Hi.
It seems that the jersey-json project pulls in two jars for stax-api
(1.0.1 and 1.0.2) because stax is referenced with different group ids
from the jettison and jaxb-impl dependencies.
I guess this is unlikely to cause problems in practice (at least we
haven't noticed any, we stumbled upon this while working out some
other dependency problems with a maven project), but the result is two
different versions of stax-api on the classpath.
This is the same for both 1.8 and 1.9-SNAPSHOT.
Dependency tree for jersey-json-1.9-SNAPSHOT:
[INFO] [dependency:tree {execution: default-cli}]
[INFO] com.sun.jersey:jersey-json:bundle:1.9-SNAPSHOT
[INFO] +- org.codehaus.jettison:jettison:jar:1.1:compile
[INFO] | \- stax:stax-api:jar:1.0.1:compile
[INFO] +- com.sun.xml.bind:jaxb-impl:jar:2.2.3-1:compile
[INFO] | \- javax.xml.bind:jaxb-api:jar:2.2.2:compile
[INFO] | +- javax.xml.stream:stax-api:jar:1.0-2:compile
[INFO] | \- javax.activation:activation:jar:1.1:compile
[INFO] +- org.codehaus.jackson:jackson-core-asl:jar:1.7.1:compile
[INFO] +- org.codehaus.jackson:jackson-mapper-asl:jar:1.7.1:compile
[INFO] +- org.codehaus.jackson:jackson-jaxrs:jar:1.7.1:compile
[INFO] +- org.codehaus.jackson:jackson-xc:jar:1.7.1:compile
[INFO] +- junit:junit:jar:4.8.2:test
[INFO] \- com.sun.jersey:jersey-core:jar:1.9-SNAPSHOT:compile
Excluding stax-api 1.0.1 from the jettison dependency seems to be a
simple solution, and keeping 1.0.2 should be safe. Side note: Jettison
1.3 still depends on the same group id and version for stax.
I don't know the details of stax or if there might be a reason to
exclude 1.0.2 and keep 1.0.1 in stead, but at least we don't see any
problems with only 1.0.2.
No patch for the pom included, but this can fixed with a simple
exclusion for the jettison dependency:
<dependency>
<groupId>org.codehaus.jettison</groupId>
<artifactId>jettison</artifactId>
<version>1.1</version>
<exclusions>
<exclusion>
<groupId>stax</groupId>
<artifactId>stax-api</artifactId>
</exclusion>
</exclusions>
</dependency>
--
Regards,
Per Ottar Ribe Pahr