maven-jar-plugin3.4.2
Classifier: LIBRARYSource
Security state
Critical 0High 0Medium 0Low 0Unassigned 0
Vulnerable components0
Inherited Risk Score0.0
Last BOM importMar 1, 2026, 12:24 AM
Last vulnerability analysisMay 8, 2026, 2:15 PM
Draft
What this plugin is
The Maven JAR Plugin assembles a project's compiled classes and resources into a `.jar` archive during the Maven `package` phase. It populates the `META-INF/MANIFEST.MF` with the entries downstream tooling — module descriptors, classpath, multi-release flag — relies on.
Why it matters
The output of this plugin is what ends up on Maven Central and in production classpaths. Manifests, multi-release JAR layout, and reproducible-build flags all flow through here. A misconfigured release of this plugin is a supply-chain hazard.
Open Elements' role
Open Elements contributes to the Maven JAR Plugin under the Support & Care programme and surfaces its security state via Open Ingredients.
Components
Outdated only| Component | Version | License | Status | Severities |
|---|---|---|---|---|
| cdi-api | 1.2 | Apache-2.0 | outdated | |
| checker-qual | 3.33.0 | MIT | outdated | |
| commons-codec | 1.16.1 | Apache-2.0 | outdated | |
| commons-compress | 1.26.1 | Apache-2.0 | outdated | |
| commons-io | 2.16.1 | Apache-2.0 | outdated | |
| commons-lang3 | 3.8.1 | Apache-2.0 | outdated | |
| error_prone_annotations | 2.18.0 | Apache-2.0 | outdated | |
| failureaccess | 1.0.1 | Apache-2.0 | outdated | |
| file-management | 3.1.0 | Apache-2.0 | outdated | |
| guava | 32.0.1-jre | Apache-2.0 | outdated | |
| guice | 4.2.1 | Apache-2.0 | outdated | |
| j2objc-annotations | 2.8 | Apache-2.0 | outdated | |
| javax.annotation-api | 1.2 | — | outdated | |
| maven-archiver | 3.6.2 | Apache-2.0 | outdated | |
| maven-artifact | 3.6.3 | Apache-2.0 | outdated | |
| maven-builder-support | 3.6.3 | Apache-2.0 | outdated | |
| maven-core | 3.6.3 | Apache-2.0 | outdated | |
| maven-model | 3.6.3 | Apache-2.0 | outdated | |
| maven-model-builder | 3.6.3 | Apache-2.0 | outdated | |
| maven-plugin-annotations | 3.12.0 | Apache-2.0 | outdated | |
| maven-plugin-api | 3.6.3 | Apache-2.0 | outdated |
Download SBOM
CycloneDX 1.x. Re-generated server-side; no registration required.
Talk to Support & Care