[hibernate-dev] PSA: Maven users, upgrade to Maven 3.6.3 if you can

Sanne Grinovero sanne at hibernate.org
Fri Feb 21 06:46:08 EST 2020


+1 for enforcing the latest version.

thanks Yoann and Fabio

-- Sanne

On Fri, 21 Feb 2020 at 11:24, Yoann Rodiere <yoann at hibernate.org> wrote:
>
> Hello,
>
> Just to warn you there are bugs in Maven 3.6.1 and below impacting the
> resolution of transitive dependencies when your direct dependencies rely on
> exclusions or dependency management.
>
> In practice, I don't think it's very dangerous, as Maven has algorithms
> that resolve conflicting dependencies whenever they arise. Not great to
> rely on these, but they work most of the time.
>
> However, it's bound to cause some headaches, as I recently discovered
> thanks to Fabio: the maven-enforcer-plugin was (wrongly) detecting a
> dependency convergence issue with Maven 3.6.1 and below, just because the
> dependency management of one of our dependencies was being ignored.
>
> So there is no rush, but for your own good, I recommend that you upgrade
> your machine and CI jobs to Maven 3.6.3, and maybe even set the minimum
> required version of Maven to 3.6.2 (the first version that fixes the bug)
> in your POM.
>
> The CI already uses Maven 3.6.3 by default for all jobs configured with
> Maven 3.6. Jobs configured with Maven 3.5 or below will be affected by the
> bug.
>
> Cheers,
>
> Yoann Rodière
> Hibernate Team
> yoann at hibernate.org
> _______________________________________________
> hibernate-dev mailing list
> hibernate-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hibernate-dev



More information about the hibernate-dev mailing list