Bug 1006393

Summary: resteasy-jaxrs-2.3.6.Final-redhat-1.jar transitive dependency to scannotation-1.0.3.jar
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Michael <mbiarnes>
Component: RESTEasyAssignee: Weinan Li <weli>
Status: CLOSED CURRENTRELEASE QA Contact: Nikoleta Hlavickova <nziakova>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: brian.stansberry, jdoyle, myarboro, psakar, smumford
Target Milestone: CR1   
Target Release: EAP 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
The *scannotation* component has been upgraded from version 1.0.2 to 1.0.3 in this release of JBoss EAP 6.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:18:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1012792    
Bug Blocks:    
Attachments:
Description Flags
pom.xml and settings.xml to test dependency tree
none
pom.xml and settings.xml to test dependency tree none

Description Michael 2013-09-10 14:33:41 UTC 
Description of problem:

JBoss Enterprise Application Platform 6 uses

resteasy-jaxrs-2.3.6.Final-redhat-1.jar

and this jar has a transitive dependency to
scannotation-1.0.3.jar

[INFO] +- org.jboss.resteasy:resteasy-jaxrs:jar:2.3.6.Final:compile
[INFO] |  +- org.scannotation:scannotation:jar:1.0.3:compile

but EAP 6.1 uses: scannotation-1.0.2-redhat-2.jar.

So we have two different versions of scannotation - 1.0.2 and 1.0.3.

I think a solution would be to upgrade the scannotation version in EAP 6.1 to
scannotation-1.0.3.jar.
Comment 2 Weinan Li 2013-09-25 15:38:26 UTC 
Upstream PR created: https://issues.jboss.org/browse/WFLY-2156
Comment 3 Weinan Li 2013-09-27 07:15:17 UTC 
Upstream JIRA: https://issues.jboss.org/browse/WFLY-2156
Upstream PR: https://github.com/wildfly/wildfly/pull/5145/files
Comment 4 Weinan Li 2013-09-27 07:16:45 UTC 
EAP bug: https://bugzilla.redhat.com/show_bug.cgi?id=1012792
Comment 5 Weinan Li 2013-10-09 10:59:29 UTC 
lower the severity because this never affects building nor affects RESTEasy runtime.
Comment 6 Weinan Li 2013-10-09 11:01:35 UTC 
Upstream PR merged. Now this depend on BZ1012792
Comment 7 Weinan Li 2013-10-09 14:22:43 UTC 
As Stuart commented: "Just FYI scannotation is not actually used (as we use Jandex instead), I only included it because I was worried about the possibility of runtime NoClassDefFoundErrors". 

I'd suggest we deduce this from EAP 6.2.0 and fix in future releases.
Comment 10 Weinan Li 2013-10-17 15:52:47 UTC 
EAP PR sent: https://github.com/jbossas/jboss-eap/pull/570

Packages built: http://ett.usersys.redhat.com/tasks/jb-eap-6-dot-2-dot-0/packages/scannotation
Comment 12 Weinan Li 2013-11-07 04:38:18 UTC 
According to: https://bugzilla.redhat.com/show_bug.cgi?id=1025547

This is fixed.
Comment 13 Petr Sakař 2013-11-18 09:15:43 UTC 
Created attachment 825439 [details]
pom.xml and settings.xml to test dependency tree

1. create temporary directory and change into
2. download and unzip jboss-eap-6.2.0.CR1-maven-repository.zip
3. download pom.xml and settings.xml
4. run rm -rf maven-local-repo; mvn -s settings.xml dependency:tree 2>&1 | tee log.txt
Comment 14 Petr Sakař 2013-11-18 09:16:23 UTC 
Created attachment 825441 [details]
pom.xml and settings.xml to test dependency tree
Comment 15 Petr Sakař 2013-11-18 09:17:33 UTC 
Verified for EAP 6.2.0.CR1 using procedure from comment#13

[INFO] \- org.jboss.resteasy:resteasy-jaxrs:jar:2.3.7.Final-redhat-2:compile
[INFO]    +- org.jboss.resteasy:jaxrs-api:jar:2.3.7.Final-redhat-2:compile
[INFO]    +- org.scannotation:scannotation:jar:1.0.3:compile
Comment 16 Scott Mumford 2013-12-02 05:18:38 UTC 
Added release note text and marked for inclusion in the 6.2 Release Notes document.
Comment 17 Russell Dickenson 2013-12-03 04:40:19 UTC 
Release Notes NACK-d as policy states that component upgrades are excluded.