diff --git a/RELEASE-CHECKLIST.md b/RELEASE-CHECKLIST.md
new file mode 100644
index 0000000..f711dcb
--- /dev/null
+++ b/RELEASE-CHECKLIST.md
@@ -0,0 +1,10 @@
+# Release Checklist for the SPDX Java Tools
+
+- [ ] Check for any warnings from the compiler and findbugs
+- [ ] Run unit tests for all packages that depend on the application
+- [ ] Run dependency check to find any potential vulnerabilities `mvn dependency-check:check`
+- [ ] Run `mvn release:prepare` - you will be prompted for the release - typically take the defaults
+- [ ] Run `mvn release:perform`
+- [ ] Release artifacts to Maven Central
+- [ ] Create a Git release including release notes
+- [ ] Zip up the files from the Maven archive and add them to the release
diff --git a/pom.xml b/pom.xml
index 911c50c..7c2686d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,6 +33,7 @@
https://github.com/spdx/tools-java
https://github.com/spdx/tools-java.git
https://github.com/spdx/tools-java.git
+ master
Github
@@ -61,9 +62,23 @@
- gpg-signing
+ release
+
+ org.apache.maven.plugins
+ maven-source-plugin
+ 3.2.1
+
+
+ attach-sources
+ verify
+
+ jar-no-fork
+
+
+
+
org.apache.maven.plugins
maven-gpg-plugin
@@ -205,7 +220,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.6.1
+ 3.11.0
${project.build.sourceEncoding}
true
@@ -235,20 +250,6 @@
-
- org.apache.maven.plugins
- maven-source-plugin
- 3.2.1
-
-
- attach-sources
- verify
-
- jar-no-fork
-
-
-
-
org.apache.maven.plugins
maven-shade-plugin
@@ -288,7 +289,7 @@
org.spdx
spdx-maven-plugin
- 0.6.0
+ 0.7.2
build-spdx
@@ -300,7 +301,7 @@
http://spdx.org/documents/tools-java-${project.version}
- Copyright (c) 2020 Source Auditor Inc.
+ Copyright (c) 2024 Source Auditor Inc.
Gary O'Neall
@@ -325,6 +326,16 @@
Organization: Linux Foundation
+
+ org.apache.maven.plugins
+ maven-release-plugin
+ 3.0.1
+
+ v@{project.version}
+ release
+ deploy
+
+