Eclipse JGit: Java implementation of Git 7.2.0

Features

• jgit-102 FileReftableDatabase: consider ref updates by another process
• [ssh known_hosts] Handle host certificates, implement the "@cert-authority" marker and its handling
• jgit-122 AddCommand: implement --all/--no-all
• DescribeCommand: Add exclusion matches using setExclude()
• jgit-122 [CLI] Add the C git command-line options for the "all" flag to the add command
• [CLI] Add --exclude option to describe CLI command
• [CLI] Add MultiPackIndex: CLI command to write/print the multipack index
• MultiPackIndexPrettyPrinter: pretty printer to debug multi pack index
• MultiPackIndexWriter: add a writer for the multipack index format
• Config: add getters for primitive types without default value
• RevWalk: Add an isMergedIntoAnyCommit() method

Performance Improvements

• FileReftableStack: use FileSnapshot to detect modification
• Do not load bitmap indexes during directory scans
• BlameGenerator: cache and reuse blame results
• LooseObjects: compute loose object path before retry loop
• Pack: separate an open/close accounting lock
• WindowCache: share removal work among multiple threads
• Optionally.Hard: avoid Optional creation on every use
• WindowCache: add bulk purge(), call from bulk sites

Miscellaneous Improvements

• BlameRegionMerger: report invalid regions with IOException.
• [ssh known_hosts] Improve updating modified keys. If there are several keys for a host in the known_hosts files, prefer reporting and updating a line for the same key type as the host key received from the server.
• Insert the Change-Id at the end of the footer block
• Update Change-Id insertion logic to insert at the end of the footer block, but before any Signed-off-by footers.
• jgit-127 Improve configuration of trusting file attributes in FileSnapshot. Replace the not well defined "trustFolderStat" option by a general option "trustStat"
• Add new options "core.trustLooseObjectStat" and "core.trustPackStat"
• Log pruned packfiles as debug and not warn logs
• FileSnapshot: silence "Stale file handle" exceptions
• FileSnapshot: silence "Not a Directory" exceptions
• RefDatabase#getReflogReader(String): use #exactRef to resolve refName. Don't accept short ref names anymore which is more predictable.
• Add RefDatabase#getReflogReader methods to fix broken abstraction in FileRepository#getReflogReader(String).
• Use java.time instead of java.util.Date API in many classes

Bug Fixes

• [ssh known_hosts] Handle unknown keys better
• [ssh known_hosts] Add tests and fix problems
• jgit-140 Fix calculation of pack files and objects since bitmap
• egit-80 URIish: fix stack overflow in regex matching
• Pack: no longer set invalid in openFail() to avoid incorrectly marking an already invalid Pack valid
• [ssh known_hosts] Correct parsing of host key lines. Use the correct parsing method to parse just a key type followed by the base64-encoded key data.
• jgit-138 DirCacheCheckout.preScanOneTree: consider mode bits. If only the file mode is changed, it's still a change and we must check out the entry from the commit.
• egit-76 Merge: improve handling of case-variants. Ensure that on a case-insensitive filesystem a merge that includes a rename of a file from one case variant to another does not delete the file.
• CommitConfig: fix potential NPE
• jgit-79 Submodules: Update submodule with deleted worktree
• [ssh signing] AllowedSigners: fix validity check
• Set repositoryformatversion=0 when converting refStorage to files
• Pack: fix threading bug getting idx
• jgit-117 RevertCommand: use only first line in revert commit message
• jgit-78 Submodules: use relative paths for worktree and gitdir
• Fix potential NPE in TreeWalk#getFilterCommandDefinition
• jgit-118 Advertise "agent" capability when using protocol v2
• PersonIdent: Default to UTC in timezone parsing
• RawParseUtils: Default to UTC in invalid timezones
• Fix potential NPE in ResolveMerger#getAttributesContentMergeStrategy
• Fix NPE in DiffFormatter#getDiffDriver
• TreeWalk: Make a null check to prevent NPE before dereferencing the config variable.
• Pack: ensure packfile is still valid while still recoverable

Build and Release Engineering

Update dependencies:

• Apache MINA sshd to 2.15.0. Brings support for ML-KEM PQC hybrid key exchanges, plus support for using the Bouncy Castle ed25519 provider.
• bouncycastle to 1.80
• byte-buddy to 1.17.1
• com.google.code.gson:gson to 2.12.1
• commons-codec:commons-codec to 1.18.0
• commons-io:commons-io to 2.18.0
• commons-logging:commons-logging to 1.3.5
• jetty to 12.0.16
• jna to 5.16.0
• mockito to 5.15.2
• org.assertj:assertj-core to 3.27.3
• [ssh, releng] Remove net.i2p.crypto.eddsa which is no longer needed; Apache MINA sshd now can work with the Bouncy Castle ed25519 implementation.

Update maven plugins:

• cyclonedx-maven-plugin to 2.9.1
• ecj to 3.40.0
• eclipse-jarsigner-plugin to 1.5.2
• git-commit-id-maven-plugin to 9.0.1
• gmavenplus-plugin to 4.1.1
• japicmp-maven-plugin to 0.23.1
• maven-artifact-plugin to 3.6.0
• maven-clean-plugin to 3.4.0
• maven-compiler-plugin-version to 3.14.0
• maven-dependency-plugin to 3.8.1
• maven-deploy-plugin to 3.1.3
• maven-enforcer-plugin to 3.5.0
• maven-install-plugin to 3.1.3
• maven-jar-plugin to 3.4.2
• maven-javadoc-plugin-version to 3.11.2
• maven-jxr-plugin-version to 3.6.0
• maven-pmd-plugin to 3.26.0
• maven-project-info-reports-plugin-version to 3.8.0
• maven-shade-plugin to 3.6.0
• maven-site-plugin to 4.0.0-M16
• maven-surefire-report-plugin to 3.5.2
• spotbugs-maven-plugin-version to 4.9.1.0
• spotbugs-maven-plugin-version to 4.8.6.6
• spring-boot-maven-plugin to 3.4.3
• tycho to 4.0.11
   
• Remove unused target platform definitions
• Update GetRefsBenchmark to use 3 state core.trustStat
• test.BUILD: add rule for "external tests"
• Add target platform jgit-4.35 for Eclipse 2025-03
• Update target platform version in maven build to 4.32 (2024-06)
• Remove use of deprecated java.security.AccessController