jboss / jboss-javaee-specs

JBoss JavaEE Specs APIs
GNU Lesser General Public License v2.1
33 stars 10 forks source link

jboss-javaee-6.0 spec BOM leaks Xalan dependency that is not published to Maven central #3

Closed lincolnthree closed 9 years ago

lincolnthree commented 11 years ago

The dependency:

`xalan

xalan 2.7.1.jbossorg-2` is missing in maven central, thus, dependency resolution frequently has issues -> http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22xalan%22%20AND%20a%3A%22xalan%22 This artifact IS however defined in the jboss nexus repository: https://repository.jboss.org/nexus/content/repositories/public/xalan/xalan/ ~Lincoln
smcgowan commented 11 years ago

see also: https://issues.jboss.org/browse/JBEE-112 https://issues.jboss.org/browse/JBEE-97

I'm working to address this with the Java EE 7 BOMs.

yeroc commented 9 years ago

Is there no intention to fix this for the JavaEE 6 spec?!? This will be used for quite some time (or would be if folks could actually use it). I guess we need to switch over to using the one provided by Glassfish instead?

wolfc commented 9 years ago

The issue has been fixed in the JavaEE 7 spec artifacts. The JavaEE 6 artifacts are no longer in use on the latest WildFly release, so they will no longer be updated.

You can easily work around the issue with:

    <dependency>
      <groupId>org.jboss.spec</groupId>
      <artifactId>jboss-javaee-6.0</artifactId>
      <version>3.0.2.Final</version>
      <type>pom</type>
      <exclusions>
        <exclusion>
          <groupId>xalan</groupId>
          <artifactId>xalan</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
yeroc commented 9 years ago

@wolfc I don't follow your logic? My understanding as described by the README on this project has always been that the org.jboss.spec artifacts were for general use in any project using JavaEE and have no direct relation to a JBoss AS or Wildfly release but rather are intended to reflect what should be provided by a JEE spec-compliant app server. That's how we used it in our projects. Assuming that is still the case then I would expect you would want to do the right thing and fix this so that people can actually use the JEE 6 spec BOM?

wolfc commented 9 years ago

javaee6 branch has been abandoned for the reasons I stated.

ctomc commented 9 years ago

I don't see any harm in doing another 6.x release that would address this. As problem was related to jstl which is of same spec version in ee6 as in ee7, so fix is simple just use newer jstl artifact.

wolfc commented 9 years ago

I've resurrected that https://github.com/jboss/jboss-javaee-specs/tree/javaee6 branch. The upstream fix is mixed in at https://github.com/jboss/jboss-javaee-specs/commit/9a1a2201ea03b866247137da09cff75d08f9094a#diff-600376dffeb79835ede4a0b285078036R235 Have fun at it. :-)

ctomc commented 9 years ago

jboss-javaee-6.0:3.0.3.Final was released. Only real change was upgrade of jboss-jstl-1.2 to version 1.0.6.Final that was already released just for this purpose.

yeroc commented 9 years ago

@ctomc Awesome! Many thanks. Will try this as soon as it appears on Maven Central.

njuneau commented 9 years ago

@ctomc @wolfc , thank you for the fixes.

The JBoss Web site still mentions 3.0.2.Final as the recommended version ( http://www.jboss.org//boms/eap/jboss-javaee-6_0-all/index.html ). Should it be pushed to 3.0.3.Final over there as well?

ctomc commented 9 years ago

yes, web site should be updated