[hibernate-dev] PSA: Maven users, upgrade to Maven 3.6.3 if you can
Yoann Rodiere
yoann at hibernate.org
Fri Feb 21 06:23:02 EST 2020
Hello,
Just to warn you there are bugs in Maven 3.6.1 and below impacting the
resolution of transitive dependencies when your direct dependencies rely on
exclusions or dependency management.
In practice, I don't think it's very dangerous, as Maven has algorithms
that resolve conflicting dependencies whenever they arise. Not great to
rely on these, but they work most of the time.
However, it's bound to cause some headaches, as I recently discovered
thanks to Fabio: the maven-enforcer-plugin was (wrongly) detecting a
dependency convergence issue with Maven 3.6.1 and below, just because the
dependency management of one of our dependencies was being ignored.
So there is no rush, but for your own good, I recommend that you upgrade
your machine and CI jobs to Maven 3.6.3, and maybe even set the minimum
required version of Maven to 3.6.2 (the first version that fixes the bug)
in your POM.
The CI already uses Maven 3.6.3 by default for all jobs configured with
Maven 3.6. Jobs configured with Maven 3.5 or below will be affected by the
bug.
Cheers,
Yoann Rodière
Hibernate Team
yoann at hibernate.org
More information about the hibernate-dev
mailing list