Maven plugin version not specified

2019-03-17 22:15发布

站内问答 / Java
1909 3 4

I have just noticed that plugin's version is optional in maven. I can still build my module without specifying it. Let's take an example with maven-bundle-plugin.

<plugin>
    <groupId>org.apache.felix</groupId>
    <artifactId>maven-bundle-plugin</artifactId>
    <extensions>true</extensions>
    ....
</plugin>

I have written a simple pom.xml without a parent to try this out, so pluginManagement is not involved. I have also checked the super super pom-4.0.0.xml in maven-model-builder to confirm that maven-bundle-plugin isn't there. This plugin version is not specified anywhere.

How does maven determine which version to take?

3条回答
Animai°情兽
2楼-- · 2019-03-17 22:15

If you check the maven-metadata.xml file that is in your remote repository (e.g. Nexus) alongside the plugin artifact, you'll see something like this:

<metadata>
    <groupId>com.company.maven.plugins</groupId>
    <artifactId>some-maven-plugin</artifactId>
    <versioning>
      <latest>0.3.6</latest>
      <release>0.3.6</release>
      <versions>
        <version>0.1</version>
        <version>0.2</version>
        <version>0.3.0</version>
        <version>0.3.1</version>
        <version>0.3.2</version>
        <version>0.3.4</version>
        <version>0.3.5</version>
        <version>0.3.6</version>
      </versions>
      <lastUpdated>20140414212942</lastUpdated>
    </versioning>
  </metadata>

I think Maven may use the <latest> value to decide which plugin to download if the version is not specified.

Maven 3.0.x gives warnings for missing plugin versions and says "future versions of Maven may refuse to build malformed POMs like these" or something like that. You should always specify the plugin versions so your build is reproducible. Otherwise you can end up with some really hard to find bugs.

查看更多
0人赞 添加讨论(0) 举报
聊天终结者
3楼-- · 2019-03-17 22:29

From Maven 3.x Compatibility Notes:

Automatic Plugin Version Resolution

When a plugin was invoked without an explicit version given in the POM or on the command line, Maven 2.x used to pick the latest version available where the latest version could either be a release or a snapshot. For the sake of stability, Maven 3.x prefers the latest release version over the latest snapshot version.

Given the threat of non-reproducible builds imposed by automatic plugin version resolution, this feature is scheduled for removal as far as plugin declarations in the POM are concerned. Users of Maven 3.x will find it output a warning when missing plugin versions are detected to encourage the addition of plugin versions to the POM or one of its parent POMs. The Enforcer rule requirePluginVersions can be used additionally check for missing plugin versions in the POM.

查看更多
0人赞 添加讨论(0) 举报
闹够了就滚
4楼-- · 2019-03-17 22:36

There are few steps maven follows to resolve the plugin version. It is documented in Resolving Plugin Versions section of http://maven.apache.org/guides/introduction/introduction-to-plugin-registry.html

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)