Hello, please see https://github.com/mfriedenhagen/cyclonedx-maven-plugin-maven4-logging for an example of the problem.
When running `mvn -V -q clean cyclonedx:makeBom` with Maven 4 an error message is shown while with Maven 3 the error path is not reached. It looks like MavenXpp3Reader.read behaves differently. The error is understandable, the cyclonedx plugin does inspect the embedded pom.xml beneath META-INF/maven/ and that one for net.logstash.logback:logstash-logback-encoder:jar:6.6 is not a valid POM (there is an element <goals> in a plugin but outside of an execution, see https://github.com/logfellow/logstash-logback-encoder/blob/logstash-logback-encoder-6.6/pom.xml#L232). https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/59e71a6b74b07f65d9fa1046ff7ad881dbd6c96f/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java#L759-L759 Is Maven 4 stricter while parsing XML? Best Regards Mirko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
