Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-2192

Transitive dependency overrides version specified in POM

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Bug
    • Status: Closed
    • Major
    • Resolution: Cannot Reproduce
    • 2.0.2, 2.0.3
    • None
    • Dependencies
    • None


      I'm seeing this in both 2.0.2 and 2.0.3, but not in 1.0.2. I specify a version for a dependency in the parent pom.xml. As the build goes on, one or more dependencies will be processed in the modules that have earlier versions, and those earlier versions override the version I specified in pom.xml.

      For example:
      <version> 3.1</version>

      Then from the log:
      [DEBUG] struts:struts:jar:1.2.4:compile (selected for compile)
      [DEBUG] oro:oro:jar:2.0.7:compile (selected for compile)
      [DEBUG] commons-logging:commons-logging:jar:1.0.4:compile (selected for compile)
      [DEBUG] commons-fileupload:commons-fileupload:jar:1.0:compile (selected for compile)
      [DEBUG] commons-collections:commons-collections:jar:2.1:compile (selected for compile)
      [DEBUG] commons-beanutils:commons-beanutils:jar: 1.6.1:compile (selected for compile)
      [DEBUG] commons-logging:commons-logging:jar:1.0:compile (removed - nearer found: 1.0.4)
      [DEBUG] commons-collections:commons-collections:jar:2.0:compile (removed - nearer found: 2.1)
      [DEBUG] commons-digester:commons-digester:jar:1.5:compile (selected for compile)
      [DEBUG] commons-beanutils:commons-beanutils:jar:1.6:compile (removed - nearer found: 1.6.1)

      And what is in the WAR file is:
      [DEBUG] adding entry WEB-INF/lib/commons-collections-2.1.jar
      (verified this from the .war file)

      This is contrary to the documentation on the web site:
      Which says:
      Dependency mediation - this determines what version of a dependency will be used when multiple versions of an artifact are encountered. Currently, Maven 2.0 only supports using the "nearest definition" - so you can always guarantee a version by declaring it explicitly in your project's POM.
      I take this to mean that the POM is based on the parent pom.xml in a multiproject build, and the modules should inherit the version setting from the parent. So I haven't tried to specify the version again in a child pom.xml.

      I came across this while converting a project from M1 to M2. The M1 WAR file contains version 3.1, as expected.

      Hope to include a simple pom.xml to demo this later – schedule crunch at the moment precludes doing it now.


        Issue Links


          This comment will be Viewable by All Users Viewable by All Users


            carlos Carlos Sanchez Gonzalez
            rayward Ray Ward
            2 Vote for this issue
            1 Start watching this issue




                Issue deployment