diff --git a/.gitignore b/.gitignore
index 57d2359..788b806 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 velocity-1.6.3.tar.gz
 /velocity-1.6.4.tar.gz
 /velocity-1.7.tar.gz
+/velocity-1.7.pom
diff --git a/0000-Remove-avalon-logkit.patch b/0000-Remove-avalon-logkit.patch
deleted file mode 100644
index 552fca3..0000000
--- a/0000-Remove-avalon-logkit.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 15c0c0edebc8980dfa3d64f507962f7b822d0fdc Mon Sep 17 00:00:00 2001
-From: Stanislav Ochotnicky <sochotnicky@redhat.com>
-Date: Thu, 30 Jul 2020 15:35:08 +0200
-Subject: [PATCH 0/8] Remove avalon-logkit
-
----
- pom.xml                                                     | 6 ------
- .../apache/velocity/runtime/defaults/velocity.properties    | 4 ++--
- src/java/org/apache/velocity/runtime/log/LogManager.java    | 2 +-
- 3 files changed, 3 insertions(+), 9 deletions(-)
-
-diff --git a/pom.xml b/pom.xml
-index 77a8e38..f453208 100644
---- a/pom.xml
-+++ b/pom.xml
-@@ -196,12 +196,6 @@
-       <version>2.3</version>
-       <scope>provided</scope>
-     </dependency>
--    <dependency>
--      <groupId>logkit</groupId>
--      <artifactId>logkit</artifactId>
--      <version>2.0</version>
--      <scope>provided</scope>
--    </dependency>
-     <dependency>
-       <groupId>ant</groupId>
-       <artifactId>ant</artifactId>
-diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
-index 750a59a..7fac119 100644
---- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties
-+++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
-@@ -20,10 +20,10 @@
- # ----------------------------------------------------------------------------
- 
- # ----------------------------------------------------------------------------
--#  default LogChute to use: default: AvalonLogChute, Log4JLogChute, CommonsLogLogChute, ServletLogChute, JdkLogChute
-+#  default LogChute to use: default: JdkLogChute
- # ----------------------------------------------------------------------------
- 
--runtime.log.logsystem.class = org.apache.velocity.runtime.log.AvalonLogChute,org.apache.velocity.runtime.log.Log4JLogChute,org.apache.velocity.runtime.log.CommonsLogLogChute,org.apache.velocity.runtime.log.ServletLogChute,org.apache.velocity.runtime.log.JdkLogChute
-+runtime.log.logsystem.class = org.apache.velocity.runtime.log.JdkLogChute
- 
- # ---------------------------------------------------------------------------
- # This is the location of the Velocity Runtime log.
--- 
-2.26.2
-
diff --git a/0008-Port-to-apache-commons-lang3.patch b/0001-Port-to-apache-commons-lang3.patch
similarity index 73%
rename from 0008-Port-to-apache-commons-lang3.patch
rename to 0001-Port-to-apache-commons-lang3.patch
index 8fa0bf8..191611a 100644
--- a/0008-Port-to-apache-commons-lang3.patch
+++ b/0001-Port-to-apache-commons-lang3.patch
@@ -1,106 +1,42 @@
-From cd0a1db2ba5930de40b8f884efd492875226e9d8 Mon Sep 17 00:00:00 2001
-From: Fabio Valentini <decathorpe@gmail.com>
-Date: Thu, 30 Jul 2020 15:51:00 +0200
-Subject: [PATCH 8/8] Port to apache commons-lang3
+From bf0462e3c293863947dde1c22a62c3d4a187a70c Mon Sep 17 00:00:00 2001
+From: Marian Koncek <mkoncek@redhat.com>
+Date: Thu, 31 Oct 2019 14:35:40 +0100
+Subject: [PATCH 1/2] Port to apache-commons-lang3
 
 ---
- build/build.properties                        | 28 +++++++++----------
- pom.xml                                       |  6 ++--
- .../event/implement/EscapeHtmlReference.java  |  4 +--
- .../implement/EscapeJavaScriptReference.java  |  4 +--
- .../event/implement/EscapeSqlReference.java   |  5 ++--
- .../event/implement/EscapeXmlReference.java   |  2 +-
- .../velocity/runtime/RuntimeInstance.java     |  2 +-
- .../velocity/runtime/VelocimacroFactory.java  |  2 +-
- .../velocity/runtime/directive/Block.java     |  2 +-
- .../runtime/directive/RuntimeMacro.java       |  2 +-
- .../velocity/runtime/log/AvalonLogChute.java  |  2 +-
- .../velocity/runtime/parser/Parser.java       |  2 +-
- .../runtime/parser/ParserTokenManager.java    |  2 +-
- .../runtime/parser/node/ASTDirective.java     |  2 +-
- .../runtime/parser/node/ASTMethod.java        |  4 +--
- .../runtime/parser/node/ASTStringLiteral.java |  2 +-
- .../runtime/parser/node/NodeUtils.java        |  2 +-
- .../runtime/parser/node/PropertyExecutor.java |  2 +-
- .../parser/node/SetPropertyExecutor.java      |  4 +--
- .../runtime/parser/node/SimpleNode.java       |  4 +--
- .../runtime/resource/ResourceManagerImpl.java |  4 +--
- .../loader/ClasspathResourceLoader.java       |  2 +-
- .../loader/DataSourceResourceLoader.java      |  2 +-
- .../resource/loader/FileResourceLoader.java   |  2 +-
- .../resource/loader/JarResourceLoader.java    |  2 +-
- .../resource/loader/StringResourceLoader.java |  2 +-
- .../resource/loader/URLResourceLoader.java    |  2 +-
- .../velocity/util/introspection/ClassMap.java |  2 +-
- src/parser/Parser.jjt                         |  2 +-
- .../io/UnicodeInputStreamTestCase.java        |  2 +-
- .../apache/velocity/test/BaseTestCase.java    |  2 +-
- .../velocity/test/MethodCacheKeyTestCase.java |  2 +-
- .../org/apache/velocity/test/sql/HsqlDB.java  |  2 +-
- 33 files changed, 56 insertions(+), 55 deletions(-)
+ pom.xml                                                     | 6 +++---
+ .../velocity/app/event/implement/EscapeHtmlReference.java   | 4 ++--
+ .../app/event/implement/EscapeJavaScriptReference.java      | 4 ++--
+ .../velocity/app/event/implement/EscapeSqlReference.java    | 5 +++--
+ .../velocity/app/event/implement/EscapeXmlReference.java    | 2 +-
+ src/java/org/apache/velocity/runtime/RuntimeInstance.java   | 2 +-
+ .../org/apache/velocity/runtime/VelocimacroFactory.java     | 2 +-
+ src/java/org/apache/velocity/runtime/directive/Block.java   | 2 +-
+ .../org/apache/velocity/runtime/directive/RuntimeMacro.java | 2 +-
+ src/java/org/apache/velocity/runtime/parser/Parser.java     | 2 +-
+ .../apache/velocity/runtime/parser/ParserTokenManager.java  | 2 +-
+ .../apache/velocity/runtime/parser/node/ASTDirective.java   | 2 +-
+ .../org/apache/velocity/runtime/parser/node/ASTMethod.java  | 4 ++--
+ .../velocity/runtime/parser/node/ASTStringLiteral.java      | 2 +-
+ .../org/apache/velocity/runtime/parser/node/NodeUtils.java  | 2 +-
+ .../velocity/runtime/parser/node/PropertyExecutor.java      | 2 +-
+ .../velocity/runtime/parser/node/SetPropertyExecutor.java   | 4 ++--
+ .../org/apache/velocity/runtime/parser/node/SimpleNode.java | 4 ++--
+ .../velocity/runtime/resource/ResourceManagerImpl.java      | 4 ++--
+ .../runtime/resource/loader/ClasspathResourceLoader.java    | 2 +-
+ .../runtime/resource/loader/DataSourceResourceLoader.java   | 2 +-
+ .../runtime/resource/loader/FileResourceLoader.java         | 2 +-
+ .../velocity/runtime/resource/loader/JarResourceLoader.java | 2 +-
+ .../runtime/resource/loader/StringResourceLoader.java       | 2 +-
+ .../velocity/runtime/resource/loader/URLResourceLoader.java | 2 +-
+ .../org/apache/velocity/util/introspection/ClassMap.java    | 2 +-
+ .../org/apache/velocity/io/UnicodeInputStreamTestCase.java  | 2 +-
+ src/test/org/apache/velocity/test/BaseTestCase.java         | 2 +-
+ .../org/apache/velocity/test/MethodCacheKeyTestCase.java    | 2 +-
+ 29 files changed, 39 insertions(+), 38 deletions(-)
 
-diff --git a/build/build.properties b/build/build.properties
-index 6d928bd..b723852 100644
---- a/build/build.properties
-+++ b/build/build.properties
-@@ -172,9 +172,9 @@ import=javax.naming,\
-  javax.sql,\
-  org.apache.commons.collections,\
-  org.apache.commons.collections.map,\
-- org.apache.commons.lang,\
-- org.apache.commons.lang.builder,\
-- org.apache.commons.lang.text,\
-+ org.apache.commons.lang3,\
-+ org.apache.commons.lang3.builder,\
-+ org.apache.commons.lang3.text,\
-  org.apache.commons.logging;resolution:=optional,\
-  org.apache.log;resolution:=optional,\
-  org.apache.log.format;resolution:=optional,\
-@@ -260,7 +260,7 @@ export=org.apache.velocity;uses:="org.apache.velocity.context,\
-      org.apache.velocity.runtime,\
-      org.apache.velocity.runtime.directive,\
-      org.apache.velocity.runtime.parser.node",\
-- org.apache.velocity.runtime.parser.node;uses:="org.apache.commons.lang.text,\
-+ org.apache.velocity.runtime.parser.node;uses:="org.apache.commons.lang3.text,\
-      org.apache.velocity.context,\
-      org.apache.velocity.exception,\
-      org.apache.velocity.runtime,\
-@@ -303,15 +303,15 @@ export=org.apache.velocity;uses:="org.apache.velocity.context,\
- dep.export=org.apache.commons.collections,\
-  org.apache.commons.collections.iterators;uses:="org.apache.commons.collections",\
-  org.apache.commons.collections.map;uses:="org.apache.commons.collections",\
-- org.apache.commons.lang;uses:="org.apache.commons.lang.exception",\
-- org.apache.commons.lang.builder,\
-- org.apache.commons.lang.enum,\
-- org.apache.commons.lang.enums,\
-- org.apache.commons.lang.exception,\
-- org.apache.commons.lang.math,\
-- org.apache.commons.lang.mutable,\
-- org.apache.commons.lang.text,\
-- org.apache.commons.lang.time,\
-+ org.apache.commons.lang3;uses:="org.apache.commons.lang3.exception",\
-+ org.apache.commons.lang3.builder,\
-+ org.apache.commons.lang3.enum,\
-+ org.apache.commons.lang3.enums,\
-+ org.apache.commons.lang3.exception,\
-+ org.apache.commons.lang3.math,\
-+ org.apache.commons.lang3.mutable,\
-+ org.apache.commons.lang3.text,\
-+ org.apache.commons.lang3.time,\
-  org.apache.oro.io;uses:="org.apache.oro.text,\
-      org.apache.oro.text.regex",\
-  org.apache.oro.text;uses:="org.apache.oro.text.regex,\
-@@ -379,7 +379,7 @@ dep.export=org.apache.commons.collections,\
-      org.apache.velocity.runtime,\
-      org.apache.velocity.runtime.directive,\
-      org.apache.velocity.runtime.parser.node",\
-- org.apache.velocity.runtime.parser.node;uses:="org.apache.commons.lang.text,\
-+ org.apache.velocity.runtime.parser.node;uses:="org.apache.commons.lang3.text,\
-      org.apache.velocity.context,\
-      org.apache.velocity.exception,\
-      org.apache.velocity.runtime,\
 diff --git a/pom.xml b/pom.xml
-index 8cb5d3f..56af634 100644
+index 77a8e383..eee15b34 100644
 --- a/pom.xml
 +++ b/pom.xml
 @@ -148,9 +148,9 @@
@@ -112,12 +48,12 @@ index 8cb5d3f..56af634 100644
 -      <version>2.4</version>
 +      <groupId>org.apache.commons</groupId>
 +      <artifactId>commons-lang3</artifactId>
-+      <version>3.8.1</version>
++      <version>3.9</version>
      </dependency>
      <dependency>
        <groupId>oro</groupId>
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
-index 6d98b45..56d1e62 100644
+index 6d98b45c..e1469957 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeHtmlReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -134,12 +70,12 @@ index 6d98b45..56d1e62 100644
      protected String escape(Object text)
      {
 -        return StringEscapeUtils.escapeHtml(text.toString());
-+        return StringEscapeUtils.ESCAPE_HTML4.translate(text.toString());
++        return StringEscapeUtils.escapeHtml4(text.toString());
      }
  
      /**
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
-index ea49ddb..b9196c5 100644
+index ea49ddbf..12f38f47 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeJavaScriptReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -156,12 +92,12 @@ index ea49ddb..b9196c5 100644
      protected String escape(Object text)
      {
 -        return StringEscapeUtils.escapeJavaScript(text.toString());
-+        return StringEscapeUtils.ESCAPE_ECMASCRIPT.translate(text.toString());
++        return StringEscapeUtils.escapeEcmaScript(text.toString());
      }
  
      /**
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java
-index 585cb6c..adea560 100644
+index 585cb6c6..39e04f43 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeSqlReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -169,7 +105,7 @@ index 585cb6c..adea560 100644
   */
  
 -import org.apache.commons.lang.StringEscapeUtils;
-+import org.apache.commons.lang3.StringEscapeUtils;
++import org.apache.commons.lang3.StringUtils;
  
  /**
   * Escapes the characters in a String to be suitable to pass to an SQL query.
@@ -178,13 +114,13 @@ index 585cb6c..adea560 100644
      protected String escape(Object text)
      {
 -        return StringEscapeUtils.escapeSql(text.toString());
-+        // commons-lang3 dropped the SQL escaper because it was incomplete
-+        return text.toString();
++        // See https://commons.apache.org/proper/commons-lang/javadocs/api-2.6/org/apache/commons/lang/StringEscapeUtils.html#escapeSql(java.lang.String)
++        return StringUtils.replace(text.toString(), "'", "''");
      }
  
      /**
 diff --git a/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java b/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
-index 3d5b40f..fbb525c 100644
+index 3d5b40f0..fbb525cb 100644
 --- a/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
 +++ b/src/java/org/apache/velocity/app/event/implement/EscapeXmlReference.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.app.event.implement;
@@ -197,7 +133,7 @@ index 3d5b40f..fbb525c 100644
  /**
   * Escape all XML entities.
 diff --git a/src/java/org/apache/velocity/runtime/RuntimeInstance.java b/src/java/org/apache/velocity/runtime/RuntimeInstance.java
-index bf99faa..a79d42c 100644
+index 670c083d..f877114d 100644
 --- a/src/java/org/apache/velocity/runtime/RuntimeInstance.java
 +++ b/src/java/org/apache/velocity/runtime/RuntimeInstance.java
 @@ -32,7 +32,7 @@ import java.util.Map;
@@ -210,7 +146,7 @@ index bf99faa..a79d42c 100644
  import org.apache.velocity.app.event.EventCartridge;
  import org.apache.velocity.app.event.EventHandler;
 diff --git a/src/java/org/apache/velocity/runtime/VelocimacroFactory.java b/src/java/org/apache/velocity/runtime/VelocimacroFactory.java
-index 2737b3b..956ab05 100644
+index 8756b66f..70e3d489 100644
 --- a/src/java/org/apache/velocity/runtime/VelocimacroFactory.java
 +++ b/src/java/org/apache/velocity/runtime/VelocimacroFactory.java
 @@ -26,7 +26,7 @@ import java.util.Map;
@@ -223,7 +159,7 @@ index 2737b3b..956ab05 100644
  import org.apache.velocity.exception.VelocityException;
  import org.apache.velocity.runtime.directive.Directive;
 diff --git a/src/java/org/apache/velocity/runtime/directive/Block.java b/src/java/org/apache/velocity/runtime/directive/Block.java
-index f5fdfa8..b136543 100644
+index f5fdfa85..b136543d 100755
 --- a/src/java/org/apache/velocity/runtime/directive/Block.java
 +++ b/src/java/org/apache/velocity/runtime/directive/Block.java
 @@ -23,7 +23,7 @@ import java.io.IOException;
@@ -236,7 +172,7 @@ index f5fdfa8..b136543 100644
  import org.apache.velocity.exception.TemplateInitException;
  import org.apache.velocity.runtime.Renderable;
 diff --git a/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java b/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java
-index 090b552..d22ac4e 100644
+index 090b5522..d22ac4ed 100644
 --- a/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java
 +++ b/src/java/org/apache/velocity/runtime/directive/RuntimeMacro.java
 @@ -23,7 +23,7 @@ import java.io.IOException;
@@ -248,21 +184,8 @@ index 090b552..d22ac4e 100644
  import org.apache.velocity.context.InternalContextAdapter;
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.exception.ParseErrorException;
-diff --git a/src/java/org/apache/velocity/runtime/log/AvalonLogChute.java b/src/java/org/apache/velocity/runtime/log/AvalonLogChute.java
-index f4016ca..f7e467d 100644
---- a/src/java/org/apache/velocity/runtime/log/AvalonLogChute.java
-+++ b/src/java/org/apache/velocity/runtime/log/AvalonLogChute.java
-@@ -24,7 +24,7 @@ import java.io.IOException;
- import java.util.HashMap;
- import java.util.Map;
- 
--import org.apache.commons.lang.StringUtils;
-+import org.apache.commons.lang3.StringUtils;
- import org.apache.log.Hierarchy;
- import org.apache.log.LogTarget;
- import org.apache.log.Logger;
 diff --git a/src/java/org/apache/velocity/runtime/parser/Parser.java b/src/java/org/apache/velocity/runtime/parser/Parser.java
-index 085e7a4..62dfe48 100644
+index 1253381f..b8e7112e 100644
 --- a/src/java/org/apache/velocity/runtime/parser/Parser.java
 +++ b/src/java/org/apache/velocity/runtime/parser/Parser.java
 @@ -10,7 +10,7 @@ import org.apache.velocity.runtime.directive.Directive;
@@ -275,7 +198,7 @@ index 085e7a4..62dfe48 100644
  
  /**
 diff --git a/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java b/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java
-index ce00d99..9563a1f 100644
+index ce00d99d..9563a1fb 100644
 --- a/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java
 +++ b/src/java/org/apache/velocity/runtime/parser/ParserTokenManager.java
 @@ -9,7 +9,7 @@ import org.apache.velocity.runtime.directive.Directive;
@@ -288,7 +211,7 @@ index ce00d99..9563a1f 100644
  
  /** Token Manager. */
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java b/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java
-index 86e86b7..f1ab78d 100644
+index 74727729..8fc59737 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/ASTDirective.java
 @@ -22,7 +22,7 @@ package org.apache.velocity.runtime.parser.node;
@@ -301,7 +224,7 @@ index 86e86b7..f1ab78d 100644
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.exception.ParseErrorException;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java b/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java
-index a1545e5..7354c9a 100644
+index 489429bb..df54dd93 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/ASTMethod.java
 @@ -21,8 +21,8 @@ package org.apache.velocity.runtime.parser.node;
@@ -316,7 +239,7 @@ index a1545e5..7354c9a 100644
  import org.apache.velocity.context.InternalContextAdapter;
  import org.apache.velocity.exception.MethodInvocationException;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java b/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java
-index bb56cd9..0bc63bc 100644
+index 2267993c..82cca27a 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/ASTStringLiteral.java
 @@ -21,7 +21,7 @@ import java.io.IOException;
@@ -329,7 +252,7 @@ index bb56cd9..0bc63bc 100644
  import org.apache.velocity.exception.TemplateInitException;
  import org.apache.velocity.exception.VelocityException;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java b/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java
-index 52bcda9..8362c3e 100644
+index 713a86ae..0ac03fbc 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/NodeUtils.java
 @@ -19,7 +19,7 @@ package org.apache.velocity.runtime.parser.node;
@@ -342,7 +265,7 @@ index 52bcda9..8362c3e 100644
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.runtime.parser.ParserConstants;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java b/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java
-index 8c78228..20d6c18 100644
+index 8c78228e..20d6c185 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/PropertyExecutor.java
 @@ -21,7 +21,7 @@ package org.apache.velocity.runtime.parser.node;
@@ -355,7 +278,7 @@ index 8c78228..20d6c18 100644
  import org.apache.velocity.runtime.RuntimeLogger;
  import org.apache.velocity.runtime.log.Log;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java b/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java
-index 0b27b45..ba5d512 100644
+index 0078d023..80887fad 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/SetPropertyExecutor.java
 @@ -21,8 +21,8 @@ package org.apache.velocity.runtime.parser.node;
@@ -370,7 +293,7 @@ index 0b27b45..ba5d512 100644
  import org.apache.velocity.runtime.log.Log;
  import org.apache.velocity.util.introspection.Introspector;
 diff --git a/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java b/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java
-index 108846f..6372830 100644
+index 108846f8..6372830f 100644
 --- a/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java
 +++ b/src/java/org/apache/velocity/runtime/parser/node/SimpleNode.java
 @@ -22,8 +22,8 @@ package org.apache.velocity.runtime.parser.node;
@@ -385,7 +308,7 @@ index 108846f..6372830 100644
  import org.apache.velocity.exception.MethodInvocationException;
  import org.apache.velocity.exception.ParseErrorException;
 diff --git a/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java b/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java
-index 1b504eb..b33d4ed 100644
+index 778b42a9..a396e42f 100644
 --- a/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java
 +++ b/src/java/org/apache/velocity/runtime/resource/ResourceManagerImpl.java
 @@ -158,7 +158,7 @@ public class ResourceManagerImpl
@@ -407,7 +330,7 @@ index 1b504eb..b33d4ed 100644
                  log.warn("Declared encoding for template '" +
                               resource.getName() +
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java
-index 623766f..a7cc276 100644
+index 52d09a98..bf48aa45 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/ClasspathResourceLoader.java
 @@ -22,7 +22,7 @@ package org.apache.velocity.runtime.resource.loader;
@@ -420,7 +343,7 @@ index 623766f..a7cc276 100644
  import org.apache.velocity.runtime.resource.Resource;
  import org.apache.velocity.util.ClassUtils;
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java
-index 833e0ac..7414913 100644
+index f85b6d62..38ec30dc 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/DataSourceResourceLoader.java
 @@ -218,7 +218,7 @@ public class DataSourceResourceLoader extends ResourceLoader
@@ -433,7 +356,7 @@ index 833e0ac..7414913 100644
              throw new ResourceNotFoundException("DataSourceResourceLoader: Template name was empty or null");
          }
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java
-index 462ed16..3898889 100644
+index 923274a7..8580caeb 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/FileResourceLoader.java
 @@ -118,7 +118,7 @@ public class FileResourceLoader extends ResourceLoader
@@ -446,7 +369,7 @@ index 462ed16..3898889 100644
              /*
               * If we don't get a properly formed templateName then
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java
-index 172384e..b7fb1a7 100644
+index 054d890e..71d6c083 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/JarResourceLoader.java
 @@ -195,7 +195,7 @@ public class JarResourceLoader extends ResourceLoader
@@ -459,7 +382,7 @@ index 172384e..b7fb1a7 100644
              throw new ResourceNotFoundException("Need to have a resource!");
          }
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java
-index 895182d..41c0ec9 100644
+index 245c10b8..86a08b9d 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/StringResourceLoader.java
 @@ -26,7 +26,7 @@ import java.io.ByteArrayInputStream;
@@ -472,7 +395,7 @@ index 895182d..41c0ec9 100644
  import org.apache.velocity.exception.VelocityException;
  import org.apache.velocity.runtime.resource.Resource;
 diff --git a/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java b/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java
-index de06636..74ab86a 100644
+index de066367..74ab86a6 100644
 --- a/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java
 +++ b/src/java/org/apache/velocity/runtime/resource/loader/URLResourceLoader.java
 @@ -26,7 +26,7 @@ import java.net.URL;
@@ -485,7 +408,7 @@ index de06636..74ab86a 100644
  import org.apache.velocity.exception.ResourceNotFoundException;
  import org.apache.velocity.runtime.resource.Resource;
 diff --git a/src/java/org/apache/velocity/util/introspection/ClassMap.java b/src/java/org/apache/velocity/util/introspection/ClassMap.java
-index 66bc7b1..77c1c8b 100644
+index 00512892..2e128b7e 100644
 --- a/src/java/org/apache/velocity/util/introspection/ClassMap.java
 +++ b/src/java/org/apache/velocity/util/introspection/ClassMap.java
 @@ -23,7 +23,7 @@ import java.lang.reflect.Method;
@@ -497,21 +420,8 @@ index 66bc7b1..77c1c8b 100644
  import org.apache.velocity.runtime.log.Log;
  import org.apache.velocity.util.MapFactory;
  
-diff --git a/src/parser/Parser.jjt b/src/parser/Parser.jjt
-index 7ebdb67..f5d3c62 100644
---- a/src/parser/Parser.jjt
-+++ b/src/parser/Parser.jjt
-@@ -86,7 +86,7 @@ import org.apache.velocity.runtime.directive.Directive;
- import org.apache.velocity.runtime.directive.Macro;
- import org.apache.velocity.runtime.directive.MacroParseException;
- import org.apache.velocity.util.StringUtils;
--import org.apache.commons.lang.text.StrBuilder;
-+import org.apache.commons.lang3.text.StrBuilder;
- import org.apache.velocity.runtime.RuntimeConstants;
- 
- /**
 diff --git a/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java b/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java
-index 3142f45..ff36682 100644
+index 02499985..4b0b254f 100644
 --- a/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java
 +++ b/src/test/org/apache/velocity/io/UnicodeInputStreamTestCase.java
 @@ -27,7 +27,7 @@ import junit.framework.Test;
@@ -524,7 +434,7 @@ index 3142f45..ff36682 100644
  
  /**
 diff --git a/src/test/org/apache/velocity/test/BaseTestCase.java b/src/test/org/apache/velocity/test/BaseTestCase.java
-index 9faf585..f893d0f 100644
+index 0ea00cbd..798a322b 100644
 --- a/src/test/org/apache/velocity/test/BaseTestCase.java
 +++ b/src/test/org/apache/velocity/test/BaseTestCase.java
 @@ -353,7 +353,7 @@ public abstract class BaseTestCase extends TestCase implements TemplateTestBase
@@ -537,7 +447,7 @@ index 9faf585..f893d0f 100644
                  buf.append('.').append(ext);
              }
 diff --git a/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java b/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java
-index d1ad1db..e70c5f2 100644
+index 77dfc54e..4befc6ef 100644
 --- a/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java
 +++ b/src/test/org/apache/velocity/test/MethodCacheKeyTestCase.java
 @@ -21,7 +21,7 @@ package org.apache.velocity.test;
@@ -549,19 +459,6 @@ index d1ad1db..e70c5f2 100644
  import org.apache.velocity.runtime.parser.node.ASTMethod;
  
  /**
-diff --git a/src/test/org/apache/velocity/test/sql/HsqlDB.java b/src/test/org/apache/velocity/test/sql/HsqlDB.java
-index 6f6c9f6..89d9d53 100644
---- a/src/test/org/apache/velocity/test/sql/HsqlDB.java
-+++ b/src/test/org/apache/velocity/test/sql/HsqlDB.java
-@@ -19,7 +19,7 @@ package org.apache.velocity.test.sql;
-  * under the License.    
-  */
- 
--import org.apache.commons.lang.StringUtils;
-+import org.apache.commons.lang3.StringUtils;
- 
- import org.hsqldb.jdbcDriver;
- 
 -- 
-2.26.2
+2.25.4
 
diff --git a/0002-Force-use-of-JDK-log-chute.patch b/0002-Force-use-of-JDK-log-chute.patch
new file mode 100644
index 0000000..c3c2235
--- /dev/null
+++ b/0002-Force-use-of-JDK-log-chute.patch
@@ -0,0 +1,25 @@
+From b2eee6ccc6ef24e084567a0a38d21fa3765df6ad Mon Sep 17 00:00:00 2001
+From: Mikolaj Izdebski <mizdebsk@redhat.com>
+Date: Fri, 15 May 2020 09:56:26 +0200
+Subject: [PATCH 2/2] Force use of JDK log chute
+
+---
+ .../org/apache/velocity/runtime/defaults/velocity.properties    | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+index 750a59af..855118b9 100644
+--- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties
++++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+@@ -23,7 +23,7 @@
+ #  default LogChute to use: default: AvalonLogChute, Log4JLogChute, CommonsLogLogChute, ServletLogChute, JdkLogChute
+ # ----------------------------------------------------------------------------
+ 
+-runtime.log.logsystem.class = org.apache.velocity.runtime.log.AvalonLogChute,org.apache.velocity.runtime.log.Log4JLogChute,org.apache.velocity.runtime.log.CommonsLogLogChute,org.apache.velocity.runtime.log.ServletLogChute,org.apache.velocity.runtime.log.JdkLogChute
++runtime.log.logsystem.class = org.apache.velocity.runtime.log.JdkLogChute
+ 
+ # ---------------------------------------------------------------------------
+ # This is the location of the Velocity Runtime log.
+-- 
+2.25.4
+
diff --git a/0002-Use-system-jars.patch b/0002-Use-system-jars.patch
deleted file mode 100644
index 8de07d4..0000000
--- a/0002-Use-system-jars.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From d7c3b400786c04eacc0065acccdad6b40ccbc35b Mon Sep 17 00:00:00 2001
-From: Stanislav Ochotnicky <sochotnicky@redhat.com>
-Date: Thu, 30 Jul 2020 15:36:52 +0200
-Subject: [PATCH 2/8] Use system jars
-
----
- build/build.xml     | 56 ++++++++++-----------------------------------
- build/testcases.xml |  6 -----
- 2 files changed, 12 insertions(+), 50 deletions(-)
-
-diff --git a/build/build.xml b/build/build.xml
-index c667553..479ef2d 100644
---- a/build/build.xml
-+++ b/build/build.xml
-@@ -140,28 +140,6 @@
-   <!-- =================================================================== -->
-   <!-- sets up the build environment (classpath and libs)                  -->
-   <!-- =================================================================== -->
--  <target name="build-prepare">
--    <ant antfile="${velocity.build.dir}/download.xml" target="build-download" />
--
--    <!-- Build classpath -->
--    <path id="velocity.build.classpath">
--      <fileset dir="${build.lib}">
--        <include name="**/*.jar"/>
--      </fileset>
--    </path>
--
--    <!-- Test classpath, contains dependencies needed only for Testing -->
--    <path id="velocity.test.classpath">
--      <fileset dir="${build.test.lib}">
--        <include name="**/*.jar"/>
--      </fileset>
--    </path>
--
--    <path id="velocity.run.classpath">
--      <path refid="velocity.build.classpath"/>
--      <pathelement location="${build.dir}/${final.name}.jar"/>
--    </path>
--  </target>
- 
-   <!-- =================================================================== -->
-   <!-- checks for the existence/non-existence of various java features     -->
-@@ -174,12 +152,11 @@
-   <target name="prepare-jdbc" depends="check-jdbc,check-jdbc-true,check-jdbc-false"/>
-   <target name="prepare-jdk14" depends="check-jdk14,check-jdk14-true,check-jdk14-false"/>
- 
--  <target name="check-jdbc" depends="build-prepare">
-+  <target name="check-jdbc">
-     <!--  note: check to see if required class is available.  -->
-     <!-- might be j2ee.jar, jdbc2_0-stdext.jar, or simply JDK 1.4+ -->
-     <available classname="javax.sql.DataSource"
-                property="jdbc.present">
--      <classpath refid="velocity.build.classpath"/>
-     </available>
-   </target>
- 
-@@ -210,10 +187,9 @@
-     </echo>
-   </target>
- 
--  <target name="check-jdk14" depends="build-prepare">
-+  <target name="check-jdk14">
-      <available classname="java.util.logging.Logger"
-                property="jdk14.present">
--      <classpath refid="velocity.build.classpath"/>
-     </available>
-   </target>
- 
-@@ -248,7 +224,7 @@
-   <!-- =================================================================== -->
-   <target name="compile" depends="compile-src,compile-test"/>
- 
--  <target name="compile-src" depends="prepare,build-prepare,check-jdbc,check-jdk14"
-+  <target name="compile-src" depends="prepare,check-jdbc,check-jdk14"
-           description="Compiles the Velocity source">
-     <javac srcdir="${build.src}"
-       destdir="${build.dest}"
-@@ -257,8 +233,7 @@
-       target="${javac.target}"
-       source="${javac.source}"
-       deprecation="${deprecation}"
--      optimize="${optimize}"
--      classpathref="velocity.build.classpath"/>
-+      optimize="${optimize}"/>
- 
-     <copy todir="${build.dest}" filtering="yes">
-       <fileset dir="${src.java.dir}">
-@@ -268,7 +243,7 @@
- 
-   </target>
- 
--  <target name="compile-test" depends="prepare,build-prepare,compile-src"
-+  <target name="compile-test" depends="prepare,compile-src"
-           description="Compiles the Velocity test classes">
-     <javac srcdir="${build.test.src}"
-       destdir="${build.test.dest}"
-@@ -279,8 +254,6 @@
- 
-       <!-- Don't use the run classpath, build using the exploded class tree -->
-       <classpath>
--        <path refid="velocity.build.classpath"/>
--        <path refid="velocity.test.classpath" />
-         <pathelement location="${build.dest}"/>
-       </classpath>
-     </javac>
-@@ -561,7 +534,7 @@
-   <!-- =================================================================== -->
-   <!-- Compiles the example code                                           -->
-   <!-- =================================================================== -->
--  <target name="examples" depends="build-prepare,jar"
-+  <target name="examples"
-           description="Compiles the Velocity Example code">
- 
-     <echo>
-@@ -585,8 +558,7 @@
-       encoding="UTF-8"
-       debug="${debug}"
-       deprecation="${deprecation}"
--      optimize="${optimize}"
--      classpathref="velocity.run.classpath"/>
-+      optimize="${optimize}"/>
-   </target>
- 
-   <target name="examples-clean" depends="examples-clean-anakia">
-@@ -604,7 +576,7 @@
-   <!-- =================================================================== -->
-   <!-- Creates the API documentation                                       -->
-   <!-- =================================================================== -->
--  <target name="javadocs" depends="prepare,build-prepare"
-+  <target name="javadocs" depends="prepare"
-           description="Creates the Javadoc API documentation">
- 
-     <mkdir dir="${build.javadoc}"/>
-@@ -620,8 +592,7 @@
-              doctitle="${name} ${version} API"
-              encoding="UTF-8"
-              docencoding="UTF-8"
--             bottom="Copyright &#169; 2000-${build.year} &lt;a href=&quot;http://www.apache.org/&quot;&gt;Apache Software Foundation&lt;/a&gt;. All Rights Reserved."
--             classpathref="velocity.build.classpath">
-+             bottom="Copyright &#169; 2000-${build.year} &lt;a href=&quot;http://www.apache.org/&quot;&gt;Apache Software Foundation&lt;/a&gt;. All Rights Reserved.">
- 
-       <link href="${javadocs.ref.jsdk}"/>
-       <link href="http://www.jdom.org/docs/apidocs"/>
-@@ -1024,12 +995,11 @@
-   <!-- Make HTML version of Velocity documentation                         -->
-   <!-- =================================================================== -->
- 
--  <target name="docs" depends="build-prepare,jar"
-+  <target name="docs" depends="jar"
-           description="Generates the Velocity HTML documentation">
- 
-     <taskdef name="anakia"
--             classname="org.apache.velocity.anakia.AnakiaTask"
--             classpathref="velocity.run.classpath"/>
-+             classname="org.apache.velocity.anakia.AnakiaTask"/>
- 
-     <echo>
-   #######################################################
-@@ -1231,7 +1201,7 @@
-   <!-- =================================================================== -->
-   <!-- JUnit Tests for Velocity                                            -->
-   <!-- =================================================================== -->
--  <target name="test-main" depends="build-prepare,compile-test"
-+  <target name="test-main" depends="compile-test"
-           description="Run the Velocity testcases">
- 
-     <!-- Require ant 1.7+ for Junit compatibility -->
-@@ -1264,8 +1234,6 @@
- 
-       <!-- Don't use the run classpath, test using the exploded class tree -->
-       <classpath>
--        <path refid="velocity.build.classpath" />
--        <path refid="velocity.test.classpath" />
-         <pathelement path="${build.dest}"/>
-         <pathelement path="${build.test.dest}"/>
-       </classpath>
-diff --git a/build/testcases.xml b/build/testcases.xml
-index 06bb36e..f3749bc 100644
---- a/build/testcases.xml
-+++ b/build/testcases.xml
-@@ -36,12 +36,6 @@
- 
-   <!-- Build classpath -->
-   <path id="velocity.test.classpath">
--    <fileset dir="${build.lib}">
--      <include name="**/*.jar"/>
--    </fileset>
--    <fileset dir="${build.test.lib}">
--      <include name="**/*.jar"/>
--    </fileset>
-     <pathelement location="${build.dest}"/>
-     <pathelement location="${build.test.dest}"/>
-   </path>
--- 
-2.26.2
-
diff --git a/0003-CVE-2020-13936.patch b/0003-CVE-2020-13936.patch
new file mode 100644
index 0000000..5e9f9b3
--- /dev/null
+++ b/0003-CVE-2020-13936.patch
@@ -0,0 +1,77 @@
+From 3be84770e7fbe6f000f0c002905e86fe1412d551 Mon Sep 17 00:00:00 2001
+From: Marian Koncek <mkoncek@redhat.com>
+Date: Thu, 11 Mar 2021 16:22:50 +0100
+Subject: [PATCH] CVE-2020-13936
+
+From upstream patches:
+https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485
+https://github.com/apache/velocity-engine/commit/15909056fe51f5d39d49e101d706d3075876dde4
+https://github.com/apache/velocity-engine/commit/3f5d477bb4f4397bed2d2926c35dcef7de3aae3e
+
+---
+ .../velocity/runtime/defaults/velocity.properties | 15 ++++++++++-----
+ .../introspection/SecureIntrospectorImpl.java     |  9 +++++++++
+ 2 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/src/java/org/apache/velocity/runtime/defaults/velocity.properties b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+index 855118b..a8a9231 100644
+--- a/src/java/org/apache/velocity/runtime/defaults/velocity.properties
++++ b/src/java/org/apache/velocity/runtime/defaults/velocity.properties
+@@ -245,15 +245,16 @@ runtime.introspector.uberspect = org.apache.velocity.util.introspection.Uberspec
+ # accessed.
+ # ----------------------------------------------------------------------------
+ 
++# Prohibit reflection
+ introspector.restrict.packages = java.lang.reflect
+ 
+ # The two most dangerous classes
++# ClassLoader, Thread, and subclasses disabled by default in SecureIntrospectorImpl
+ 
+-introspector.restrict.classes = java.lang.Class
+-introspector.restrict.classes = java.lang.ClassLoader
+-                
+-# Restrict these for extra safety
++# Restrict these system classes.  Note that anything in this list is matched exactly.
++# (Subclasses must be explicitly named to be included).
+ 
++introspector.restrict.classes = java.lang.Class
+ introspector.restrict.classes = java.lang.Compiler
+ introspector.restrict.classes = java.lang.InheritableThreadLocal
+ introspector.restrict.classes = java.lang.Package
+@@ -262,8 +263,12 @@ introspector.restrict.classes = java.lang.Runtime
+ introspector.restrict.classes = java.lang.RuntimePermission
+ introspector.restrict.classes = java.lang.SecurityManager
+ introspector.restrict.classes = java.lang.System
+-introspector.restrict.classes = java.lang.Thread
+ introspector.restrict.classes = java.lang.ThreadGroup
+ introspector.restrict.classes = java.lang.ThreadLocal
+ 
++# Restrict instance managers for common servlet containers  (Tomcat, JBoss, Jetty)
+ 
++introspector.restrict.classes = org.apache.catalina.core.DefaultInstanceManager
++introspector.restrict.classes = org.apache.tomcat.SimpleInstanceManager
++introspector.restrict.classes = org.wildfly.extension.undertow.deployment.UndertowJSPInstanceManager
++introspector.restrict.classes = org.eclipse.jetty.util.DecoratedObjectFactory
+diff --git a/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java b/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java
+index f317b1c..25fc84d 100644
+--- a/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java
++++ b/src/java/org/apache/velocity/util/introspection/SecureIntrospectorImpl.java
+@@ -121,6 +121,15 @@ public class SecureIntrospectorImpl extends Introspector implements SecureIntros
+             return true;
+         }
+ 
++       /**
++       * Always disallow ClassLoader, Thread and subclasses
++       */
++        if (ClassLoader.class.isAssignableFrom(clazz) ||
++                Thread.class.isAssignableFrom(clazz))
++        {
++            return false;
++        }
++
+         /**
+          * check the classname (minus any array info)
+          * whether it matches disallowed classes or packages
+-- 
+2.29.2
+
diff --git a/0003-JDBC-41-compat.patch b/0003-JDBC-41-compat.patch
deleted file mode 100644
index 5bc75eb..0000000
--- a/0003-JDBC-41-compat.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 716435f7bda16e053e7d3166b6ef3d93a047d2c2 Mon Sep 17 00:00:00 2001
-From: Fabio Valentini <decathorpe@gmail.com>
-Date: Thu, 30 Jul 2020 15:37:21 +0200
-Subject: [PATCH 3/8] JDBC 41 compat
-
----
- src/test/org/apache/velocity/test/sql/HsqlDataSource.java | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/test/org/apache/velocity/test/sql/HsqlDataSource.java b/src/test/org/apache/velocity/test/sql/HsqlDataSource.java
-index 547928b..360a6d4 100644
---- a/src/test/org/apache/velocity/test/sql/HsqlDataSource.java
-+++ b/src/test/org/apache/velocity/test/sql/HsqlDataSource.java
-@@ -23,6 +23,7 @@ import java.io.PrintWriter;
- import java.sql.Connection;
- import java.sql.DriverManager;
- import java.sql.SQLException;
-+import java.sql.SQLFeatureNotSupportedException;
- 
- import javax.sql.DataSource;
- 
-@@ -73,5 +74,8 @@ public class HsqlDataSource implements DataSource {
-     public Object unwrap(final Class iface) throws SQLException {
- 	throw new SQLException("Not implemented");
-     }
-+    public java.util.logging.Logger getParentLogger() throws SQLFeatureNotSupportedException {
-+	throw new SQLFeatureNotSupportedException("getParentLogger() not supported");
-+    }
- 
- }
--- 
-2.26.2
-
diff --git a/0004-Do-not-use-Werken-XPath.patch b/0004-Do-not-use-Werken-XPath.patch
deleted file mode 100644
index c6a25cd..0000000
--- a/0004-Do-not-use-Werken-XPath.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-From 55c4e510ccd1483ec7e1a15fff366753b6ada3ac Mon Sep 17 00:00:00 2001
-From: Mikolaj Izdebski <mizdebsk@redhat.com>
-Date: Thu, 30 Jul 2020 15:37:49 +0200
-Subject: [PATCH 4/8] Do not use Werken XPath
-
----
- .../apache/velocity/anakia/AnakiaElement.java    |  7 +++++--
- .../org/apache/velocity/anakia/NodeList.java     |  6 ++++--
- .../org/apache/velocity/anakia/XPathCache.java   |  9 ++++++---
- .../org/apache/velocity/anakia/XPathTool.java    | 16 ++++++++++------
- 4 files changed, 25 insertions(+), 13 deletions(-)
-
-diff --git a/src/java/org/apache/velocity/anakia/AnakiaElement.java b/src/java/org/apache/velocity/anakia/AnakiaElement.java
-index c72b653..df13153 100644
---- a/src/java/org/apache/velocity/anakia/AnakiaElement.java
-+++ b/src/java/org/apache/velocity/anakia/AnakiaElement.java
-@@ -20,8 +20,10 @@ package org.apache.velocity.anakia;
-  */
- 
- import org.jdom.Element;
-+import org.jdom.JDOMException;
- import org.jdom.Namespace;
- import org.jdom.output.XMLOutputter;
-+
- import java.util.List;
- 
- /**
-@@ -126,10 +128,11 @@ public class AnakiaElement extends Element
-      * @param xpathExpression the XPath expression you wish to apply
-      * @return a NodeList representing the nodes that are the result of
-      * application of the XPath to the current element. It can be empty.
-+     * @throws JDOMException
-      */
--    public NodeList selectNodes(String xpathExpression)
-+    public NodeList selectNodes(String xpathExpression) throws JDOMException
-     {
--        return new NodeList(XPathCache.getXPath(xpathExpression).applyTo(this), false);
-+        return new NodeList(XPathCache.getXPath(xpathExpression).selectNodes(this), false);
-     }
- 
-     /**
-diff --git a/src/java/org/apache/velocity/anakia/NodeList.java b/src/java/org/apache/velocity/anakia/NodeList.java
-index daf611d..b303bda 100644
---- a/src/java/org/apache/velocity/anakia/NodeList.java
-+++ b/src/java/org/apache/velocity/anakia/NodeList.java
-@@ -35,6 +35,7 @@ import org.jdom.DocType;
- import org.jdom.Document;
- import org.jdom.Element;
- import org.jdom.EntityRef;
-+import org.jdom.JDOMException;
- import org.jdom.ProcessingInstruction;
- import org.jdom.Text;
- import org.jdom.output.XMLOutputter;
-@@ -289,10 +290,11 @@ public class NodeList implements List, Cloneable
-      * @param xpathString the XPath expression you wish to apply
-      * @return a NodeList representing the nodes that are the result of
-      * application of the XPath to the current node list. It can be empty.
-+     * @throws JDOMException
-      */
--    public NodeList selectNodes(String xpathString)
-+    public NodeList selectNodes(String xpathString) throws JDOMException
-     {
--        return new NodeList(XPathCache.getXPath(xpathString).applyTo(nodes), false);
-+        return new NodeList(XPathCache.getXPath(xpathString).selectNodes(nodes), false);
-     }
- 
- // List methods implemented hereafter
-diff --git a/src/java/org/apache/velocity/anakia/XPathCache.java b/src/java/org/apache/velocity/anakia/XPathCache.java
-index cef43d9..0d633b0 100644
---- a/src/java/org/apache/velocity/anakia/XPathCache.java
-+++ b/src/java/org/apache/velocity/anakia/XPathCache.java
-@@ -19,7 +19,9 @@ package org.apache.velocity.anakia;
-  * under the License.    
-  */
- 
--import com.werken.xpath.XPath;
-+import org.jdom.JDOMException;
-+import org.jdom.xpath.XPath;
-+
- import java.util.Map;
- import java.util.WeakHashMap;
- 
-@@ -46,8 +48,9 @@ class XPathCache
-      * A cached object is returned if it already exists for the requested expression.
-      * @param xpathString the XPath expression to parse
-      * @return the XPath object that represents the parsed XPath expression.
-+     * @throws JDOMException
-      */
--    static XPath getXPath(String xpathString)
-+    static XPath getXPath(String xpathString) throws JDOMException
-     {
-         XPath xpath = null;
-         synchronized(XPATH_CACHE)
-@@ -55,7 +58,7 @@ class XPathCache
-             xpath = (XPath)XPATH_CACHE.get(xpathString);
-             if(xpath == null)
-             {
--                xpath = new XPath(xpathString);
-+                xpath = XPath.newInstance(xpathString);
-                 XPATH_CACHE.put(xpathString, xpath);
-             }
-         }
-diff --git a/src/java/org/apache/velocity/anakia/XPathTool.java b/src/java/org/apache/velocity/anakia/XPathTool.java
-index c9e6178..f85d2c1 100644
---- a/src/java/org/apache/velocity/anakia/XPathTool.java
-+++ b/src/java/org/apache/velocity/anakia/XPathTool.java
-@@ -23,6 +23,7 @@ import java.util.List;
- 
- import org.jdom.Document;
- import org.jdom.Element;
-+import org.jdom.JDOMException;
- 
- /**
-  * This class adds an entrypoint into XPath functionality,
-@@ -88,12 +89,13 @@ public class XPathTool
-      * @param doc The Document context
-      *
-      * @return A list of selected nodes
-+     * @throws JDOMException
-      */
-     public NodeList applyTo(String xpathSpec,
--                        Document doc)
-+                        Document doc) throws JDOMException
-     {
-         //RuntimeSingleton.info("XPathTool::applyTo(String, Document)");
--        return new NodeList(XPathCache.getXPath(xpathSpec).applyTo( doc ), false);
-+        return new NodeList(XPathCache.getXPath(xpathSpec).selectNodes( doc ), false);
-     }
- 
-     /**
-@@ -103,12 +105,13 @@ public class XPathTool
-      * @param elem The Element context
-      *
-      * @return A list of selected nodes
-+     * @throws JDOMException
-      */
-     public NodeList applyTo(String xpathSpec,
--                        Element elem)
-+                        Element elem) throws JDOMException
-     {
-         //RuntimeSingleton.info("XPathTool::applyTo(String, Element)");
--        return new NodeList(XPathCache.getXPath(xpathSpec).applyTo( elem ), false);
-+        return new NodeList(XPathCache.getXPath(xpathSpec).selectNodes( elem ), false);
-     }
- 
-     /**
-@@ -118,12 +121,13 @@ public class XPathTool
-      * @param nodeSet The nodeset context
-      *
-      * @return A list of selected nodes
-+     * @throws JDOMException
-      */
-     public NodeList applyTo(String xpathSpec,
--                        List nodeSet)
-+                        List nodeSet) throws JDOMException
-     {
-         //RuntimeSingleton.info("XPathTool::applyTo(String, List)");
--        return new NodeList(XPathCache.getXPath(xpathSpec).applyTo( nodeSet ), false);
-+        return new NodeList(XPathCache.getXPath(xpathSpec).selectNodes( nodeSet ), false);
-     }
- }
- 
--- 
-2.26.2
-
diff --git a/0005-Skip-Java-8-incompatible-test.patch b/0005-Skip-Java-8-incompatible-test.patch
deleted file mode 100644
index 9d725d1..0000000
--- a/0005-Skip-Java-8-incompatible-test.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From bb1afd044489984a14b4619fed943e430f36a854 Mon Sep 17 00:00:00 2001
-From: Mikolaj Izdebski <mizdebsk@redhat.com>
-Date: Thu, 30 Jul 2020 15:38:32 +0200
-Subject: [PATCH 5/8] Skip Java 8 incompatible test
-
----
- .../org/apache/velocity/test/issues/VelTools66TestCase.java    | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java b/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java
-index 00bb0b1..6fb7260 100644
---- a/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java
-+++ b/src/test/org/apache/velocity/test/issues/VelTools66TestCase.java
-@@ -87,7 +87,8 @@ public class VelTools66TestCase
- 
-         Method testMethod = introspector.getMethod(TestObject.class, "getTestValue", new Object[0]);
-         assertNotNull(testMethod);
--        assertEquals("Method object does not match!", verifyMethod, testMethod);
-+        // Java 8 incompatibility
-+        // assertEquals("Method object does not match!", verifyMethod, testMethod);
-     }
- 
-     public static interface TestInterface
--- 
-2.26.2
-
diff --git a/0006-Run-javadoc-with-Xdoclint-none.patch b/0006-Run-javadoc-with-Xdoclint-none.patch
deleted file mode 100644
index ee06f53..0000000
--- a/0006-Run-javadoc-with-Xdoclint-none.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 49155f009858a9332b0d58c814f5166bba0cccde Mon Sep 17 00:00:00 2001
-From: Fabio Valentini <decathorpe@gmail.com>
-Date: Thu, 30 Jul 2020 15:38:59 +0200
-Subject: [PATCH 6/8] Run javadoc with -Xdoclint:none
-
----
- build/build.xml | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/build/build.xml b/build/build.xml
-index 479ef2d..0544f2c 100644
---- a/build/build.xml
-+++ b/build/build.xml
-@@ -592,6 +592,7 @@
-              doctitle="${name} ${version} API"
-              encoding="UTF-8"
-              docencoding="UTF-8"
-+             additionalparam="-Xdoclint:none"
-              bottom="Copyright &#169; 2000-${build.year} &lt;a href=&quot;http://www.apache.org/&quot;&gt;Apache Software Foundation&lt;/a&gt;. All Rights Reserved.">
- 
-       <link href="${javadocs.ref.jsdk}"/>
--- 
-2.26.2
-
diff --git a/0007-Fix-OSGi-metadata.patch b/0007-Fix-OSGi-metadata.patch
deleted file mode 100644
index 8a59c9f..0000000
--- a/0007-Fix-OSGi-metadata.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From e025e3519d3f1e1a12bb8fb896648dfc345fdeba Mon Sep 17 00:00:00 2001
-From: Fabio Valentini <decathorpe@gmail.com>
-Date: Thu, 30 Jul 2020 15:39:36 +0200
-Subject: [PATCH 7/8] Fix OSGi metadata
-
----
- build/build.properties | 12 ++++--------
- 1 file changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/build/build.properties b/build/build.properties
-index aba450e..6d928bd 100644
---- a/build/build.properties
-+++ b/build/build.properties
-@@ -166,8 +166,7 @@ javac.source=1.4
- 
- ########################################################################
- # OSGi stuff
--import=com.werken.xpath;resolution:=optional,\
-- javax.naming,\
-+import=javax.naming,\
-  javax.servlet;resolution:=optional,\
-  javax.servlet.http;resolution:=optional,\
-  javax.sql,\
-@@ -188,8 +187,7 @@ import=com.werken.xpath;resolution:=optional,\
-  org.jdom.input;resolution:=optional,\
-  org.jdom.output;resolution:=optional,\
-  org.xml.sax
--dep.import=com.werken.xpath;resolution:=optional,\
-- javax.naming,\
-+dep.import=javax.naming,\
-  javax.servlet;resolution:=optional,\
-  javax.servlet.http;resolution:=optional,\
-  javax.sql,\
-@@ -207,8 +205,7 @@ dep.import=com.werken.xpath;resolution:=optional,\
- export=org.apache.velocity;uses:="org.apache.velocity.context,\
-      org.apache.velocity.exception,\
-      org.apache.velocity.runtime.resource",\
-- org.apache.velocity.anakia;uses:="com.werken.xpath,\
--     org.apache.tools.ant,\
-+ org.apache.velocity.anakia;uses:="org.apache.tools.ant,\
-      org.apache.tools.ant.taskdefs,\
-      org.jdom,\
-      org.jdom.output",\
-@@ -327,8 +324,7 @@ dep.export=org.apache.commons.collections,\
-  org.apache.velocity;uses:="org.apache.velocity.context,\
-      org.apache.velocity.exception,\
-      org.apache.velocity.runtime.resource",\
-- org.apache.velocity.anakia;uses:="com.werken.xpath,\
--     org.apache.tools.ant,\
-+ org.apache.velocity.anakia;uses:="org.apache.tools.ant,\
-      org.apache.tools.ant.taskdefs,\
-      org.jdom,\
-      org.jdom.output",\
--- 
-2.26.2
-
diff --git a/generate-tarball.sh b/generate-tarball.sh
index a86a470..1457e3a 100755
--- a/generate-tarball.sh
+++ b/generate-tarball.sh
@@ -9,13 +9,13 @@ wget "http://www.apache.org/dist/${name}/engine/${version}/${name}-${version}.ta
 
 rm -rf tarball-tmp
 mkdir tarball-tmp
-cd tarball-tmp
+pushd tarball-tmp
 tar xf "../${name}-${version}.orig.tar.gz"
 
 # CLEAN TARBALL
 rm -r */*.jar
 rm -r */lib
 
-tar cf "../${name}-${version}.tar.gz" *
-cd ..
+tar -czf "../${name}-${version}.tar.gz" *
+popd
 rm -r tarball-tmp "${name}-${version}.orig.tar.gz"
diff --git a/sources b/sources
index 7928f22..acce6ea 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
 SHA512 (velocity-1.7.tar.gz) = d305642aab3c837ad250deaa46b516561fb68f92d04fc205fd4f40eb774ba6286ed3b239ee6352bc4411bd11cb4d1d5b39ce9ab8467f0e1ffceed9f9fc5a228d
+SHA512 (velocity-1.7.pom) = 04e8850d391dc16501caa7127fb0b62bb3681dc912d6275056dd57f12d7928db6a1232600e7b0025782a22713fcb134fe41e148ca7601af705f3283feb854cde
diff --git a/velocity-1.7.pom b/velocity-1.7.pom
deleted file mode 100644
index 31d7de2..0000000
--- a/velocity-1.7.pom
+++ /dev/null
@@ -1,340 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements.  See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership.  The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License.  You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied.  See the License for the
- specific language governing permissions and limitations
- under the License.    
--->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
-  <modelVersion>4.0.0</modelVersion>
-
-  <parent>
-    <groupId>org.apache</groupId>
-    <artifactId>apache</artifactId>
-    <version>4</version>
-  </parent>
-
-  <groupId>org.apache.velocity</groupId>
-  <artifactId>velocity</artifactId>
-  <version>1.7</version>
-
-  <name>Apache Velocity</name>
-  <url>http://velocity.apache.org/engine/devel/</url>
-  <description>Apache Velocity is a general purpose template engine.</description>
-  <inceptionYear>2000</inceptionYear>
-  <packaging>jar</packaging>
-  
-  <prerequisites>
-      <maven>2.0.9</maven>
-  </prerequisites>
-
-  <build>
-    <defaultGoal>install</defaultGoal>
-    <sourceDirectory>src/java</sourceDirectory>
-    <testSourceDirectory>src/test</testSourceDirectory>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-site-plugin</artifactId>
-        <configuration>
-          <inputEncoding>UTF-8</inputEncoding>
-          <outputEncoding>UTF-8</outputEncoding>
-          <xdocDirectory>${basedir}/xdocs/docs</xdocDirectory>
-        </configuration>
-      </plugin>
-    </plugins>
-    <resources>
-      <resource>
-        <directory>src/java</directory>
-        <excludes>
-          <exclude>**/*.java</exclude>
-        </excludes>
-      </resource>
-    </resources>
-  </build>
-
-  <distributionManagement>
-    <site>
-      <id>velocity.apache.org</id>
-      <url>scpexe://people.apache.org/www/velocity.apache.org/engine/releases/velocity-1.7</url>
-    </site>
-    <repository>
-      <id>apache.releases</id>
-      <name>Apache Release Distribution Repository</name>
-      <url>scp://people.apache.org/www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
-    </repository>
-    <snapshotRepository>
-      <id>apache.snapshots</id>
-      <name>Apache Development Snapshot Repository</name>
-      <url>scp://people.apache.org/www/people.apache.org/repo/m2-snapshot-repository</url>
-    </snapshotRepository>
-  </distributionManagement>
-
-  <developers>
-    <developer>
-      <name>Will Glass-Husain</name>
-      <id>wglass</id>
-      <email>wglass@forio.com</email>
-      <organization>Forio Business Simulations</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-   <developer>
-      <name>Geir Magnusson Jr.</name>
-      <id>geirm</id>
-      <email>geirm@optonline.net</email>
-      <organization>Independent (DVSL Maven)</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-    <developer>
-      <name>Daniel Rall</name>
-      <id>dlr</id>
-      <email>dlr@finemaltcoding.com</email>
-      <organization>CollabNet, Inc.</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-    <developer>
-      <name>Henning P. Schmiedehausen</name>
-      <id>henning</id>
-      <email>hps@intermeta.de</email>
-      <organization>INTERMETA - Gesellschaft für Mehrwertdienste mbH</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-      <timezone>2</timezone>
-    </developer>
-
-    <developer>
-      <name>Nathan Bubna</name>
-      <id>nbubna</id>
-      <email>nathan@esha.com</email>
-      <organization>ESHA Research</organization>
-      <roles>
-        <role>Java Developer</role>
-      </roles>
-    </developer>
-
-  </developers>
-
-  <dependencies>
-    <dependency>
-      <groupId>commons-collections</groupId>
-      <artifactId>commons-collections</artifactId>
-      <version>3.2.1</version>
-    </dependency>
-    <dependency>
-      <groupId>commons-lang</groupId>
-      <artifactId>commons-lang</artifactId>
-      <version>2.4</version>
-    </dependency>
-    <dependency>
-      <groupId>oro</groupId>
-      <artifactId>oro</artifactId>
-      <version>2.0.8</version>
-      <optional>true</optional>
-    </dependency>
-    <dependency>
-      <groupId>jdom</groupId>
-      <artifactId>jdom</artifactId>
-      <version>1.0</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>commons-logging</groupId>
-      <artifactId>commons-logging</artifactId>
-      <version>1.1</version>
-      <scope>provided</scope>
-      <exclusions>
-        <exclusion>
-          <groupId>avalon-framework</groupId>
-          <artifactId>avalon-framework</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>log4j</groupId>
-          <artifactId>log4j</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>javax.servlet</groupId>
-          <artifactId>servlet-api</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>servlet-api</artifactId>
-      <version>2.3</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>logkit</groupId>
-      <artifactId>logkit</artifactId>
-      <version>2.0</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>ant</groupId>
-      <artifactId>ant</artifactId>
-      <version>1.6</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>werken-xpath</groupId>
-      <artifactId>werken-xpath</artifactId>
-      <version>0.9.4</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <version>3.8.1</version>
-      <scope>test</scope>
-    </dependency>
-    <dependency>
-      <groupId>hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-      <version>1.7.1</version>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-  <reporting>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-project-info-reports-plugin</artifactId>
-        <version>2.1</version>
-        <reportSets>
-          <reportSet>
-            <reports>
-              <report>dependencies</report>
-              <report>issue-tracking</report>
-              <report>license</report>
-              <report>summary</report>
-              <report>scm</report>
-            </reports>
-          </reportSet>
-        </reportSets>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-changes-plugin</artifactId>
-        <version>2.0</version>
-        <reportSets>
-          <reportSet>
-            <reports>
-              <report>changes-report</report>
-              <report>jira-report</report>
-            </reports>
-          </reportSet>
-        </reportSets>
-        <configuration>
-            <issueLinkTemplate>${jira.browse.url}/%ISSUE%</issueLinkTemplate>
-          <!-- Apache JIRA, Component Engine -->
-          <component>12311337</component>
-          <!-- FixFor 1.6 -->
-          <filter>fixfor=12310290&amp;sorter/field=issuekey&amp;sorter/order=ASC</filter>
-          <maxEntries>100</maxEntries>
-          <teamlist>http://velocity.apache.org/who-we-are.html</teamlist>
-        </configuration>
-      </plugin>
-      <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>taglist-maven-plugin</artifactId>
-        <version>2.2</version>
-        <configuration>
-          <tag>TODO</tag>
-          <tag>FIXME</tag>
-        </configuration>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-jxr-plugin</artifactId>
-        <version>2.1</version>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-javadoc-plugin</artifactId>
-        <version>2.5</version>
-        <configuration>
-          <links>
-            <link>http://java.sun.com/j2se/1.4.2/docs/api</link>
-            <link>http://jakarta.apache.org/oro/api</link>
-            <link>http://jakarta.apache.org/commons/lang/api-release</link>
-            <link>http://jakarta.apache.org/commons/collections/api-release</link>
-
-            <link>http://www.jdom.org/docs/apidocs</link>
-            <link>http://logging.apache.org/log4j/docs/api</link>
-            <link>http://excalibur.apache.org/apidocs</link>
-            <link>http://tomcat.apache.org/tomcat-4.1-doc/servletapi</link>
-          </links>
-        </configuration>
-      </plugin>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-changelog-plugin</artifactId>
-        <version>2.1</version>
-      </plugin>
-      <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>findbugs-maven-plugin</artifactId>
-        <version>1.2</version>
-        <configuration>
-          <xmlOutput>true</xmlOutput>
-          <threshold>Low</threshold>
-          <effort>Max</effort>
-          <excludeFilterFile>build/findbugs-exclude.xml</excludeFilterFile>
-          <findbugsXmlOutputDirectory>xdocs</findbugsXmlOutputDirectory> 
-        </configuration>
-      </plugin>
-      <plugin>      
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-compiler-plugin</artifactId>
-        <configuration>
-          <source>1.4</source>
-          <target>1.4</target>
-        </configuration>
-      </plugin>
-    </plugins>
-  </reporting>
-
-  <scm>
-    <connection>scm:svn:http://svn.apache.org/repos/asf/velocity/engine/trunk</connection>
-    <developerConnection>scm:svn:https://svn.apache.org/repos/asf/velocity/engine/trunk</developerConnection>
-    <tag>HEAD</tag>
-    <url>http://svn.apache.org/viewvc/velocity/engine/trunk</url>
-  </scm>
-
-    <properties>
-        <jira.browse.url>https://issues.apache.org/jira/browse</jira.browse.url>
-    </properties>
-
-  <issueManagement>
-    <system>JIRA</system>
-    <url>${jira.browse.url}/VELOCITY</url>
-  </issueManagement>
-</project>
diff --git a/velocity.spec b/velocity.spec
index 3de2c5d..77b83e5 100644
--- a/velocity.spec
+++ b/velocity.spec
@@ -1,9 +1,8 @@
-%bcond_without  hsqldb
+%bcond_with bootstrap
 
 Name:           velocity
 Version:        1.7
 Release:        34%{?dist}
-Epoch:          0
 Summary:        Java-based template engine
 License:        ASL 2.0
 URL:            http://velocity.apache.org/
@@ -15,31 +14,18 @@ Source1:        http://repo1.maven.org/maven2/org/apache/%{name}/%{name}/%{versi
 # Remove bundled binaries which cannot be easily verified for licensing
 Source2:        generate-tarball.sh
 
-Patch0:         0000-Remove-avalon-logkit.patch
-Patch2:         0002-Use-system-jars.patch
-Patch3:         0003-JDBC-41-compat.patch
-Patch4:         0004-Do-not-use-Werken-XPath.patch
-Patch5:         0005-Skip-Java-8-incompatible-test.patch
-Patch6:         0006-Run-javadoc-with-Xdoclint-none.patch
-Patch7:         0007-Fix-OSGi-metadata.patch
-Patch8:         0008-Port-to-apache-commons-lang3.patch
+Patch1:         0001-Port-to-apache-commons-lang3.patch
+Patch2:         0002-Force-use-of-JDK-log-chute.patch
+Patch3:         0003-CVE-2020-13936.patch
 
-BuildRequires:  ant
-BuildRequires:  ant-junit
-BuildRequires:  antlr
-BuildRequires:  apache-commons-collections
-BuildRequires:  apache-commons-lang3
-BuildRequires:  apache-parent
-BuildRequires:  bcel
-%if %{with hsqldb}
-BuildRequires:  hsqldb-lib
+BuildRequires:  maven-local
+%if %{with bootstrap}
+BuildRequires:  javapackages-bootstrap
+%else
+BuildRequires:  mvn(commons-collections:commons-collections)
+BuildRequires:  mvn(org.apache.commons:commons-lang3)
+BuildRequires:  mvn(org.apache:apache:pom:)
 %endif
-BuildRequires:  glassfish-servlet-api
-BuildRequires:  jakarta-oro
-BuildRequires:  javapackages-local
-BuildRequires:  jaxen
-BuildRequires:  jdom
-BuildRequires:  junit
 
 %description
 Velocity is a Java-based template engine. It permits anyone to use the
@@ -62,139 +48,54 @@ template services for the Turbine web application framework.
 Velocity+Turbine provides a template service that will allow web
 applications to be developed according to a true MVC model.
 
-%package        manual
-Summary:        Manual for %{name}
-
-%description    manual
-Documentation for %{name}.
-
 %package        javadoc
 Summary:        Javadoc for %{name}
 
 %description    javadoc
 Javadoc for %{name}.
 
-%package        demo
-Summary:        Demo for %{name}
-Requires:       %{name} = %{epoch}:%{version}-%{release}
-
-%description    demo
-Demonstrations and samples for %{name}.
-
-# -----------------------------------------------------------------------------
-
 %prep
 %setup -q
+cp %{SOURCE1} ./pom.xml
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
-# remove bundled libs/classes (except those used for testing)
 find . -name '*.jar' ! -name 'test*.jar' -print -delete
 find . -name '*.class' ! -name 'Foo.class' -print -delete
 
-cp %{SOURCE1} ./pom.xml
-
-# remove rest of avalon logkit refences and default to JDK logging
-%patch0 -p1
-
-# Use system jar files instead of downloading from net
-%patch2 -p1
-
-%patch3 -p1
-
-# Use jdom instead of werken-xpath
-%patch4 -p1
-%pom_remove_dep werken-xpath:
-
-# Skip Java 8 incompatible test
-%patch5 -p1
-
-# Disable Java8 doclint
-%patch6 -p1
-
-# Remove werken-xpath Import/Export refences in OSGi manifest file
-%patch7 -p1
-
-# Port to apache commons-lang3
-%patch8 -p1
-
-# Remove dependency on avalon-logkit
-rm src/java/org/apache/velocity/runtime/log/AvalonLogChute.java
-rm src/java/org/apache/velocity/runtime/log/AvalonLogSystem.java
-rm src/java/org/apache/velocity/runtime/log/VelocityFormatter.java
-
-# Remove dependency on log4j12
-rm src/java/org/apache/velocity/runtime/log/Log4JLogChute.java
-rm src/java/org/apache/velocity/runtime/log/Log4JLogSystem.java
+# Disable unneeded features
+rm -r src/java/org/apache/velocity/{anakia,texen,servlet,convert}
+rm src/java/org/apache/velocity/runtime/log/{Avalon,Log4J}Log{Chute,System}.java
+rm src/java/org/apache/velocity/runtime/log/{CommonsLog,Servlet}LogChute.java
 rm src/java/org/apache/velocity/runtime/log/SimpleLog4JLogSystem.java
+rm src/java/org/apache/velocity/runtime/log/VelocityFormatter.java
+rm src/java/org/apache/velocity/app/event/implement/Escape{Html,JavaScript,Sql,Xml,}Reference.java
 
-# Remove dependency on commons-logging
-rm src/java/org/apache/velocity/runtime/log/CommonsLogLogChute.java
+%pom_remove_dep :oro
+%pom_remove_dep :jdom
+%pom_remove_dep :commons-logging
+%pom_remove_dep :log4j
+%pom_remove_dep :servlet-api
+%pom_remove_dep :logkit
+%pom_remove_dep :ant
+%pom_remove_dep :werken-xpath
 
-# need porting to new servlet API. We would just add a lot of empty functions
-rm src/test/org/apache/velocity/test/VelocityServletTestCase.java
-
-# This test doesn't work with new hsqldb
-rm src/test/org/apache/velocity/test/sql/DataSourceResourceLoaderTestCase.java
-
-%if %{without hsqldb}
-rm -r src/test/org/apache/velocity/test/sql/
-%endif
-
-# -----------------------------------------------------------------------------
+%mvn_alias : %{name}:%{name}
 
 %build
-export CLASSPATH=$(build-classpath \
-antlr \
-apache-commons-collections \
-commons-lang3 \
-glassfish-servlet-api \
-jakarta-oro \
-junit \
-jaxen \
-jdom \
-bcel \
-hsqldb \
-junit)
-ant \
-  -buildfile build/build.xml \
-  -Dbuild.sysclasspath=first \
-  -Djavac.target=1.6 \
-  -Djavac.source=1.6 \
-  -Dtest.haltonfailure=false \
-  jar javadocs test
-
-# fix line-endings in generated files
-sed -i 's/\r//' docs/api/stylesheet.css docs/api/package-list
-
-# -----------------------------------------------------------------------------
+%mvn_build -f
 
 %install
-%mvn_file : %{name}
-%mvn_alias : %{name}:%{name}
-%mvn_artifact pom.xml bin/%{name}-%{version}.jar
-%mvn_install -J docs/api
-
-# zero-length file
-rm -r test/issues/velocity-537/compare/velocity537.vm.cmp
-# data
-install -d -m 755 %{buildroot}%{_datadir}/%{name}
-cp -pr examples test %{buildroot}%{_datadir}/%{name}
-
+%mvn_install
 
 %files -f .mfiles
 %doc README.txt
 %license LICENSE NOTICE
 
-%files manual
-%license LICENSE NOTICE
-%doc docs/*
-
 %files javadoc -f .mfiles-javadoc
 %license LICENSE NOTICE
 
-%files demo
-%license LICENSE NOTICE
-%{_datadir}/%{name}
-
 %changelog
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-34
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
@@ -217,12 +118,21 @@ cp -pr examples test %{buildroot}%{_datadir}/%{name}
 * Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 0:1.7-28
 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
 
+* Fri May 15 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-27
+- Build with Maven
+
 * Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-27
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
+* Tue Nov 05 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-26
+- Mass rebuild for javapackages-tools 201902
+
 * Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-26
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
+* Fri May 24 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7-25
+- Mass rebuild for javapackages-tools 201901
+
 * Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0:1.7-25
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild