Bug 1006393 - resteasy-jaxrs-2.3.6.Final-redhat-1.jar transitive dependency to scannotation-1.0.3.jar
resteasy-jaxrs-2.3.6.Final-redhat-1.jar transitive dependency to scannotation...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: RESTEasy (Show other bugs)
6.1.0
Unspecified Unspecified
unspecified Severity low
: CR1
: EAP 6.2.0
Assigned To: Weinan Li
Nikoleta Ziakova
:
Depends On: 1012792
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-10 10:33 EDT by Michael
Modified: 2017-10-09 20:11 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
The *scannotation* component has been upgraded from version 1.0.2 to 1.0.3 in this release of JBoss EAP 6.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-15 11:18:55 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
pom.xml and settings.xml to test dependency tree (2.04 KB, text/xml)
2013-11-18 04:15 EST, Petr Sakař
no flags Details
pom.xml and settings.xml to test dependency tree (1.98 KB, text/xml)
2013-11-18 04:16 EST, Petr Sakař
no flags Details

  None (edit)
Description Michael 2013-09-10 10:33:41 EDT
Description of problem:

JBoss Enterprise Application Platform 6 uses

resteasy-jaxrs-2.3.6.Final-redhat-1.jar

and this jar has a transitive dependency to
scannotation-1.0.3.jar

[INFO] +- org.jboss.resteasy:resteasy-jaxrs:jar:2.3.6.Final:compile
[INFO] |  +- org.scannotation:scannotation:jar:1.0.3:compile

but EAP 6.1 uses: scannotation-1.0.2-redhat-2.jar.

So we have two different versions of scannotation - 1.0.2 and 1.0.3.

I think a solution would be to upgrade the scannotation version in EAP 6.1 to
scannotation-1.0.3.jar.
Comment 2 Weinan Li 2013-09-25 11:38:26 EDT
Upstream PR created: https://issues.jboss.org/browse/WFLY-2156
Comment 4 Weinan Li 2013-09-27 03:16:45 EDT
EAP bug: https://bugzilla.redhat.com/show_bug.cgi?id=1012792
Comment 5 Weinan Li 2013-10-09 06:59:29 EDT
lower the severity because this never affects building nor affects RESTEasy runtime.
Comment 6 Weinan Li 2013-10-09 07:01:35 EDT
Upstream PR merged. Now this depend on BZ1012792
Comment 7 Weinan Li 2013-10-09 10:22:43 EDT
As Stuart commented: "Just FYI scannotation is not actually used (as we use Jandex instead), I only included it because I was worried about the possibility of runtime NoClassDefFoundErrors". 

I'd suggest we deduce this from EAP 6.2.0 and fix in future releases.
Comment 12 Weinan Li 2013-11-06 23:38:18 EST
According to: https://bugzilla.redhat.com/show_bug.cgi?id=1025547

This is fixed.
Comment 13 Petr Sakař 2013-11-18 04:15:43 EST
Created attachment 825439 [details]
pom.xml and settings.xml to test dependency tree

1. create temporary directory and change into
2. download and unzip jboss-eap-6.2.0.CR1-maven-repository.zip
3. download pom.xml and settings.xml
4. run rm -rf maven-local-repo; mvn -s settings.xml dependency:tree 2>&1 | tee log.txt
Comment 14 Petr Sakař 2013-11-18 04:16:23 EST
Created attachment 825441 [details]
pom.xml and settings.xml to test dependency tree
Comment 15 Petr Sakař 2013-11-18 04:17:33 EST
Verified for EAP 6.2.0.CR1 using procedure from comment#13

[INFO] \- org.jboss.resteasy:resteasy-jaxrs:jar:2.3.7.Final-redhat-2:compile
[INFO]    +- org.jboss.resteasy:jaxrs-api:jar:2.3.7.Final-redhat-2:compile
[INFO]    +- org.scannotation:scannotation:jar:1.0.3:compile
Comment 16 Scott Mumford 2013-12-02 00:18:38 EST
Added release note text and marked for inclusion in the 6.2 Release Notes document.
Comment 17 Russell Dickenson 2013-12-02 23:40:19 EST
Release Notes NACK-d as policy states that component upgrades are excluded.

Note You need to log in before you can comment on or make changes to this bug.