Skip to content

[maven-4.0.x] Prevent infinite loop in RootLocator when .mvn directory exists in subdirectory (fixes #11321) (#11323) #11350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gnodet merged 2 commits into from
Oct 29, 2025
Merged

[maven-4.0.x] Prevent infinite loop in RootLocator when .mvn directory exists in subdirectory (fixes #11321) (#11323) #11350

gnodet merged 2 commits into from
Oct 29, 2025

Conversation

@gnodet
Copy link
Contributor

@gnodet gnodet commented Oct 28, 2025

Backport

This will backport the following commits from master to maven-4.0.x:

Questions ?

Please refer to the Backport tool documentation

@gnodet
Prevent infinite loop in RootLocator when .mvn directory exists in su…
1673ce1 
…bdirectory (fixes apache#11321) (apache#11323)

This is a fix that adds validation to prevent reading parent POMs
that are located above the discovered root directory. This prevents
infinite loops when a .mvn directory exists in a subdirectory and
Maven is invoked with -f pointing to that subdirectory.

The fix includes:
- Validation in doReadFileModel() to check parent POM location
- Validation in getEnhancedProperties() to prevent infinite loops
- Helper method isParentWithinRootDirectory() for path validation
- Integration test to reproduce and verify the fix

(cherry picked from commit 714fc51)
@gnodet gnodet mentioned this pull request Oct 28, 2025
Merged
@gnodet gnodet added bug Something isn't working backport mvn40 labels Oct 28, 2025
@gnodet
Add Maven version constraint to MavenITgh11321Test
de7dcfa 
The integration test for apacheGH-11321 needs to specify that it only runs
on Maven 4.0.0 and later, since the fix is only available in those
versions. This prevents the test from running on older Maven versions
where the fix is not present, which was causing CI failures.

The test validates that Maven properly rejects setups where a parent
POM is located above the root directory when a .mvn directory exists
in a subdirectory.
@gnodet gnodet merged commit b7f9178 into apache:maven-4.0.x Oct 29, 2025
37 of 38 checks passed
@github-actions github-actions bot added this to the 4.0.0 milestone Oct 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@gnodet gnodet

Labels

backport bug Something isn't working mvn40

Projects

None yet

Milestone

4.0.0

Development

Successfully merging this pull request may close these issues.

1 participant

@gnodet