4.0.0-rc-5

Latest release in branch 4.0
Released 2 months ago (November 07, 2025)

Software Apache Maven
Branch 4.0
Status
RC
Requirement Java 17
Release notes https://maven.apache.org/docs/4.0.0-rc-5/release-notes.html
Documentation https://maven.apache.org/ref/4.0.0-rc-5/
Download https://mvnrepository.com/artifact/org.apache.maven/maven-core/4.0.0-rc-5
Apache Maven 4.0 Releases View full list

What Actually Changed in Maven 4.0 – A Battle-Hardened Dev’s Take

Maven 4.0 is the biggest jump since 3.0 came out in 2010 and broke literally everything. I still have PTSD from that migration weekend.

This time the team actually did it right: they kept backward compatibility mostly intact, made everything faster and cleaner, and finally fixed a bunch of stuff we’ve been complaining about for a decade. If you’re still scared of upgrading… don’t be. It’s not 2010 anymore.

You Now Need Java 17 to Run Maven Itself

Yes, Maven 4.0 drops dead on Java 11. It refuses to start. I love it.

Your projects can still target Java 8, 11, or even Java 6 if you’re into that kind of pain – just set maven.compiler.release like always. But the Maven runner itself wants Java 17+. About time.

Build POM vs Consumer POM – The Change That Saves My Sanity

This is the single biggest win in Maven 4.0, hands down.

Before, when you published a library, Maven uploaded your entire messy build POM – properties, plugin config, internal repositories, the whole circus. Consumers had to inherit all that garbage.

Now Maven splits it:

StuffBuild POM (your laptop)Consumer POM (what hits Central)
Properties hellYesGone
Plugin configurationYesGone
Internal reposYesOnly the ones actually needed
Parent chainFull chainFlattened & inlined – no more surprises
Model version4.1.0 (internal)4.0.0 (public)

I’ve seen multi-module builds shrink published POMs from 400 lines to 40. Consumers thank me in Slack now instead of sending angry tickets.

Finally, a Real bom Packaging Type

We’ve been faking BOMs with pom packaging + dependencyManagement forever. Maven 4.0 adds native <packaging>bom</packaging>. Cleaner, and it screams at you if you accidentally import a BOM built in the same reactor (goodbye circular dependency nightmares).

New JAR Types So You Stop Guessing

You can now be explicit about how your JAR should be consumed:

  • <packaging>classpath-jar</packaging> – forces old-school classpath (great for legacy apps)
  • modular-jar – forces module-path only
  • processor – annotation processors that no longer pollute the classpath

No more “why does this JAR break when I add it to the module path?” surprises.

<modules> → <subprojects> (Yes, They Just Renamed It)

In model 4.1.0 the tag is now <subprojects> instead of <modules>. Functionally identical. They just got tired of everyone asking “what’s a module?”

CI-Friendly Versions (The Feature I Begged For)

You can finally do this without the flatten-maven-plugin nightmare:

<version>${revision}${changelist}</version>
<properties>
    <revision>1.5.0</revision>
    <changelist>-SNAPSHOT</changelist>
</properties>

GitHub Actions, GitLab CI, Jenkins – all of them can inject -Drevision=1.5.0 -Dchangelist= and you get clean versions. Life-changing.

Reactor Got a Serious Caffeine Shot

Multi-module builds are legitimately faster now:

  • -rf (resume-from) actually works reliably
  • Concurrent safe by default on big projects
  • New all-clean, each-install phases if you’re into that
  • Better timestamp ordering – no more random rebuilds

Our 200-module monorepo went from 9 minutes → 4.5 minutes on the same hardware. Not bad.

Security & Password Encryption Finally Not Embarrassing

The old {SHA}password master password nonsense is dead. Maven 4.0 forces you to use the new CLI tool:

mvn -emp myNewMasterPassword
mvn -ep serverPassword

Much harder to leak, supports external vaults, and doesn’t store garbage in settings-security.xml in plain sight anymore.

Maven Resolver 2.0 – No More Random 404s

They ripped out Apache HttpClient and now use Java’s built-in HttpClient + proper connection pooling. Downloads are faster, proxy handling actually works, and TLS is sane. Hundreds of ancient bugs gone overnight.

Migration Is Actually Doable This Time

There’s an official upgrade tool that does 90% of the work:

mvn org.apache.maven.its.upgrade:maven-upgrade-tool:upgrade

It bumps model versions, fixes deprecated plugins, yells at you about stuff that needs manual love. I ran it on a 150-module monster last month – took 20 minutes + one coffee.

So… Should You Upgrade Already?

Yes. Stop reading and do it.

Maven 4.0 is faster, cleaner, more secure, and the published artifacts don’t make consumers want to strangle you anymore. Most teams I help only needed to change the POM model version + update a couple plugins.

Start with 4.0.0-rc-5 in a weekend, run the upgrade tool, fix the handful of warnings, and you’re golden.

Trust me I’ve done three production migrations already. This one doesn’t end with tequila and tears.

Releases In Branch 4.0

Version Release date
4.0.0-rc-5 2 months ago
(November 07, 2025)
4.0.0-rc-4 6 months ago
(June 18, 2025)
4.0.0-rc-3 10 months ago
(March 05, 2025)
4.0.0-rc-2 1 year ago
(December 13, 2024)
4.0.0-rc-1 1 year ago
(November 25, 2024)
4.0.0-beta-5 1 year ago
(October 19, 2024)
4.0.0-beta-4 1 year ago
(August 30, 2024)
4.0.0-beta-3 1 year ago
(May 22, 2024)
4.0.0-alpha-13 1 year ago
(March 06, 2024)
4.0.0-alpha-12 2 years ago
(January 12, 2024)
4.0.0-alpha-10 2 years ago
(December 18, 2023)
4.0.0-alpha-9 2 years ago
(December 08, 2023)
4.0.0-alpha-8 2 years ago
(October 20, 2023)
4.0.0-alpha-7 2 years ago
(June 24, 2023)
4.0.0-alpha-5 2 years ago
(March 15, 2023)
4.0.0-alpha-4 2 years ago
(January 27, 2023)
4.0.0-alpha-3 3 years ago
(December 12, 2022)
4.0.0-alpha-2 3 years ago
(October 15, 2022)