Eclipse JGit: Java implementation of Git 7.3.0

Features

  • PackExt: Add value for the multipack index
  • MultiPackIndex: Add and implement #resolve() method
  • MultiPackIndexWriter: Handle empty packs
  • MultiPackIndexWriter: return bytes written
  • MultiPackIndex: add #getMemorySize() method
  • MultiPackIndex: reader for the multipack index
  • SystemReader: Add support for XDG_CACHE_HOME
  • TreeRevFilter: enable Bloom Filter usage with ChangedPathTreeFilter

Performance Improvements

  • BlameResult: Let generator decide when to use the blame cache
  • BlameGenerator: Use cache only for candidates modifying the path

Bug Fixes

  • jgit-152 Use the same ordering/locking as C git when deleting a ref
  • FS.getFileStoreAttributes: cancel failed task executed asynchronously
  • FileReftableStack: ensure new reftable files aren't missed on NFS
  • Encapsulate layout of reftable stack in FileReftableStack
  • PlotRefComparator: fix #timeof
  • jgit-157 Fix package name of spring boot JarLauncher class in jgit.sh
  • jgit-146 Checkout: Handle InvalidRefNameException
  • FileReftableDatabase: mark autoRefresh volatile

Security Fixes

The following changes fix CVE-2025-4949:

  • ManifestParser: Do not accept DOCTYPE and entities to harden XML parser
  • AmazonS3: Do not accept DOCTYPE and entities to harden XML parser

Kudos to Simon Gerst for reporting this vulnerability.

Build and Release Engineering

  • update dependencies
    • jgit-148 bouncycastle to 1.80.0
    • bytebuddy to 1.17.5
    • com.google.code.gson:gson to 2.13.1
    • commons-io:commons-io to 2.19.0
    • jetty to 12.0.21
    • jna to 5.17.0
    • mockito to 5.18.0
  • update maven plugins
    • git-commit-id-maven-plugin to 9.0.2
    • gmavenplus-plugin to 4.2.0
    • jacoco-maven-plugin to 0.8.13
    • maven-deploy-plugin to 3.1.4
    • maven-install-plugin to 3.1.4
    • maven-project-info-reports-plugin to 3.9.0
    • maven-surefire-plugin to 3.5.3
    • spotbugs-maven-plugin to 4.9.3.0
    • spring-boot-maven-plugin to 3.5.0
    • tycho to 4.0.13
  • update bazel to 8.2.1
  • MODULE.bazel: Move dependencies from WORKSPACE to bazel modules
  • jgit-151 Update scm url in pom.xml to refer to gerrit homepage of jgit repo
  • Add target platform jgit-4.36 for eclipse 2025-06
  • replace old Date Time classes with java.time API in many places
     
Release Date
Release Type
Minor release
New & Noteworthy URL
https://github.com/eclipse-jgit/jgit/wiki/New-and-Noteworthy-7.3
This release is part of Eclipse IDE 2025-06
Reviews
Eclipse JGit: Java implementation of Git 7.3.0 Release Review