What's Changed

🚀 New Features

• Add Allure 3 brand theme, dark mode, and accessibility smoke checks by @baev in #3341

🔬 Improvements

• Relax http exchange attachment type by @baev in #3340

🐞 Bug Fixes

• Fix missing Behaviors and Packages tabs by @baev in #3353
• Make single-file reports truly self-contained by @baev in #3354
• fix custom logo plugin by @baev in #3355
• fix playwright trace attachments by @baev in #3357

⬆️ Dependency Updates

• Bump org.junit:junit-bom from 6.0.3 to 6.1.0 by @dependabot[bot] in #3352
• Bump com.diffplug.spotless from 8.4.0 to 8.5.1 by @dependabot[bot] in #3350
• Bump gradle-wrapper from 9.5.0 to 9.5.1 by @dependabot[bot] in #3343
• Bump orgSlf4jVersion from 2.0.17 to 2.0.18 by @dependabot[bot] in #3342
• Bump postcss from 8.5.8 to 8.5.15 in /allure-generator by @dependabot[bot] in #3312
• Bump com.github.spotbugs from 6.5.4 to 6.5.5 by @dependabot[bot] in #3356

Full Changelog: 2.41.0...2.42.0

What's Changed

🚀 New Features

• Add support for HTTP Exchange attachments by @baev in #3331

🔬 Improvements

• Fix incomplete ALLURE_NO_ANALYTICS opt-out in report html template by @grootstebozewolf in #3332

🐞 Bug Fixes

• Fix duplicate category matches by using the first matching rule by @baev in #3330

⬆️ Dependency Updates

• Bump commons-io:commons-io from 2.21.0 to 2.22.0 by @dependabot[bot] in #3323
• Bump com.github.spotbugs from 6.5.0 to 6.5.4 by @dependabot[bot] in #3324
• Bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 by @dependabot[bot] in #3326
• Bump org.jsoup:jsoup from 1.22.1 to 1.22.2 by @dependabot[bot] in #3329
• Bump io.qameta.allure from 4.0.0 to 4.0.2 by @dependabot[bot] in #3327

📖 Documentation improvements

• docs: align ALLURE_NO_ANALYTICS opt-out example with implementation by @grootstebozewolf in #3333

⛔️ Security

• Fix XSS in rendered report: HTML-escape user-controlled reportName by @grootstebozewolf in #3334
• Fix XSS in rendered report: HTML-escape user-controlled reportLanguage by @grootstebozewolf in #3337

👻 Internal changes

• Modernize Java quality checks and formatting ownership by @baev in #3328

New Contributors

• @grootstebozewolf made their first contribution in #3332

Full Changelog: 2.40.0...2.41.0

What's Changed

🚀 New Features

• new web by @baev in #3310

🐞 Bug Fixes

• Fix Windows start scripts classpath by @EmreeAltunn in #3309

⬆️ Dependency Updates

• Bump io.qameta.allure:allure-bom from 2.33.0 to 2.34.0 by @dependabot[bot] in #3304
• Bump com.github.spotbugs from 6.4.8 to 6.5.0 by @dependabot[bot] in #3306
• Bump org.projectlombok:lombok from 1.18.44 to 1.18.46 by @dependabot[bot] in #3317
• Bump gradle-wrapper from 9.4.1 to 9.5.0 by @dependabot[bot] in #3316
• Bump org.owasp.dependencycheck from 12.2.0 to 12.2.2 by @dependabot[bot] in #3305
• Bump net.sourceforge.pmd:pmd-java from 7.22.0 to 7.24.0 by @dependabot[bot] in #3318

👻 Internal changes

• add allure report by @baev in #3313
• Enrich tests by @baev in #3314
• enable screenshots and pw traces for e2e by @baev in #3322

New Contributors

• @EmreeAltunn made their first contribution in #3309

Full Changelog: 2.39.0...2.40.0

What's Changed

⬆️ Dependency Updates

• Bump com.diffplug.spotless from 8.3.0 to 8.4.0 by @dependabot[bot] in #3282
• Bump gradle-wrapper from 9.4.0 to 9.4.1 by @dependabot[bot] in #3284
• Bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2 by @dependabot[bot] in #3285
• Bump gradle/actions from 5 to 6 by @dependabot[bot] in #3286
• chore: update dependencies to fix vulnerabilities by @vdvukhzhilov in #3295
• Bump org.jsoup:jsoup from 1.21.2 to 1.22.1 by @dependabot[bot] in #3299

⛔️ Security

• fix serve & open path traversal by @baev in #3288
• fix: sanitize descriptionHtml, add ansi helper escaping by @vdvukhzhilov in #3296

👻 Internal changes

• Introduce Playwright e2e by @baev in #3297
• add test for bad characters in status details by @baev in #3298

Full Changelog: 2.38.1...2.39.0

What's Changed

🔬 Improvements

• Support utf8 env properties by @skuznetsov-al in #3266

🐞 Bug Fixes

• Fix attachments when results dir isn't normalized by @baev in #3280

⬆️ Dependency Updates

• Bump net.sourceforge.pmd:pmd-java from 7.20.0 to 7.22.0 by @dependabot[bot] in #3257

⛔️ Security

• replace logback with slf4j-jul by @baev in #3281

Full Changelog: 2.38.0...2.38.1

What's Changed

⬆️ Dependency Updates

• Bump webpack from 5.95.0 to 5.105.0 in /allure-generator by @dependabot[bot] in #3234
• Bump io.qameta.allure:allure-bom from 2.31.0 to 2.33.0 by @dependabot[bot] in #3250
• Bump com.fasterxml.jackson:jackson-bom from 2.21.0 to 2.21.1 by @dependabot[bot] in #3249
• Bump com.diffplug.spotless from 8.2.1 to 8.3.0 by @dependabot[bot] in #3260
• Bump org.mockito:mockito-core from 5.21.0 to 5.22.0 by @dependabot[bot] in #3258
• Bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #3254
• Bump actions/download-artifact from 7 to 8 by @dependabot[bot] in #3255
• Bump com.netflix.nebula.ospackage from 12.2.0 to 12.3.0 by @dependabot[bot] in #3265
• Bump org.projectlombok:lombok from 1.18.42 to 1.18.44 by @dependabot[bot] in #3275
• Bump gradle-wrapper from 9.3.1 to 9.4.0 by @dependabot[bot] in #3277
• Bump org.mockito:mockito-core from 5.22.0 to 5.23.0 by @dependabot[bot] in #3276

⛔️ Security

• fix path traversals for attachments by @baev in #3272
• chore: fix vulnerabilities in deps by @vdvukhzhilov in #3274
• fix: prevent xss in parameters and steps by @vdvukhzhilov in #3271

New Contributors

• @vdvukhzhilov made their first contribution in #3274

Full Changelog: 2.37.0...2.38.0

What's Changed

🔬 Improvements

• Support jira cloud by @skuznetsov-al in #3202
• Fixes chinese translation (fixes #2938) by @ChiufungLee in #3239

⬆️ Dependency Updates

• Bump qs to 6.14.1 by @epszaw in #3210
• Bump org.junit:junit-bom from 6.0.1 to 6.0.2 by @dependabot[bot] in #3208
• Bump com.github.spotbugs from 6.4.7 to 6.4.8 by @dependabot[bot] in #3189
• Bump actions/download-artifact from 6 to 7 by @dependabot[bot] in #3191
• Bump net.sourceforge.pmd:pmd-java from 7.19.0 to 7.20.0 by @dependabot[bot] in #3203
• Bump actions/upload-artifact from 5 to 6 by @dependabot[bot] in #3192
• Bump org.owasp.dependencycheck from 12.1.9 to 12.2.0 by @dependabot[bot] in #3220
• Bump com.netflix.nebula.ospackage from 12.1.1 to 12.2.0 by @dependabot[bot] in #3219
• Bump org.assertj:assertj-core from 3.27.6 to 3.27.7 by @dependabot[bot] in #3218
• Bump com.fasterxml.jackson:jackson-bom from 2.20.1 to 2.21.0 by @dependabot[bot] in #3228
• Bump com.diffplug.spotless from 8.1.0 to 8.2.1 by @dependabot[bot] in #3227
• Bump gradle-wrapper from 9.2.1 to 9.3.0 by @dependabot[bot] in #3226
• Bump com.gorylenko.gradle-git-properties from 2.5.4 to 2.5.7 by @dependabot[bot] in #3236
• Bump org.junit:junit-bom from 6.0.2 to 6.0.3 by @dependabot[bot] in #3242
• bump gradle wrapper validation action by @baev in #3244
• Bump gradle-wrapper from 9.3.0 to 9.3.1 by @dependabot[bot] in #3238

👻 Internal changes

• bump license year by @baev in #3248

New Contributors

• @skuznetsov-al made their first contribution in #3202
• @ChiufungLee made their first contribution in #3239

Full Changelog: 2.36.0...2.37.0

What's Changed

🚀 New Features

• Add Hungarian language translations by @GergelyNemeth911 in #3160

🔬 Improvements

• Add support for XHTML rendering by @noomorph in #3133

⬆️ Dependency Updates

• Bump org.projectlombok:lombok from 1.18.38 to 1.18.40 by @dependabot[bot] in #3110
• Bump net.sourceforge.pmd:pmd-java from 7.16.0 to 7.17.0 by @dependabot[bot] in #3117
• Bump com.github.spotbugs:spotbugs from 4.9.4 to 4.9.5 by @dependabot[bot] in #3118
• Bump com.github.spotbugs from 6.2.7 to 6.4.0 by @dependabot[bot] in #3119
• Bump com.github.spotbugs from 6.4.0 to 6.4.1 by @dependabot[bot] in #3120
• Bump glob from 10.3.12 to 10.5.0 in /allure-generator by @dependabot[bot] in #3156
• Bump node-forge to 1.3.2 by @epszaw in #3165
• Bump actions/checkout from 5 to 6 by @dependabot[bot] in #3158
• Bump io.qameta.allure:allure-bom from 2.29.1 to 2.30.0 by @dependabot[bot] in #3121
• Bump org.projectlombok:lombok from 1.18.40 to 1.18.42 by @dependabot[bot] in #3123
• Get rid of tika core by @baev in #3169
• Bump com.netflix.nebula.ospackage from 12.1.0 to 12.1.1 by @dependabot[bot] in #3171
• Bump com.github.spotbugs from 6.4.1 to 6.4.7 by @dependabot[bot] in #3170
• Bump gradle/actions from 4 to 5 by @dependabot[bot] in #3134
• Bump org.assertj:assertj-core from 3.27.4 to 3.27.6 by @dependabot[bot] in #3129
• Bump com.github.spotbugs:spotbugs from 4.9.5 to 4.9.8 by @dependabot[bot] in #3142
• Bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #3148
• Bump actions/download-artifact from 5 to 6 by @dependabot[bot] in #3149
• Bump com.bmuschko.docker-remote-api from 9.4.0 to 10.0.0 by @dependabot[bot] in #3172
• Bump commons-io:commons-io from 2.20.0 to 2.21.0 by @dependabot[bot] in #3177
• Bump org.mockito:mockito-core from 5.19.0 to 5.21.0 by @dependabot[bot] in #3176
• Bump io.qameta.allure:allure-bom from 2.30.0 to 2.31.0 by @dependabot[bot] in #3175
• Bump org.apache.commons:commons-lang3 from 3.18.0 to 3.20.0 by @dependabot[bot] in #3174
• Bump com.fasterxml.jackson:jackson-bom from 2.20.0 to 2.20.1 by @dependabot[bot] in #3173
• Bump js-yaml in /allure-generator by @dependabot[bot] in #3157
• Bump ch.qos.logback:logback-classic from 1.3.15 to 1.3.16 by @dependabot[bot] in #3179
• Bump org.owasp.dependencycheck from 12.1.3 to 12.1.9 by @dependabot[bot] in #3181
• Bump com.puppycrawl.tools:checkstyle from 11.0.1 to 12.2.0 by @dependabot[bot] in #3182
• Bump net.sourceforge.pmd:pmd-java from 7.17.0 to 7.19.0 by @dependabot[bot] in #3178
• Bump gradle to 9.2.1 by @baev in #3184
• Bump com.squareup.okhttp3:okhttp-bom from 5.1.0 to 5.3.2 by @dependabot[bot] in #3185
• Bump com.diffplug.spotless from 7.2.1 to 8.1.0 by @dependabot[bot] in #3187
• Bump com.gorylenko.gradle-git-properties from 2.5.3 to 2.5.4 by @dependabot[bot] in #3186
• Bump com.opencsv:opencsv from 5.9 to 5.12.0 by @valfirst in #3111
• Bump org.junit:junit-bom from 5.13.4 to 6.0.1 by @dependabot[bot] in #3180

👻 Internal changes

• Auto release by @baev in #3108

New Contributors

• @GergelyNemeth911 made their first contribution in #3160

Full Changelog: 2.35.1...2.36.0

What's Changed

⬆️ Dependency Updates

• Bump com.puppycrawl.tools:checkstyle from 10.26.1 to 11.0.1 by @dependabot[bot] in #3101
• Bump com.github.spotbugs from 6.2.2 to 6.2.6 by @dependabot[bot] in #3100
• Bump actions/setup-java from 4 to 5 by @dependabot[bot] in #3096
• Bump actions/checkout from 4 to 5 by @dependabot[bot] in #3091
• Bump org.assertj:assertj-core from 3.27.3 to 3.27.4 by @dependabot[bot] in #3088
• Bump com.netflix.nebula.ospackage from 12.0.0 to 12.1.0 by @dependabot[bot] in #3084
• Bump org.mockito:mockito-core from 5.18.0 to 5.19.0 by @dependabot[bot] in #3106
• Bump com.github.spotbugs from 6.2.6 to 6.2.7 by @dependabot[bot] in #3105
• Bump com.fasterxml.jackson:jackson-bom from 2.19.2 to 2.20.0 by @dependabot[bot] in #3104
• Bump com.gorylenko.gradle-git-properties from 2.5.2 to 2.5.3 by @dependabot[bot] in #3103
• Bump on-headers and compression in /allure-generator by @dependabot[bot] in #3066
• Bump com.github.spotbugs:spotbugs from 4.9.3 to 4.9.4 by @dependabot[bot] in #3107
• Bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #3086
• Bump net.sourceforge.pmd:pmd-java from 7.15.0 to 7.16.0 by @dependabot[bot] in #3075

Full Changelog: 2.35.0...2.35.1

What's Changed

🚀 New Features

• pw trace attachment by @todti in #2964

🔬 Improvements

• feat: Render WebP attachments as images by @valfirst in #2978
• Add Azure DevOps executor icon by @baev in #3059

⬆️ Dependency Updates

• Bump com.github.spotbugs from 6.2.0 to 6.2.1 by @dependabot[bot] in #3037
• Bump org.junit:junit-bom from 5.13.1 to 5.13.2 by @dependabot[bot] in #3038
• Bump com.puppycrawl.tools:checkstyle from 10.25.1 to 10.26.0 by @dependabot[bot] in #3039
• Bump net.sourceforge.pmd:pmd-java from 7.14.0 to 7.15.0 by @dependabot[bot] in #3042
• Bump com.puppycrawl.tools:checkstyle from 10.26.0 to 10.26.1 by @dependabot[bot] in #3041
• Bump com.netflix.nebula.ospackage from 11.11.2 to 12.0.0 by @dependabot[bot] in #3040
• Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 by @dependabot[bot] in #3054
• Bump com.diffplug.spotless from 7.0.4 to 7.1.0 by @dependabot[bot] in #3050
• Bump com.squareup.okhttp3:okhttp-bom from 4.12.0 to 5.1.0 by @dependabot[bot] in #3049
• Bump org.junit:junit-bom from 5.13.2 to 5.13.3 by @dependabot[bot] in #3047
• Bump com.github.spotbugs from 6.2.1 to 6.2.2 by @dependabot[bot] in #3060
• Bump com.gorylenko.gradle-git-properties from 2.5.0 to 2.5.2 by @dependabot[bot] in #3064
• Bump com.diffplug.spotless from 7.1.0 to 7.2.0 by @dependabot[bot] in #3069
• Bump org.junit:junit-bom from 5.13.3 to 5.13.4 by @dependabot[bot] in #3072
• Bump com.diffplug.spotless from 7.2.0 to 7.2.1 by @dependabot[bot] in #3073
• Bump com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2 by @dependabot[bot] in #3068
• Bump commons-io:commons-io from 2.19.0 to 2.20.0 by @dependabot[bot] in #3067

👻 Internal changes

• Potential fix for code scanning alert no. 9: Workflow does not contain permissions by @baev in #3055
• Potential fix for code scanning alert no. 8: Workflow does not contain permissions by @baev in #3057
• Potential fix for code scanning alert no. 7: Workflow does not contain permissions by @baev in #3058
• Potential fix for code scanning alert no. 4: Workflow does not contain permissions by @baev in #3061
• Potential fix for code scanning alert no. 3: Workflow does not contain permissions by @baev in #3063
• Potential fix for code scanning alert no. 6: Workflow does not contain permissions by @baev in #3062
• use ossrh staging api by @baev in #3102

Full Changelog: 2.34.1...2.35.0