Context

This prepares the breaking Allure Java 3.0.0 line. The release now targets Java 17 by default, validates builds on JDK 17 and JDK 25, removes legacy modules and aliases, moves shared HTTP exchange support into allure-java-commons, and updates the public docs so each published module has a README.md entry point for Allure Report users.

Breaking changes

• Raised the default Java compile target from --release 8 to --release 17.
• Removed the root Gradle Java 21 toolchain so CI/local launcher JDKs are meaningful.
• Kept allure-jooq and allure-karate on --release 21; CI excludes those two modules from JDK 17 checks and runs them on JDK 25.
• Removed the legacy allure-junit5 and allure-junit5-assert relocation publications, BOM entries, tests, and bridge verification.
• Removed the separate allure-attachments module and all HTTP FreeMarker request/response templates.
• Removed allure-test-filter as a separate artifact and moved test-plan filtering into allure-java-commons.
• Removed legacy AS_TESTPLAN_PATH; test-plan lookup now uses ALLURE_TESTPLAN_PATH.
• Removed allure-reader.
• Migrated Servlet and JAX-RS integrations from javax.* APIs to Jakarta APIs.
• Deprecated lifecycle container methods as migration bridges and added the new scope API for integrations.
• High-level runtime attachment APIs now wrap attachments in ordered meta-steps, including HTTP exchange attachments.

Removed modules/artifacts

• allure-attachments
• allure-cucumber4-jvm (Cucumber 4.8.0)
• allure-cucumber5-jvm (Cucumber 5.1.2, Gherkin 5.1.0)
• allure-cucumber6-jvm (Cucumber 6.10.2, Gherkin 18.0.0)
• allure-jbehave (JBehave 4.8.3)
• allure-okhttp (OkHttp 2.7.5)
• allure-reader
• allure-spock (Spock 1.x / Groovy 2.5)
• allure-test-filter
• allure-junit5 relocation publication
• allure-junit5-assert relocation publication

HTTP exchange attachments

HTTP client integrations now write one structured attachment per exchange using the Allure HTTP exchange schema:

• schema version: 1
• content type: application/vnd.allure.http+json
• file extension: .httpexchange
• redacted value marker: __ALLURE_REDACTED__
• default body limit: 1 MiB

The new public model lives in io.qameta.allure.http: HttpExchange, HttpExchangeRequest, HttpExchangeResponse, HttpExchangeBody, HttpExchangeBodyPart, HttpExchangeCookie, HttpExchangeNameValue, HttpExchangeInformationalResponse, HttpExchangeStream, and HttpExchangeError.

Manual usage:

HttpExchange exchange = HttpExchange.builder()
        .redactHeader("Authorization")
        .redactCookie("SESSION")
        .redactQueryParameter("token")
        .redactFormParameter("password")
        .setMaxBodySize(64 * 1024)
        .request("POST", "https://example.test/api/orders", request -> request
                .addHeader("Authorization", "Bearer secret")
                .addCookie("SESSION", "secret")
                .addQuery("token", "secret")
                .setBody(HttpExchangeBody.utf8("{\"password\":\"secret\"}")))
        .response(response -> response
                .setStatus(201)
                .setStatusText("Created")
                .addHeader("Content-Type", "application/json")
                .setBody(HttpExchangeBody.utf8("{\"id\":42}")))
        .build();

Allure.addHttpExchange("Create order", exchange);

Integration configuration examples:

new AllureRestAssured()
        .setAttachmentName("HTTP exchange")
        .configureHttpExchange(exchange -> exchange
                .redactHeader("Authorization")
                .redactCookie("SESSION")
                .redactQueryParameter("token")
                .setMaxBodySize(64 * 1024));

new AllureOkHttp3()
        .configureHttpExchange(exchange -> exchange
                .redactHeader("Authorization")
                .redactCookie("SESSION"));

new AllureHttpClient5Response()
        .configureHttpExchange(exchange -> exchange
                .redactFormParameter("password")
                .setMaxBodySize(128 * 1024));

REST Assured also carries its configured blacklisted headers into HTTP exchange redaction automatically.

Lifecycle and model changes

• Added ScopeResult, ScopeFixtureResult, and ScopeFixtureType.
• Added lifecycle scope methods: startScope, updateScope, stopScope, and writeScope.
• Added scope-aware fixture APIs while keeping container APIs as deprecated migration bridges.
• Migrated JUnit Platform, TestNG, and Spock 2 integrations toward the scope API.
• Added scope metadata support for labels, links, parameters, description, and HTML description.
• Kept Allure result/container file output compatible by converting scopes to containers when writing results.

Attachment behavior

High-level APIs now preserve attachment order by creating meta-steps:

Allure.step("step 1");
Allure.addAttachment("request", "...");
Allure.step("step 2");

This now renders as:

1. step 1
2. request attachment step
3. step 2

Covered APIs include Allure.attachment(...), Allure.addAttachment(...), Allure.addByteAttachmentAsync(...), Allure.addStreamAttachmentAsync(...), and Allure.addHttpExchange(...).

HTTP and client integration changes

• allure-rest-assured, allure-httpclient, allure-httpclient5, allure-okhttp3, allure-spring-web, allure-jax-rs, and allure-servlet-api now depend on allure-java-commons instead of allure-attachments.
• HTTP integrations produce structured HTTP exchange attachments instead of separate HTML request/response attachments.
• Removed HTTP template customization APIs tied to FreeMarker request/response rendering.
• allure-grpc no longer uses the shared attachments module or request/response templates.
• allure-jsonunit keeps non-HTTP rendering locally instead of depending on shared attachments.

Dependency and tool updates

Build and plugins:

• Project version: 2.36-SNAPSHOT -> 3.0-SNAPSHOT
• Gradle wrapper: 8.11 -> 9.5.1
• Spotless plugin: 6.25.0 -> 8.6.0
• Shadow plugin: io.github.goooler.shadow:8.1.8 -> com.gradleup.shadow:9.4.2
• Allure Gradle plugin: 4.0.0 -> 4.1.0
• Protobuf Gradle plugin: 0.9.6 -> 0.10.0
• SpotBugs Gradle plugin: 6.4.7 -> 6.5.6
• Kotlin Gradle plugin: 2.0.0 -> 2.4.0
• Develocity plugin: 3.17.5 -> 4.4.2

Managed dependencies and quality tools:

• Jackson BOM: 2.21.1 -> 2.22.0
• JUnit BOM: 5.10.3 -> 6.1.0
• SLF4J: 2.0.17 -> 2.0.18
• AspectJ: 1.9.25 -> 1.9.25.1
• Checkstyle: 12.3.0 -> 12.3.1
• PMD Java: 7.15.0 -> 7.25.0
• SpotBugs engine: 4.9.8 -> 4.10.2
• WireMock: com.github.tomakehurst:wiremock:3.0.1 -> org.wiremock:wiremock:3.13.2
• Gson: 2.8.9 -> 2.14.0
• Guava: 32.0.1-jre -> 33.6.0-jre
• Commons IO: 2.20.0 -> 2.22.0
• javax.annotation-api:1.3.2 -> jakarta.annotation-api:3.0.0
• Commons Lang: 3.18.0 -> 3.20.0
• Commons Text: 1.10.0 -> 1.15.0
• FreeMarker: 2.3.33 -> 2.3.34
• grpcmock-junit5: 0.8.0 -> 1.1.1
• RESTEasy client: 7.0.1.Final -> 7.0.2.Final
• MockServer Netty: 5.15.0 -> 7.0.0
• Mockito: 5.21.0 -> 5.23.0

Framework/module dependencies:

• Citrus: 2.8.0 -> 3.4.1
• Cucumber JVM 7: 7.18.1 + Gherkin 28.0.0 -> Cucumber BOM 7.34.3
• gRPC: 1.79.0 -> 1.81.0
• Protobuf: 4.33.5 -> 4.35.0
• Apache HttpClient 5: 5.3.1 -> 5.6.1
• JAX-RS API: javax.ws.rs-api:2.1.1 -> jakarta.ws.rs-api:4.0.0
• JBehave 5: 5.1.1 -> 5.2.0
• jOOQ: 3.20.11 -> 3.21.5
• Embedded Postgres: 2.2.0 -> 2.2.2
• Embedded Postgres binaries BOM: 18.1.0 -> 18.4.0
• PostgreSQL JDBC: 42.7.7 -> 42.7.11
• JsonUnit: 2.35.0 -> 5.1.2
• Karate: com.intuit.karate:karate-core:1.4.1 -> io.karatelabs:karate-core:2.0.10
• OkHttp: 4.12.0 -> 5.4.0
• Playwright Java: 1.59.0 -> 1.60.0
• Scala 2.12: 2.12.19 -> 2.12.21
• Scala 2.13: 2.13.14 -> 2.13.18
• ScalaTest: 3.2.19 -> 3.2.20
• Selenide: 7.4.1 -> 7.16.2
• Servlet API: javax.servlet-api:4.0.1 -> jakarta.servlet-api:6.1.0
• Spock 2: 2.3-groovy-3.0 -> 2.4-groovy-5.0
• Groovy: 3.0.22 -> 5.0.6
• Spring Web: 6.2.17 -> 7.0.8
• TestNG: 7.11.0 -> 7.12.0

Documentation and repository metadata

• Rewrote the root README as a user-facing Allure Java entry point.
• Added or normalized README.md for every remaining module.
• Updated the bug report module selector to match current published modules.
• Updated labeler rules to remove discontinued modules and add missing current modules.
• Updated allure-junit4-aspect package metadata and README to clarify the Gradle/JUnit 4 AspectJ use case.
• Added JavaDoc description processor coverage broadly, excluding modules where it would create transitive dependency problems.
• Added summary JavaDoc descriptions for configured tests.

Checklist

• Sign Allure CLA
• Provide unit tests