GMavenPlus 3.0.2 has been released. 3.0.1 released with a corrupted jar, which is fixed in 3.0.2 (along with a version bump). The release notes below are the consolidated release notes for both versions.
Bugs - [#276 <https://github.com/groovy/GMavenPlus/issues/276>] Fix that enabling skipBytecodeCheck causes the Groovy version to be reported as not supporting the goal (thanks for reporting this @jgenoctr <https://github.com/jgenoctr>!). Enhancements - [#264 <https://github.com/groovy/GMavenPlus/pull/264>] Support targeting Java 21 bytecode (thanks @bmarwell <https://github.com/bmarwell>!). - [#253 <https://github.com/groovy/GMavenPlus/pull/253>] Fix CVE-2020-8908 <https://github.com/advisories/GHSA-5mg8-w23w-74h3> and CVE-2023-2976 <https://github.com/advisories/GHSA-7g45-4rm6-3mm3>. - Fix CVE-2023-37460 <https://github.com/advisories/GHSA-wh3p-fphp-9h2m> (242baa8 <https://github.com/groovy/GMavenPlus/commit/242baa86cc3e900fdb47d4dc67db6c4932826645> and 623a56f <https://github.com/groovy/GMavenPlus/commit/623a56f6d8c3174f7618fc9c96d32b9e9d4186ac> ). - [#279 <https://github.com/groovy/GMavenPlus/pull/279>] Fix CVE-2023-42503 <https://github.com/advisories/GHSA-cgwf-w82q-5jrr>. Potentially breaking changes None. Notes The CVEs fixed were related to dependencies of the plugin. While I haven't done an analysis of whether they were exploitable (since this is a Maven plugin and not an application), it seems unlikely.
