Bug 1006393 - resteasy-jaxrs-2.3.6.Final-redhat-1.jar transitive dependency to scannotation-1.0.3.jar
Summary: resteasy-jaxrs-2.3.6.Final-redhat-1.jar transitive dependency to scannotation...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: RESTEasy
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: CR1
: EAP 6.2.0
Assignee: Weinan Li
QA Contact: Nikoleta Hlavickova
URL:
Whiteboard:
Depends On: 1012792
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-10 14:33 UTC by Michael
Modified: 2017-10-10 00:11 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-12-15 16:18:55 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
pom.xml and settings.xml to test dependency tree (2.04 KB, text/xml)
2013-11-18 09:15 UTC, Petr Sakař 		no flags Details
pom.xml and settings.xml to test dependency tree (1.98 KB, text/xml)
2013-11-18 09:16 UTC, Petr Sakař 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1021668 0 unspecified CLOSED RHEL6 RPMs: Upgrade scannotation to 1.0.3.redhat-4 2021-02-22 00:41:40 UTC

Internal Links: 1021668

Description Michael 2013-09-10 14:33:41 UTC 
Description of problem:

JBoss Enterprise Application Platform 6 uses

resteasy-jaxrs-2.3.6.Final-redhat-1.jar

and this jar has a transitive dependency to
scannotation-1.0.3.jar

[INFO] +- org.jboss.resteasy:resteasy-jaxrs:jar:2.3.6.Final:compile
[INFO] |  +- org.scannotation:scannotation:jar:1.0.3:compile

but EAP 6.1 uses: scannotation-1.0.2-redhat-2.jar.

So we have two different versions of scannotation - 1.0.2 and 1.0.3.

I think a solution would be to upgrade the scannotation version in EAP 6.1 to
scannotation-1.0.3.jar.
Comment 2 Weinan Li 2013-09-25 15:38:26 UTC 
Upstream PR created: https://issues.jboss.org/browse/WFLY-2156
Comment 3 Weinan Li 2013-09-27 07:15:17 UTC 
Upstream JIRA: https://issues.jboss.org/browse/WFLY-2156
Upstream PR: https://github.com/wildfly/wildfly/pull/5145/files
Comment 4 Weinan Li 2013-09-27 07:16:45 UTC 
EAP bug: https://bugzilla.redhat.com/show_bug.cgi?id=1012792
Comment 5 Weinan Li 2013-10-09 10:59:29 UTC 
lower the severity because this never affects building nor affects RESTEasy runtime.
Comment 6 Weinan Li 2013-10-09 11:01:35 UTC 
Upstream PR merged. Now this depend on BZ1012792
Comment 7 Weinan Li 2013-10-09 14:22:43 UTC 
As Stuart commented: "Just FYI scannotation is not actually used (as we use Jandex instead), I only included it because I was worried about the possibility of runtime NoClassDefFoundErrors". 

I'd suggest we deduce this from EAP 6.2.0 and fix in future releases.
Comment 10 Weinan Li 2013-10-17 15:52:47 UTC 
EAP PR sent: https://github.com/jbossas/jboss-eap/pull/570

Packages built: http://ett.usersys.redhat.com/tasks/jb-eap-6-dot-2-dot-0/packages/scannotation
Comment 12 Weinan Li 2013-11-07 04:38:18 UTC 
According to: https://bugzilla.redhat.com/show_bug.cgi?id=1025547

This is fixed.
Comment 13 Petr Sakař 2013-11-18 09:15:43 UTC 
Created attachment 825439 [details]
pom.xml and settings.xml to test dependency tree

1. create temporary directory and change into
2. download and unzip jboss-eap-6.2.0.CR1-maven-repository.zip
3. download pom.xml and settings.xml
4. run rm -rf maven-local-repo; mvn -s settings.xml dependency:tree 2>&1 | tee log.txt
Comment 14 Petr Sakař 2013-11-18 09:16:23 UTC 
Created attachment 825441 [details]
pom.xml and settings.xml to test dependency tree
Comment 15 Petr Sakař 2013-11-18 09:17:33 UTC 
Verified for EAP 6.2.0.CR1 using procedure from comment#13

[INFO] \- org.jboss.resteasy:resteasy-jaxrs:jar:2.3.7.Final-redhat-2:compile
[INFO]    +- org.jboss.resteasy:jaxrs-api:jar:2.3.7.Final-redhat-2:compile
[INFO]    +- org.scannotation:scannotation:jar:1.0.3:compile
Comment 16 Scott Mumford 2013-12-02 05:18:38 UTC 
Added release note text and marked for inclusion in the 6.2 Release Notes document.
Comment 17 Russell Dickenson 2013-12-03 04:40:19 UTC 
Release Notes NACK-d as policy states that component upgrades are excluded.
Note You need to log in before you can comment on or make changes to this bug.