2.13.0 / 2026-06-08

Please update your git remotes to point to Codeberg; the Github
repository is deprecated. Downloads will still be hosted there, but
the Codeberg git repository is now canonical.

• Verify pom signatures in addition to jars for GPG/SSH. (Phil Hagelberg)
• Emit correct exit code when dependency signature verification fails. (Phil Hagelberg)
• Verify SSH signatures with lein deps :verify allowed-signers. (Phil Hagelberg)
• Avoid native access warnings on Windows. (Phil Hagelberg)
• Ensure synthetic jar entries have timestamps matching project.clj file. (Phil Hagelberg)
• Support SOURCE_DATE_EPOCH environment variable. (Phil Hagelberg)
• Sign with SSH keys when deploying; :signing {:ssh-key nil} to disable. (Phil Hagelberg)
• Update Maven Resolver API dependency, improving behavior when rate limited. (Toby Crawley)

2.12.0 / 2025-09-12

This will be the last release of Leiningen that is still mirrored on
Github; future releases will be Codeberg-only.

• Use :managed-dependencies instead of :exclusions for version ranges. (Phil Hagelberg)
• Add :plugin-tree-data subcommand to deps task. (Gabriel Giussi)
• Fix a bug in :active-profiles in middleware plugins. (Rob Browning)
• Update to nREPL 1.3.0 (oyakushev)
• Update Clojure version (Justin Polchlopek)

2.11.2 / 2024-02-13

• Add :preserve-eval-meta setting to avoid project code reflection. (Marco Biscaro)
• Fix a bug where metadata on project code caused plugin incompatibilities. (Marco Biscaro)

2.11.1 / 2024-01-28

• Fix a bug when deploying using passwords read from the console. (Phil Hagelberg)

2.11.0 / 2024-01-27

• Top-level :exclusions can now affect top-level :dependencies. (Juan Monetta)
• Fix a bug where :eval-in :nrepl couldn't detect running repl. (Phil Hagelberg)
• Fix a bug where :eval-in :nrepl would crash. (Marco Biscaro)
• Fix a bug where files on test path could be visible during jar. (Phil Hagelberg)
• Fix an issue with check in namespaces that rely on AOT. (Phil Hagelberg)
• Fix a redundant confusing dependencies warning. (Phil Hagelberg)
• Add static-classpath task for static analysis. (Phil Hagelberg)
• Major performance improvements handling pathological dependency trees. (Marco Biscaro)
• Improve error reporting for search failures. (rome user)
• Support XDG config directories. (Phil Hagelberg)
• Use $XDG_CACHE_HOME for self-installs if it exists. (Phil Hagelberg)
• Add warnings for buggy composite profiles. (Phil Hagelberg)

2.10.0 / 2022-12-09

• Update to nREPL 1.0.0 (Phil Hagelberg)
• Fix a bug where :eval-in :leiningen could suppress test exit code. (Phil Hagelberg)
• Add the ability to sign deployed files using SSH keys, not just GPG. (Phil Hagelberg)
• Fix a bug where uberjar splices profiles into target path incorrectly. (Phil Hagelberg)

2.9.10 / 2022-08-09

• Fix a bug where dev-resources could leak into jars/uberjars. (Phil Hagelberg)
• Avoid illegal reflective access doing XML parsing in uberjar/search. (Phil Hagelberg)

• Migrate the repository from Github to Codeberg. (Phil Hagelberg)
• Fix a bug in new where template group-ids could be ignored. (Phil Hagelberg)
• Work around a change in Java 9 which broke template listing. (Phil Hagelberg)
• Fix a bug in pedantic checks which resulted in infinite loops. (Phil Hagelberg)
• Prevent module-info.class files from being included in uberjars. (Phil Hagelberg)
• Prevent duplicate warnings in resource-paths when creating jars. (Phil Hagelberg)
• Fix an issue with check where AOT would shadow reflection warnings. (Phil Hagelberg)
• Allow change to edit dependency versions. (Eric Schoen)
• Fix a bug where composite profiles would leak dependencies downstream. (Phil Hagelberg)
• Allow repl to bind to filesystem sockets via :headless :socket PATH (Rob Browning)

2.9.8 / 2021-11-11

• Fix a bug where certain deep dependency trees would overflow stack. (Phil Hagelberg)
• Allow LEIN_JAR to be overridden if you install elsewhere. (Ahmed Sajid)

• Detect certain pathological dependency trees and warn. (Phil Hagelberg)
• Bump to Clojure 1.10.3. (Grzegorz Smajdor)
• Don't warn on version ranges which point to a single version. (Pierre-Yves Ritschard)
• Fix a bug where verifying deps could loop forever. (James Carnegie)
• Get better error messages when deploys fail. (Toby Crawley)

Note: previous release jars were published under .zip filenames to work around quirks in Github; this is no longer needed so jar files have a .jar extension now as expected.