" title="Feature Tour"><span class="none"></span>Feature Tour</a></li>
	<li class="active"><a><span class="none"></span>Release Notes</a></li>
	<li><a href="../../download.html" title="Downloads"><span class="none"></span>Downloads</a></li>
	<li class="nav-header">Users Guide</li>
	<li><a href="userguide/browsing.html" title="Browsing"><span class="none"></span>Browsing</a></li>
	<li><a href="userguide/searching.html" title="Searching"><span class="none"></span>Searching</a></li>
	<li><a href="userguide/delete-artifact.html" title="Deleting an Artifact"><span class="none"></span>Deleting an Artifact</a></li>
	<li><a href="userguide/using-repository.html" title="Using as a repository"><span class="none"></span>Using as a repository</a></li>
	<li><a href="userguide/deploy.html" title="Deploying to repository"><span class="none"></span>Deploying to repository</a></li>
	<li><a href="userguide/virtual-repositories.html" title="Configuring Virtual Repositories"><span class="none"></span>Configuring Virtual Repositories</a></li>
	<li><a href="userguide/rss.html" title="Rss Feeds in Archiva"><span class="none"></span>Rss Feeds in Archiva</a></li>
	<li><a href="userguide/querying-artifacts.html" title="Querying Artifacts"><span class="none"></span>Querying Artifacts</a></li>
	<li class="nav-header">Administrators Guide</li>
	<li><a href="adminguide/installing.html" title="Installing Archiva"><span class="icon-chevron-right"></span>Installing Archiva</a></li>
	<li><a href="adminguide/databases.html" title="Databases"><span class="none"></span>Databases</a></li>
	<li><a href="adminguide/repositories-content-storage.html" title="Repositories Content Storage"><span class="none"></span>Repositories Content Storage</a></li>
	<li><a href="adminguide/security.html" title="Security"><span class="icon-chevron-right"></span>Security</a></li>
	<li><a href="adminguide/configuration.html" title="Archiva Configuration"><span class="icon-chevron-right"></span>Archiva Configuration</a></li>
	<li><a href="adminguide/webservices/rest.html" title="REST Apis"><span class="none"></span>REST Apis</a></li>
	<li><a href="adminguide/configuration-files.html" title="Configuration Files"><span class="none"></span>Configuration Files</a></li>
	<li><a href="adminguide/system-status.html" title="System Status"><span class="none"></span>System Status</a></li>
	<li><a href="adminguide/logging.html" title="Log Files"><span class="icon-chevron-right"></span>Log Files</a></li>
	<li><a href="adminguide/reports.html" title="Reports"><span class="none"></span>Reports</a></li>
	<li class="nav-header">Customising Archiva</li>
	<li><a href="customising/writing-consumer.html" title="Writing a Consumer Plugin"><span class="none"></span>Writing a Consumer Plugin</a></li>
	<li class="nav-header">More Information</li>
	<li><a href="https://cwiki.apache.org/confluence/display/ARCHIVA/Index" class="externalLink" title="Archiva Wiki"><span class="none"></span>Archiva Wiki</a></li>
	<li class="nav-header">ASF</li>
	<li><a href="https://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How Apache Works"><span class="none"></span>How Apache Works</a></li>
	<li><a href="https://www.apache.org/foundation/" class="externalLink" title="Foundation"><span class="none"></span>Foundation</a></li>
	<li><a href="https://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsoring Apache"><span class="none"></span>Sponsoring Apache</a></li>
	<li><a href="https://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"><span class="none"></span>Thanks</a></li>
	<li class="nav-header">Project Documentation</li>
	<li><a href="project-info.html" title="Project Information"><span class="icon-chevron-right"></span>Project Information</a></li>
	</ul>
	</nav>
	<div class="well sidebar-nav">
	<form id="search-form" action="https://www.google.com/search" method="get" >
	<input value="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/" name="sitesearch" type="hidden"/>
	<input class="search-query" name="q" id="query" type="text" />
	</form>
	<script>asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
	<div id="poweredBy">
	<div class="clear"></div>
	<div id="twitter" style="border:none; margin-top: 10px">
	<a href="https://twitter.com/archiva" class="twitter-follow-button" data-show-count="false" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow archiva</a>
	<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
	</div>
	<div class="clear"></div>
	<div class="clear"></div>
	<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /></a>
	</div>
	</div>
	</header>
	<main id="bodyColumn" class="span10" >
	<section>
	<h2><a name="Release_Notes_for_Archiva_3.0.0-SNAPSHOT"></a>Release Notes for Archiva 3.0.0-SNAPSHOT</h2>
	<p>The Apache Archiva team is pleased to announce the release of Archiva 3.0.0-SNAPSHOT. Archiva is <a class="externalLink" href="http://archiva.apache.org/download.html"> available for download from the web site</a>.</p>
	<p>Archiva is an application for managing one or more remote repositories, including administration, artifact handling, browsing and searching.</p>
	<p>If you have any questions, please consult:</p>
	<ul>
	<li>the web site: <a class="externalLink" href="http://archiva.apache.org/">http://archiva.apache.org/</a></li>
	<li>the archiva-user mailing list: <a class="externalLink" href="http://archiva.apache.org/mailing-lists.html">http://archiva.apache.org/mailing-lists.html</a></li></ul><section>
	<h3><a name="New_in_Archiva_3.0.0-SNAPSHOT"></a>New in Archiva 3.0.0-SNAPSHOT</h3>
	<p>Apache Archiva 3.0.0-SNAPSHOT is a security fix release:</p><section>
	<h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
	<ul>
	<li>There are no compatibility changes</li></ul></section><section>
	<h4><a name="New_Feature"></a>New Feature</h4>
	<ul>
	<li>There are no new features in this release.</li></ul></section><section>
	<h4><a name="Improvements"></a>Improvements</h4>
	<ul>
	<li>There are no improvements</li></ul></section><section>
	<h4><a name="Bug.2FSecurity_Fix"></a>Bug/Security Fix</h4>
	<ul>
	<li>CVE-2022-29405 Apache Archiva Arbitrary user password reset vulnerability</li></ul></section></section></section><section>
	<h2><a name="Previous_Release_Notes"></a>Previous Release Notes</h2><section>
	<h3><a name="Release_Notes_for_Archiva_2.2.7"></a>Release Notes for Archiva 2.2.7</h3>
	<p>Apache Archiva 2.2.7 is a security fix release:</p>
	<p>Released: 2022-12-22</p><section>
	<h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
	<ul>
	<li>[MRM-2021] There is a new flag 'literalVersion=true/false' for service archivaServices/searchService/artifact which allows to change the behaviour for v=LATEST search.</li></ul></section><section>
	<h4><a name="New_Feature"></a>New Feature</h4>
	<ul>
	<li>There are no new features in this release.</li></ul></section><section>
	<h4><a name="Improvements"></a>Improvements</h4>
	<ul>
	<li>There are no improvements</li></ul></section><section>
	<h4><a name="Bug.2FSecurity_Fix"></a>Bug/Security Fix</h4>
	<ul>
	<li>[MRM-2027] Update of the log4j2 version to 2.17.0</li>
	<li>[MRM-2020] Fixed the behaviour of the startup script, if ARCHIVA_BASE is set (separating installation and data directory)</li>
	<li>[MRM-2022] Fixed the handling of X-XSRF-TOKEN header in Javascript calls</li></ul></section></section><section>
	<h3><a name="Release_Notes_for_Archiva_2.2.6"></a>Release Notes for Archiva 2.2.6</h3>
	<p>Apache Archiva 2.2.6 is a security fix release:</p>
	<p>Released: 2021-12-15</p><section>
	<h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
	<ul>
	<li>No API changes or known side effects.</li></ul></section><section>
	<h4><a name="New_Feature"></a>New Feature</h4>
	<ul>
	<li>There are no new features in this release.</li></ul></section><section>
	<h4><a name="Improvements"></a>Improvements</h4>
	<ul>
	<li>There are no improvements</li></ul></section><section>
	<h4><a name="Bug.2FSecurity_Fix"></a>Bug/Security Fix</h4>
	<ul>
	<li>Update of the log4j2 version to mitigate the log4j2 vulnerability (CVE-2021-44228)</li>
	<li>Deactivated directory listings by the file servlet</li></ul></section></section><section>
	<h3><a name="Release_Notes_for_Archiva_2.2.5"></a>Release Notes for Archiva 2.2.5</h3>
	<p>Apache Archiva 2.2.5 is a bug fix release:</p>
	<p>Released: 2020-06-19</p><section>
	<h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
	<ul>
	<li>No API changes or known side effects.</li></ul></section><section>
	<h4><a name="New_Feature"></a>New Feature</h4>
	<ul>
	<li>There are no new features in this release.</li></ul></section><section>
	<h4><a name="Improvements"></a>Improvements</h4>
	<ul>
	<li>There are no improvements</li></ul></section><section>
	<h4><a name="Bug_Fix"></a>Bug Fix</h4>
	<ul>
	<li>[MRM-2008] Fix for group names with slashes</li>
	<li>Better handling of LDAP filter </li></ul></section></section><section>
	<h3><a name="Release_Notes_for_Archiva_2.2.4"></a>Release Notes for Archiva 2.2.4</h3>
	<p>Apache Archiva 2.2.4 is a bug fix release:</p>
	<ul>
	<li>Fixes for handling of artifacts</li>
	<li>Improved validation of REST calls</li></ul><section>
	<h4><a name="Compatibility_Changes"></a>Compatibility Changes</h4>
	<p>No API changes or known side effects.</p>
	<p>Released: 2019-04-30</p></section><section>
	<h4><a name="New_Feature"></a>New Feature</h4>
	<ul>
	<li>There are no new features in this release.</li></ul></section><section>
	<h4><a name="Improvements"></a>Improvements</h4>
	<ul>
	<li>Adding additional validation to REST service calls for artifact upload</li></ul></section><section>
	<h4><a name="Bug_Fix"></a>Bug Fix</h4>
	<ul>
	<li>[MRM-1972] Stored XSS in Web UI Organization Name</li>
	<li>[MRM-1966] Repository-purge not working</li>
	<li>[MRM-1958] Purge by retention count deletes files but leaves history on website.</li>
	<li>[MRM-1929] Repository purge is not reflected in index</li></ul></section></section><section>
	<h3><a name="Release_Notes_for_Archiva_2.2.3"></a>Release Notes for Archiva 2.2.3</h3><section>
	<h4><a name="New_in_Archiva_2.2.3"></a>New in Archiva 2.2.3</h4>
	<p>Apache Archiva 2.2.3 is a bug fix release: >>>>>>> Stashed changes</p>
	<ul>
	<li>Some fixes for the REST API were added to detect requests from unknown origin</li>
	<li>Some bugfixes were added</li></ul></section></section><section>
	<h3><a name="Compatibility_Changes"></a>Compatibility Changes</h3>
	<ul>
	<li>The REST services are now checking for the origin of the requests by analysing Origin and Referer header of the HTTP requests and adding an validation token to the Header. This prevents requests from malicious sites if they are open in the same browser. If you use the REST services from other clients you may change the behaviour with the new configuration properties for the redback security (<code>rest.csrffilter.*</code>, <code>rest.baseUrl</code>). For more information see <a href="./adminguide/customising-security.html">Archiva Security Configuration</a> and the <a href="/redback/integration/rest.html">Redback REST documentation </a>.
	<p><b>Note:</b> If your archiva installation is behind a reverse proxy or load balancer, it may be possible that the Archiva Web UI does not load after the upgrade. If this is the case you may access the WebUI via localhost or edit archiva.xml manually. In the "Redback Runtime Configuration" properties you have to enter the base URLs of your archiva installation to the <code>rest.baseUrl</code> field.</p></li>
	<li>Archiva uses redback for authentication and authorization in version 2.6</li></ul></section><section>
	<h3><a name="Release_Notes"></a>Release Notes</h3>
	<p>The Archiva 3.0.0-SNAPSHOT features set can be seen in the <a href="./tour/index.html"> feature tour</a>.</p></section><section>
	<h3><a name="Changes_in_Archiva_3.0.0-SNAPSHOT"></a>Changes in Archiva 3.0.0-SNAPSHOT</h3>
	<p>Released: <b>2022-07-25</b></p><section>
	<h4><a name="New_Feature"></a>New Feature</h4></section><section>
	<h4><a name="Improvement"></a>Improvement</h4>
	<ul>
	<li>[MRM-1925] - Make User-Agent header configurable for HTTP requests</li>
	<li>[MRM-1861], [MRM-1924] - Increasing timeouts for repository check</li>
	<li>[MRM-1937] - Prevent creating initial admin user with wrong name.</li>
	<li>Adding origin header validation checks for REST requests</li></ul></section><section>
	<h4><a name="Bugs_fixed"></a>Bugs fixed</h4>
	<ul>
	<li>[MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact</li>
	<li>[MRM-1874] - Login Dialog triggers multiple events (+messages)</li>
	<li>[MRM-1908] - Logged on users can write any repository</li>
	<li>[MRM-1909] - Remote repository check fails for https://repo.maven.apache.org/maven2</li>
	<li>[MRM-1923] - Fixing bind issue with certain ldap servers, when user not found</li>
	<li>[MRM-1926] - Invalid checksum files in Archiva repository after download from remote repository</li>
	<li>[MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse proxy</li>
	<li>[MRM-1933] - No message body writer has been found for class org.apache.archiva.rest.services.ArchivaRestError</li>
	<li>[MRM-1940] - Slashes appended to remote repo url</li></ul></section><section>
	<h4><a name="Task"></a>Task</h4></section></section><section>
	<h3><a name="History"></a>History</h3>
	<p>Archiva was started in November 2005, building a simple framework on top of some existing repository conversion tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing. From January 2006 a web application was started to visualise the information and to start incorporating functionality from the unmaintained maven-proxy project.</p>
	<p>Development continued through many stops and starts. Initial versions of Archiva were built from source by contributors, and the first alpha version was not released until April 2007. Some significant changes were made to improve performance and functionality in June 2007 and over the next 6 months and a series of alpha and beta releases, a concerted effort was made to release the 1.0 version.</p>
	<p>Archiva became an Apache "top level project" in March 2008.</p></section></section>
	</main>
	</div>
	</div>
	<hr/>
	<footer>
	<div class="container-fluid">
	<div class="row-fluid">
	<div class="row">
	<div class="span6 offset1">Apache Archiva, Archiva, Apache, the Apache feather logo, and the Apache Archiva project logos are trademarks of The Apache Software Foundation.</div>
	</div>
	<div class="row">

	</div>
	<div class="row">
	<div class="span6 offset2">
	<p>
	<a href="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/privacy-policy.html">Privacy Policy</a>
	</p>
	</div>
	</div>
	</div>
	</div>
	</footer>
	<script>
	if(anchors) {
	anchors.add();
	}
	</script>
	</body>
	</html>