Merge branch 'main' into switch-to-tomcat

Author: afranken

.github/workflows/codeql.yml

@@ -45,16 +45,16 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
       with:
         egress-policy: audit
 
     - name: Checkout repository
-      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+      uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -66,7 +66,7 @@ jobs:
 
     # Set up JDK 17, otherwise autobuild will fail below.
     - name: Set up JDK
-      uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
+      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
       with:
         java-version: 21
         distribution: 'temurin'
@@ -75,7 +75,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+      uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -88,4 +88,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+      uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6

.github/workflows/dependency-review.yml

@@ -10,7 +10,7 @@ name: 'Dependency Review'
 on: [pull_request]
 
 permissions:
-  contents: read
+  contents: write
 
 concurrency:
   group: dependency-review-${{ github.ref }}
@@ -21,11 +21,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/maven-ci-and-prb.yml

@@ -37,15 +37,15 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Set up JDK
-        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           java-version: 21
           distribution: 'temurin'

.github/workflows/maven-release.yml

@@ -25,15 +25,15 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Set up JDK
-        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           java-version: 21
           distribution: 'temurin'

.github/workflows/sbom.yml

@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - uses: advanced-security/sbom-generator-action@375dee8e6144d9fd0ec1f5667b4f6fb4faacefed # v0.0.1

.github/workflows/scorecards.yml

@@ -35,12 +35,12 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
@@ -75,6 +75,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
         with:
           sarif_file: results.sarif

.github/workflows/upload-dependencies-of-dependenices.yml

@@ -14,14 +14,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Set up JDK
-        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           java-version: 21
           distribution: 'temurin'

.mvn/jvm.config

@@ -0,0 +1,3 @@
+
+--add-opens=java.base/java.lang=ALL-UNNAMED
+--add-opens=java.base/java.io=ALL-UNNAMED

CHANGELOG.md

@@ -8,10 +8,12 @@
 
 <!-- TOC -->
 * [Changelog](#changelog)
-* [PLANNED - 4.x - RELEASE TBD](#planned---4x---release-tbd)
+* [PLANNED - 5.x - RELEASE TBD](#planned---5x---release-tbd)
     * [Planned changes](#planned-changes)
-* [CURRENT - 3.x - THIS VERSION IS UNDER ACTIVE DEVELOPMENT](#current---3x---this-version-is-under-active-development)
-  * [3.12.0 - PLANNED](#3120---planned)
+* [CURRENT - 4.x - THIS VERSION IS UNDER ACTIVE DEVELOPMENT](#current---4x---this-version-is-under-active-development)
+    * [4.0.0 - PLANNED](#400---planned)
+* [DEPRECATED - 3.x](#deprecated---3x)
+  * [3.12.0](#3120)
   * [3.11.0](#3110)
   * [3.10.3](#3103)
   * [3.10.2](#3102)
@@ -98,8 +100,8 @@
   * [1.0.0](#100)
 <!-- TOC -->
 
-# PLANNED - 4.x - RELEASE TBD
-Version 4.x is JDK17 LTS bytecode compatible (maybe JDK21 LTS, depending on the release date), with Docker integration.
+# PLANNED - 5.x - RELEASE TBD
+Version 5.x is JDK17 LTS bytecode compatible (maybe JDK21 LTS, depending on the release date), with Docker integration.
 
 Any JUnit / direct Java usage support will most likely be dropped and only supported on a best-effort basis.
 (i.e. the modules will be deleted from the code base and not released anymore. It *may* be possible to
@@ -109,7 +111,7 @@ to easily to run `S3MockApplication#start` from a static context. These workarou
 
 Running S3Mock in unit tests is still supported by using [TestContainers](https://www.testcontainers.org/).
 
-**Once 4.x is released, 3.x may receive bug fixes and features, this will be best-effort only.**
+**Once 5.x is released, 4.x may receive bug fixes and features, this will be best-effort only.**
 
 ### Planned changes
 
@@ -126,24 +128,56 @@ Running S3Mock in unit tests is still supported by using [TestContainers](https:
   * Bump Spring Framework version to 7.x
   * Bump java version from 17 to (?)
 
-# CURRENT - 3.x - THIS VERSION IS UNDER ACTIVE DEVELOPMENT
+# CURRENT - 4.x - THIS VERSION IS UNDER ACTIVE DEVELOPMENT
+Version 4.x is JDK17 LTS bytecode compatible, with Docker and JUnit / direct Java integration.
+
+**The current major version 4 will receive new features, dependency updates and bug fixes on a continuous basis.**
+
+### 4.0.0 - PLANNED
+
+* Features and fixes
+  * TBD
+* Refactorings
+  * Use Tomcat instead of Jetty (fixes #2136)
+* Version updates (deliverable dependencies)
+  * Spring Boot to 3.4
+
+# DEPRECATED - 3.x
 Version 3.x is JDK17 LTS bytecode compatible, with Docker and JUnit / direct Java integration.
 
-**The current major version 3 will receive new features, dependency updates and bug fixes on a continuous basis.**
+**3.x is DEPRECATED and may receive bug fixes and features, this will be best-effort only.**
 
-## 3.12.0 - PLANNED
+## 3.12.0
 3.x is JDK17 LTS bytecode compatible, with Docker and JUnit / direct Java integration.
 
 * Features and fixes
-  * Support Versions in APIs
-  * Add "DeleteObjectTagging" API
-  * Support "Ownership" in buckets. ACLs should be 
+  * none
 * Refactorings
-  * TBD
+  * none
 * Version updates (deliverable dependencies)
-  * TBD
+  * Bump aws-v2.version from 2.28.11 to 2.29.29
+  * Bump aws.version from 1.12.772 to 1.12.779
+  * Bump kotlin.version from 2.0.20 to 2.1.0
+  * Bump com.fasterxml.jackson:jackson-bom from 2.18.0 to 2.18.2
+  * Bump commons-io:commons-io from 2.17.0 to 2.18.0
+  * Bump testcontainers.version from 1.20.1 to 1.20.4
+  * Bump alpine from 3.20.3 to 3.21.0 in /docker
 * Version updates (build dependencies)
-  * TBD
+  * Bump io.fabric8:docker-maven-plugin from 0.45.0 to 0.45.1
+  * Bump com.puppycrawl.tools:checkstyle from 10.18.1 to 10.20.2
+  * Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.10.0 to 3.11.2
+  * Bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.0 to 3.5.2
+  * Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.0 to 3.5.2
+  * Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.0 to 3.8.1
+  * Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.5.0 to 3.6.0
+  * Bump org.codehaus.mojo:exec-maven-plugin from 3.4.1 to 3.5.0
+  * Bump actions/dependency-review-action from 4.3.4 to 4.5.0
+  * Bump actions/setup-java from 4.4.0 to 4.5.0
+  * Bump actions/upload-artifact from 3.1.0 to 4.4.3
+  * Bump actions/checkout from 4.2.0 to 4.2.2
+  * Bump github/codeql-action from 3.26.9 to 3.27.6
+  * Bump advanced-security/maven-dependency-submission-action from 3.0.3 to 4.1.1
+  * Bump step-security/harden-runner from 2.10.1 to 2.10.2
 
 ## 3.11.0
 3.x is JDK17 LTS bytecode compatible, with Docker and JUnit / direct Java integration.

build-config/pom.xml

@@ -21,7 +21,7 @@
   <parent>
     <groupId>com.adobe.testing</groupId>
     <artifactId>s3mock-parent</artifactId>
-    <version>3.11.1-SNAPSHOT</version>
+    <version>3.12.1-SNAPSHOT</version>
   </parent>
 
   <artifactId>s3mock-build-config</artifactId>

docker/Dockerfile

@@ -14,7 +14,7 @@
 #  limitations under the License.
 #
 
-FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d as staging_area
+FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 as staging_area
 
 RUN apk --no-cache add openjdk21-jdk openjdk21-jmods
 
@@ -68,7 +68,7 @@ RUN jlink \
     --strip-java-debug-attributes \
     --output "$JAVA_MINIMAL"
 
-FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
+FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
 
 ENV JAVA_HOME=/opt/java-minimal
 ENV PATH="$PATH:$JAVA_HOME/bin"

docker/pom.xml

@@ -22,7 +22,7 @@
   <parent>
     <groupId>com.adobe.testing</groupId>
     <artifactId>s3mock-parent</artifactId>
-    <version>3.11.1-SNAPSHOT</version>
+    <version>3.12.1-SNAPSHOT</version>
   </parent>
 
   <artifactId>s3mock-docker</artifactId>
@@ -70,7 +70,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-dependency-plugin</artifactId>
-        <version>3.8.0</version>
+        <version>3.8.1</version>
         <configuration>
           <artifactItems>
             <artifactItem>

integration-tests/pom.xml

@@ -22,7 +22,7 @@
   <parent>
     <groupId>com.adobe.testing</groupId>
     <artifactId>s3mock-parent</artifactId>
-    <version>3.11.1-SNAPSHOT</version>
+    <version>3.12.1-SNAPSHOT</version>
   </parent>
 
   <artifactId>s3mock-integration-tests</artifactId>

pom.xml

@@ -21,7 +21,7 @@
 
   <groupId>com.adobe.testing</groupId>
   <artifactId>s3mock-parent</artifactId>
-  <version>3.11.1-SNAPSHOT</version>
+  <version>3.12.1-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <name>S3Mock - Parent</name>
@@ -89,47 +89,47 @@
   </distributionManagement>
 
   <properties>
-    <aws-v2.version>2.28.11</aws-v2.version>
+    <aws-v2.version>2.29.29</aws-v2.version>
 
-    <aws.version>1.12.772</aws.version>
-    <checkstyle.version>10.18.2</checkstyle.version>
+    <aws.version>1.12.779</aws.version>
+    <checkstyle.version>10.20.2</checkstyle.version>
     <commons-codec.version>1.15</commons-codec.version>
-    <commons-io.version>2.17.0</commons-io.version>
+    <commons-io.version>2.18.0</commons-io.version>
     <docker-builder.image.name>s3mock-buildx</docker-builder.image.name>
     <docker-maven-plugin.version>0.45.1</docker-maven-plugin.version>
 
     <docker.image.name>adobe/s3mock</docker.image.name>
     <!-- need Jackson 2.17.0+ for XML with xsi:type (de-)serialization   -->
-    <jackson-bom.version>2.18.0</jackson-bom.version>
+    <jackson-bom.version>2.18.2</jackson-bom.version>
     <java.version>17</java.version>
     <junit-jupiter.version>5.7.2</junit-jupiter.version>
     <junit.version>4.13.2</junit.version>
-    <kotlin.version>2.0.20</kotlin.version>
+    <kotlin.version>2.1.0</kotlin.version>
     <kotlin.compiler.jvmTarget>${java.version}</kotlin.compiler.jvmTarget>
-    <kotlin.compiler.languageVersion>1.9</kotlin.compiler.languageVersion>
+    <kotlin.compiler.languageVersion>2.1</kotlin.compiler.languageVersion>
     <license-maven-plugin-git.version>4.6</license-maven-plugin-git.version>
-    <maven-checkstyle-plugin.version>3.5.0</maven-checkstyle-plugin.version>
+    <maven-checkstyle-plugin.version>3.6.0</maven-checkstyle-plugin.version>
     <maven-clean-plugin.version>3.4.0</maven-clean-plugin.version>
     <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
     <maven-deploy-plugin.version>3.1.3</maven-deploy-plugin.version>
     <maven-enforcer-plugin.version>3.5.0</maven-enforcer-plugin.version>
-    <maven-failsafe-plugin.version>3.5.1</maven-failsafe-plugin.version>
+    <maven-failsafe-plugin.version>3.5.2</maven-failsafe-plugin.version>
     <maven-gpg-plugin.version>3.2.7</maven-gpg-plugin.version>
     <maven-install-plugin.version>3.1.3</maven-install-plugin.version>
     <maven-jar-plugin.version>3.4.2</maven-jar-plugin.version>
-    <maven-javadoc-plugin.version>3.10.1</maven-javadoc-plugin.version>
+    <maven-javadoc-plugin.version>3.11.2</maven-javadoc-plugin.version>
     <maven-release-plugin.version>3.1.1</maven-release-plugin.version>
     <maven-resources-plugin.version>3.3.1</maven-resources-plugin.version>
     <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
-    <maven-surefire-plugin.version>3.5.1</maven-surefire-plugin.version>
+    <maven-surefire-plugin.version>3.5.2</maven-surefire-plugin.version>
     <mockito-kotlin.version>5.4.0</mockito-kotlin.version>
     <nexus-staging-maven-plugin.version>1.7.0</nexus-staging-maven-plugin.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <!-- Run Docker build by default -->
     <skipDocker>false</skipDocker>
     <sortpom-maven-plugin.version>4.0.0</sortpom-maven-plugin.version>
     <spring-boot.version>3.3.5</spring-boot.version>
-    <testcontainers.version>1.20.1</testcontainers.version>
+    <testcontainers.version>1.20.4</testcontainers.version>
     <testng.version>7.10.2</testng.version>
     <xmlunit-assertj3.version>2.10.0</xmlunit-assertj3.version>
   </properties>
@@ -554,7 +554,7 @@
         <plugin>
           <groupId>org.codehaus.mojo</groupId>
           <artifactId>exec-maven-plugin</artifactId>
-          <version>3.4.1</version>
+          <version>3.5.0</version>
         </plugin>
         <plugin>
           <!--