Last checked and updated on 10 Jun 2026
What Is New in Apache Maven 3.6
Apache Maven 3.6 delivers a set of focused improvements that streamline the developer experience, from dependency resolution to core extension support. The updates are less about flashy new features and more about refining stability and performance for large-scale builds.
| Category | Key Changes |
|---|---|
| Core & Performance | New Plexus component API, enhanced extension loading, reduced memory footprint for dependency collections. |
| Dependency Resolution | Faster resolution for Reactor builds, improved version range processing, new warning for duplicate dependencies. |
| Bug Fixes | Fixes for plugin execution ordering, Maven Resolver issues, and various NullPointerExceptions. |
| Security | HTTPS is now the default for central repository access, strengthening artifact transfer integrity. |
How does Maven 3.6 handle dependencies better?
The resolver got smarter and faster. For large multi-module Reactor builds, dependency resolution is now significantly quicker. It also processes version ranges more efficiently and provides clearer warnings when it encounters duplicate dependencies in your POM.
In practice, this means less waiting around for large projects to figure out their dependency tree. The new warning for duplicate dependencies is a simple but effective way to catch POM bloat that often slips through code reviews.
What changed with the Maven Central repository?
Maven now uses HTTPS by default to access repo.maven.apache.org. This change was made to ensure all artifact downloads are encrypted, protecting against interception.
You shouldn't need to change your configuration. The upgrade is seamless for most users. This matters because it closes a potential security gap for developers on untrusted networks without any extra effort on their part.
Are there any changes for plugin and extension developers?
Yes, the core extension mechanism was overhauled. Maven 3.6 introduces a new Plexus component API that extensions must use. Older extensions relying on the legacy API will need to be updated to remain compatible.
This is a foundational change that makes the core more stable for the future. If you maintain a core Maven extension, you'll need to check its compatibility against this new API.
What performance improvements can I expect?
The most noticeable gains are in memory usage and resolution speed. The internal representation of dependency collections now consumes less memory, which helps on memory-constrained CI/CD machines.
Faster Reactor build resolution is the other big win. Maven is more efficient at constructing the project graph for builds with many interconnected modules, shaving time off the initial build phase.
FAQ
Will my existing projects work with Maven 3.6?
For the vast majority of projects, yes. The main breaking change is for core extensions using the deprecated Plexus API. Standard Maven plugins and typical POMs will continue to work without modification.
Do I need to change my settings.xml for the HTTPS default?
No. The switch to HTTPS for Maven Central is handled transparently. Only if you've explicitly overridden the central repository URL to use HTTP in your settings.xml would you need to update it.
I got a warning about a duplicate dependency. What should I do?
This is a new feature to help clean up your POM. Look in your dependency list and remove the duplicate declaration. It's often a leftover from a previous change that was never cleaned up.
What is the impact of the new Plexus component API?
If you are not a developer of a core Maven extension, you likely won't notice. This is an internal change aimed at developers maintaining deep integrations with Maven's core, not everyday users.
Is it worth upgrading from Maven 3.5 to 3.6?
Absolutely. The performance improvements in dependency resolution and the security default of HTTPS provide tangible benefits for almost zero upgrade cost, making it a straightforward decision.