I'm using Springboot 2.3.0.RELEASE
I wanted to upgrade just the tomcat version from 9.0.35 to 9.0.37 for which I tried the below steps and nothing worked :
Tried upgrading only the spring-boot-starter-tomcat
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<version>2.3.3.RELEASE</version>
</dependency>
But even after that change, I get to see this in my dependency tree :
+- org.springframework.boot:spring-boot-starter-tomcat:jar:2.3.3.RELEASE:compile
[INFO] | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.35:compile
[INFO] | +- org.glassfish:jakarta.el:jar:3.0.3:compile
[INFO] | \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.35:compile
I tried adding this property in POM, but that too didn't work:
<tomcat.version>9.0.37</tomcat.version>
Related
I've tried to follow the other slf4j and other answers from the web to no avail. I think my scenario is a little different.. I started with a maven spring-boot jpa app, all works good. I am working with some company's sdk but it's not maven. They provide a jar and jar-with-dependencies. This package will be com.example:theirlib:jar:1.0
When I install standalone jar, it cannot find required dependencies. I tried to add them to pom but run into unsupported repository layout legacy. The permanent solutions to this looks to be log4j related, without manually installing those jars.
The following artifacts could not be resolved: javax.jms:jms:jar:1.1, com.sun.jdmk:jmxtools:jar:1.2.1, com.sun.jmx:jmxri:jar:1.2.1: Could not transfer artifact javax.jms:jms:jar:1.1 from/to java.net (https://maven-repository.dev.java.net/nonav/repository): Cannot access https://maven-repository.dev.java.net/nonav/repository with type legacy using the available connector factories: BasicRepositoryConnectorFactory: Cannot access https://maven-repository.dev.java.net/nonav/repository with type legacy using the available layout factories: Maven2RepositoryLayoutFactory: Unsupported repository layout legacy -> [Help 1]
But those were just the first build errors so I tried the jar-with-dependencies, which throws multiple slf4j bindings error.
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/home/user/.m2/repository/com/example/theirlib/1.0/theirlib-1.0.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/home/user/.m2/repository/ch/qos/logback/logback-classic/1.2.11/logback-classic-1.2.11.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: slf4j-api 1.6.x (or later) is incompatible with this binding.
SLF4J: Your binding is version 1.5.5 or earlier.
SLF4J: Upgrade your binding to version 1.6.x.
...
I am struggling to find the correct artifacts to put in exclusions, if exclusions even works since the installed jar is bundled w/ dependencies?? This seemed like an easier path to solve than trying to include all the correct dependencies and versions for theirlib in this code. Alternatively, I tried to exclusions with the spring dependency but still fail.
First I looked at the dependency tree:
[INFO] com.crush.sample:demo:jar:0.0.1-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter-data-jpa:jar:2.7.0:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-aop:jar:2.7.0:compile
[INFO] | | +- org.springframework:spring-aop:jar:5.3.20:compile
[INFO] | | \- org.aspectj:aspectjweaver:jar:1.9.7:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-jdbc:jar:2.7.0:compile
[INFO] | | +- com.zaxxer:HikariCP:jar:4.0.3:compile
[INFO] | | \- org.springframework:spring-jdbc:jar:5.3.20:compile
[INFO] | +- jakarta.transaction:jakarta.transaction-api:jar:1.3.3:compile
[INFO] | +- jakarta.persistence:jakarta.persistence-api:jar:2.2.3:compile
[INFO] | +- org.hibernate:hibernate-core:jar:5.6.9.Final:compile
[INFO] | | +- org.jboss.logging:jboss-logging:jar:3.4.3.Final:compile
[INFO] | | +- net.bytebuddy:byte-buddy:jar:1.12.10:compile
[INFO] | | +- antlr:antlr:jar:2.7.7:compile
[INFO] | | +- org.jboss:jandex:jar:2.4.2.Final:compile
[INFO] | | +- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] | | +- org.hibernate.common:hibernate-commons-annotations:jar:5.1.2.Final:compile
[INFO] | | \- org.glassfish.jaxb:jaxb-runtime:jar:2.3.6:compile
[INFO] | | +- org.glassfish.jaxb:txw2:jar:2.3.6:compile
[INFO] | | +- com.sun.istack:istack-commons-runtime:jar:3.0.12:compile
[INFO] | | \- com.sun.activation:jakarta.activation:jar:1.2.2:runtime
[INFO] | +- org.springframework.data:spring-data-jpa:jar:2.7.0:compile
[INFO] | | +- org.springframework.data:spring-data-commons:jar:2.7.0:compile
[INFO] | | +- org.springframework:spring-orm:jar:5.3.20:compile
[INFO] | | +- org.springframework:spring-context:jar:5.3.20:compile
[INFO] | | | \- org.springframework:spring-expression:jar:5.3.20:compile
[INFO] | | +- org.springframework:spring-tx:jar:5.3.20:compile
[INFO] | | +- org.springframework:spring-beans:jar:5.3.20:compile
[INFO] | | \- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] | \- org.springframework:spring-aspects:jar:5.3.20:compile
[INFO] +- com.example:theirlib:jar:1.0:compile // jar with dependencies
[INFO] +- org.postgresql:postgresql:jar:9.4.1208:compile
[INFO] \- org.springframework.boot:spring-boot-starter-test:jar:2.7.0:test
[INFO] +- org.springframework.boot:spring-boot-starter:jar:2.7.0:compile
[INFO] | +- org.springframework.boot:spring-boot:jar:2.7.0:compile
[INFO] | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.7.0:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-logging:jar:2.7.0:compile
[INFO] | | +- ch.qos.logback:logback-classic:jar:1.2.11:compile
[INFO] | | | \- ch.qos.logback:logback-core:jar:1.2.11:compile
[INFO] | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.17.2:compile
[INFO] | | | \- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] | | \- org.slf4j:jul-to-slf4j:jar:1.7.36:compile
[INFO] | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | \- org.yaml:snakeyaml:jar:1.30:compile
[INFO] +- org.springframework.boot:spring-boot-test:jar:2.7.0:test
[INFO] +- org.springframework.boot:spring-boot-test-autoconfigure:jar:2.7.0:test
[INFO] +- com.jayway.jsonpath:json-path:jar:2.7.0:test
[INFO] | \- net.minidev:json-smart:jar:2.4.8:test
[INFO] | \- net.minidev:accessors-smart:jar:2.4.8:test
[INFO] | \- org.ow2.asm:asm:jar:9.1:test
[INFO] +- jakarta.xml.bind:jakarta.xml.bind-api:jar:2.3.3:compile
[INFO] | \- jakarta.activation:jakarta.activation-api:jar:1.2.2:compile
[INFO] +- org.assertj:assertj-core:jar:3.22.0:test
[INFO] +- org.hamcrest:hamcrest:jar:2.2:test
[INFO] +- org.junit.jupiter:junit-jupiter:jar:5.8.2:test
[INFO] | +- org.junit.jupiter:junit-jupiter-api:jar:5.8.2:test
[INFO] | | +- org.opentest4j:opentest4j:jar:1.2.0:test
[INFO] | | +- org.junit.platform:junit-platform-commons:jar:1.8.2:test
[INFO] | | \- org.apiguardian:apiguardian-api:jar:1.1.2:test
[INFO] | +- org.junit.jupiter:junit-jupiter-params:jar:5.8.2:test
[INFO] | \- org.junit.jupiter:junit-jupiter-engine:jar:5.8.2:test
[INFO] | \- org.junit.platform:junit-platform-engine:jar:1.8.2:test
[INFO] +- org.mockito:mockito-core:jar:4.5.1:test
[INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.12.10:test
[INFO] | \- org.objenesis:objenesis:jar:3.2:test
[INFO] +- org.mockito:mockito-junit-jupiter:jar:4.5.1:test
[INFO] +- org.skyscreamer:jsonassert:jar:1.5.0:test
[INFO] | \- com.vaadin.external.google:android-json:jar:0.0.20131108.vaadin1:test
[INFO] +- org.springframework:spring-core:jar:5.3.20:compile
[INFO] | \- org.springframework:spring-jcl:jar:5.3.20:compile
[INFO] +- org.springframework:spring-test:jar:5.3.20:test
[INFO] \- org.xmlunit:xmlunit-core:jar:2.9.0:test
And now try many combinations of exclusions:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.0</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.crush.sample</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
<exclusion>
<artifactId>logback-classic</artifactId>
<groupId>ch.qos.logback</groupId>
</exclusion>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.example</groupId>
<artifactId>theirlib</artifactId>
<version>1.0</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
</exclusion>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.4.1208</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
What's the best way to solve this?
if you are using intellij , a tool which i often use is maven helper
this allows analyzing the pom and its dependencies visually ,
for example selecting the slf-api from the leftside will show all the paces where its used , if it is marked in white it means its a compile dependency
P.S
you must make sure "thierlibrary" was not shaded , otherwise you cannot solve it with normal maven exclusions
I resolved this by looking at the exploded bundled jar and brute forcing all the dependencies into my project pom and using the standalone jar. Everything is happy for now..
I'm using
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>5.1.0.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
<version>5.1.0.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-jpamodelgen</artifactId>
<version>5.1.0.Final</version>
</dependency>
in a apache-tomcat-8.0.41 web service.
In this link they say "Hibernate EntityManager implements the programming interfaces and lifecycle rules as defined by the JPA 2.0 specification"
https://docs.jboss.org/hibernate/entitymanager/3.6/reference/en/html_single/
But it's for the 3.6 version.
It's the same for 5.1 ?
hibernate-jpamodelgen is neither JPA nor hibernate. It is a maven plugin which helps to use JPA by auto-generating classes.
For example, if you have a class named User, hibernate-jpamodelgen will create a class User_ that contains fields which are very useful when using the criteria API.
For your JPA version, you should look at another dependency. If you have this one, then you are using JPA > 2.0
<dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.1-api</artifactId>
<version>1.0.0.Final</version>
</dependency>
I suggest you read the docs of the version you are using. As for hibernate and JPA compatibility see here: Hibernate releases
Hibernate 5.1 docs: Hibernate 5.1 docs
Another simple way to discover what version you are using is to execute the maven command:
mvn dependency:tree
Here I can see I'm running JPA 2.2.3:
> mvn depedency:tree
...
[INFO] +- org.springframework.boot:spring-boot-starter-data-jpa:jar:2.7.2:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-aop:jar:2.7.2:compile
[INFO] | | \- org.aspectj:aspectjweaver:jar:1.9.7:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-jdbc:jar:2.7.2:compile
[INFO] | | \- com.zaxxer:HikariCP:jar:4.0.3:compile
[INFO] | +- jakarta.transaction:jakarta.transaction-api:jar:1.3.3:compile
[INFO] | +- jakarta.persistence:jakarta.persistence-api:jar:2.2.3:compile <!-- JPA
[INFO] | +- org.hibernate:hibernate-core:jar:5.6.10.Final:compile
[INFO] | | +- net.bytebuddy:byte-buddy:jar:1.12.12:compile
[INFO] | | +- antlr:antlr:jar:2.7.7:compile
[INFO] | | +- org.jboss:jandex:jar:2.4.2.Final:compile
[INFO] | | \- org.hibernate.common:hibernate-commons-annotations:jar:5.1.2.Final:compile
[INFO] | +- org.springframework.data:spring-data-jpa:jar:2.7.2:compile
[INFO] | | +- org.springframework.data:spring-data-commons:jar:2.7.2:compile
[INFO] | | \- org.springframework:spring-orm:jar:5.3.22:compile
[INFO] | \- org.springframework:spring-aspects:jar:5.3.22:compile
...
For creating a REST Client am using the below dependency in Spring Boot:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
Which in turn downloads the jersey-client-2.23.1.jar.
My code for request builder is as below:
Client client = ClientBuilder.newClient();
WebTarget targetUrl = client.target("Some URL").path(userid)
.path("Some String");
Builder requestBuilder = targetUrl.request(MediaType.APPLICATION_JSON);
JsonParser parser = new JsonParser();
JsonArray objArray = (JsonArray) parser.parse(requestBuilder.get(String.class));
However I am getting the below exception in line number 3 of the above code:
java.lang.NoSuchMethodError: javax.ws.rs.core.MultivaluedMap.addAll(Ljava/lang/Object;[Ljava/lang/Object;)V
at org.glassfish.jersey.client.ClientRequest.accept(ClientRequest.java:336) ~[jersey-client-2.23.1.jar:na]
at org.glassfish.jersey.client.JerseyWebTarget.request(JerseyWebTarget.java:221) ~[jersey-client-2.23.1.jar:na]
at org.glassfish.jersey.client.JerseyWebTarget.request(JerseyWebTarget.java:59) ~[jersey-client-2.23.1.jar:na]
I saw few solution that it is due to version mismatch. So, I tried to added a lower version dependency:
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-client</artifactId>
<version>1.19.2</version>
</dependency>
But spring boot is not considering this version of jersey-client. Is there any way out so that I can solve the issue?
EDIT 1:
As mentioned in the first answer I used mvn dependency:tree and found 2 different version of jersey client available. One is compile time and one is run time:
[INFO] +- org.springframework.boot:spring-boot-starter-jersey:jar:1.4.0.RELEASE:compile
[INFO] | +- org.glassfish.jersey.core:jersey-server:jar:2.23.1:compile
[INFO] | | +- org.glassfish.jersey.core:jersey-common:jar:2.23.1:compile
[INFO] | | | +- org.glassfish.jersey.bundles.repackaged:jersey-guava:jar:2.23.1:compile
[INFO] | | | \- org.glassfish.hk2:osgi-resource-locator:jar:1.0.1:compile
[INFO] | | +- org.glassfish.jersey.core:jersey-client:jar:2.23.1:compile
and
[INFO] +- some.project.specific:jar:1.1.5.RELEASE:compile
[INFO] | +- some.project.specific:jar:1.4.10:compile
[INFO] | | +- com.sun.jersey:jersey-client:jar:1.19.1:runtime
I tried to exclude version 2.23.1 as below. Still it is including the jar.
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
<exclusions>
<exclusion>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-client-2.23.1</artifactId>
</exclusion>
</exclusions>
</dependency>
Check other dependencies on your project, try running mvn dependency:tree. Probably you have some other dependency to jersey 1.XX version, you should exclude it to keep just the 2.23.1.
Overall applicatiom I'm using Apache HttpComponents dependency:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
</dependency>
But also another library uses this artifact, but different version (4.3.2, not 4.5.2):
<dependency>
<groupId>com.sendgrid</groupId>
<artifactId>sendgrid-java</artifactId>
</dependency>
The problem is that API between this versions is changed and I'm getting this error:
Caused by: java.lang.ClassNotFoundException: org.apache.http.ssl.SSLContexts
How I can say to maven not to override Sendgrid's version of HttpComponents (4.3.2) with 4.5.2?
EDIT: version of httpcomponents is specified in dependencyManagement section of parent pom
Given the following parent pom.xml section:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>com.sendgrid</groupId>
<artifactId>sendgrid-java</artifactId>
<version>2.0.0</version>
</dependency>
</dependencies>
<modules>
<module>module-a</module>
<module>module-b</module>
</modules>
Indeed in module-a the dependency tree is the following, executing:
mvn dependency:tree
We get as part of the output:
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) # module-a ---
[INFO] com.sample:module-a:jar:0.0.1-SNAPSHOT
[INFO] \- com.sendgrid:sendgrid-java:jar:2.0.0:compile
[INFO] +- org.json:json:jar:20140107:compile
[INFO] +- org.apache.httpcomponents:httpcore:jar:4.3.2:compile
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.5.2:compile
[INFO] | +- commons-logging:commons-logging:jar:1.2:compile
[INFO] | \- commons-codec:commons-codec:jar:1.9:compile
[INFO] +- com.sendgrid:smtpapi-java:jar:1.0.0:compile
[INFO] \- org.apache.httpcomponents:httpmime:jar:4.3.4:compile
Note:
We get org.apache.httpcomponents:httpclient:jar:4.5.2:compile
We also get org.apache.httpcomponents:httpcore:jar:4.3.2:compile
A potential versons mismatch happens here between libraries of the same family
Adding then to the module-a's pom.xml the following:
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.3.2</version>
</dependency>
</dependencies>
</dependencyManagement>
And re-running our dependency tree execution, we get as part of the output:
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) # module-a ---
[INFO] com.sample:module-a:jar:0.0.1-SNAPSHOT
[INFO] \- com.sendgrid:sendgrid-java:jar:2.0.0:compile
[INFO] +- org.json:json:jar:20140107:compile
[INFO] +- org.apache.httpcomponents:httpcore:jar:4.3.2:compile
[INFO] +- org.apache.httpcomponents:httpclient:jar:4.3.2:compile
[INFO] | +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] | \- commons-codec:commons-codec:jar:1.6:compile
[INFO] +- com.sendgrid:smtpapi-java:jar:1.0.0:compile
[INFO] \- org.apache.httpcomponents:httpmime:jar:4.3.4:compile
We now get httpcore and httpclient aligned, with the versions we wanted.
Also note the httpmime to version 4.3.4, it's a fix version change, but still a misalignment (should be harmless though).
In this case it seems you are adding governance at parent level in dependencyManagement (good approach), but then at the level of one of the modules you need to override it. That can happen, but better to properly comment it, for maintenance and for the future yourself looking at it in the future.
Also note: other modules in this project would not be affected by this change, that is, they will still get version 4.5.2. If the final result of the whole multimodule build is an ear or war file, for example, carefully check what you eventually get.
It is impossible in a simple maven project to have 2 different versions of the same artifact in the classpath. So you cannot have 4.3.2 and 4.5.2 versions in the classpath simultaneously.
However there are several options... You can either
use in your project the older version (4.3.*), compatible with sendgrid-java dependency (simplest way); or
update sendgrid-java dependency, if newer one is compatible with http components 4.5.* (preferred way); or
mark sendgrid-java as a 'provided' dependency, build a separate class loader in runtime and load it with correct dependencies versions (a bit tricky, but I saw this approach in a couple bank applications)
I have a project that use both dependencies independently: BoneCP and Hibernate. But thanks to SLF4J and its version conflicts it does not work because BoneCP requires SLF4J 1.5 and Hibernate requires SLF4j 1.6. As you know it is not possible to important two different versions of the same dependency in your pom.xml. So what can I do to workaround this amazing SLF4J side-effect???
The error I get is the infamous:
SLF4J: The requested version 1.5.10 by your slf4j binding is not compatible with [1.6]
SLF4J: See http://www.slf4j.org/codes.html#version_mismatch for further details.
I would need to add this, but same dependency with two different versions is not allowed:
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.5.10</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.6.2</version>
<scope>provided</scope>
</dependency>
Maven dependency tree:
[INFO] [dependency:tree {execution: default-cli}]
[INFO] org.mentawai:menta:war:1.0.5-SNAPSHOT
[INFO] +- javax.servlet.jsp:jsp-api:jar:2.0:provided
[INFO] +- javax.servlet:servlet-api:jar:2.5:provided
[INFO] +- javax.activation:activation:jar:1.1:compile
[INFO] +- javax.mail:mail:jar:1.4:compile
[INFO] +- javax.persistence:persistence-api:jar:1.0:compile
[INFO] +- org.slf4j:slf4j-log4j12:jar:1.5.10:compile
[INFO] | +- org.slf4j:slf4j-api:jar:1.5.10:compile
[INFO] | \- log4j:log4j:jar:1.2.14:compile
[INFO] +- org.hibernate:hibernate-core:jar:3.6.7.Final:compile
[INFO] | +- antlr:antlr:jar:2.7.6:compile
[INFO] | +- commons-collections:commons-collections:jar:3.1:compile
[INFO] | +- dom4j:dom4j:jar:1.6.1:compile
[INFO] | +- org.hibernate:hibernate-commons-annotations:jar:3.2.0.Final:compile
[INFO] | +- org.hibernate.javax.persistence:hibernate-jpa-2.0-api:jar:1.0.1.Final:compile
[INFO] | \- javax.transaction:jta:jar:1.1:compile
[INFO] +- javassist:javassist:jar:3.12.1.GA:compile
[INFO] +- junit:junit:jar:4.8.1:test
[INFO] +- c3p0:c3p0:jar:0.9.1.2:compile
[INFO] +- com.h2database:h2:jar:1.2.138:compile
[INFO] +- mysql:mysql-connector-java:jar:5.1.13:compile
[INFO] +- me.soliveirajr:mentawai:jar:2.3.3-SNAPSHOT:compile
[INFO] | +- net.sf.json-lib:json-lib:jar:jdk15:2.3:compile
[INFO] | | +- commons-beanutils:commons-beanutils:jar:1.8.0:compile
[INFO] | | +- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] | | \- net.sf.ezmorph:ezmorph:jar:1.0.6:compile
[INFO] | +- org.jdom:jdom:jar:1.1:compile
[INFO] | +- com.thoughtworks.xstream:xstream:jar:1.3.1:compile
[INFO] | | \- xpp3:xpp3_min:jar:1.1.4c:compile
[INFO] | +- org.ajaxtags:ajaxtags:jar:1.2-beta3:compile
[INFO] | | +- javax.servlet:jstl:jar:1.0.6:compile
[INFO] | | +- taglibs:standard:jar:1.0.6:compile
[INFO] | | \- net.htmlparser:jericho-html:jar:2.1:compile
[INFO] | +- jgroups:jgroups-all:jar:2.2.9.1:compile
[INFO] | +- me.soliveirajr:menta-container:jar:0.9.8:compile
[INFO] | +- me.soliveirajr:menta-bean:jar:1.1.1:compile
[INFO] | +- me.soliveirajr:menta-regex:jar:0.9.5:compile
[INFO] | +- org.beanshell:bsh:jar:2.0b4:compile
[INFO] | +- com.jolbox:bonecp:jar:0.7.1.RELEASE:compile
[INFO] | | \- com.google.guava:guava:jar:r08:compile
[INFO] | +- velocity:velocity-dep:jar:1.4:compile
[INFO] | +- commons-fileupload:commons-fileupload:jar:1.2.2:compile
[INFO] | +- commons-io:commons-io:jar:1.3.2:compile
[INFO] | +- net.tanesha.recaptcha4j:recaptcha4j:jar:0.0.7:compile
[INFO] | \- commons-dbcp:commons-dbcp:jar:1.4:compile
[INFO] | \- commons-pool:commons-pool:jar:1.5.4:compile
[INFO] +- commons-lang:commons-lang:jar:2.5:compile
[INFO] \- asm:asm:jar:3.2:compile
The link provided in the error message, "http://www.slf4j.org/codes.html#version_mismatch", states:
An SLF4J binding designates an artifact such as slf4j-jdk14.jar or
slf4j-log4j12.jar used to bind slf4j to an underlying logging
framework, say, java.util.logging or log4j. Mixing mixing different
versions of slf4j-api.jar and SLF4J binding can cause problems. For
example, if you are using slf4j-api-1.6.6.jar, then you should also
use slf4j-simple-1.6.6.jar, using slf4j-simple-1.5.5.jar will not
work.
NOTE From the client's perspective all versions of slf4j-api are
compatible. Client code compiled with slf4j-api-N.jar will run
perfectly fine with slf4j-api-M.jar for any N and M. You only need to
ensure that the version of your binding matches that of the
slf4j-api.jar. You do not have to worry about the version of
slf4j-api.jar used by a given dependendency in your project. You can
always use ANY version of slf4j-api.jar, and as long as the version of
slf4j-api.jar and its binding match, you should be fine.
Given that all versions of slf4j-api are interchangeable from the clients perspective, in the scenario where different versions of slf4j-api and its binding e.g. slf4j-log4j12 are pulled in, explicitly declare them as dependencies in your POM as follows:
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.25</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.25</version>
</dependency>
Here I am assuming that you do not actually need to declare slf4j-api and slf4j-log4j12 in the provided scope.
See also Introduction to the Dependency Mechanism which states:
Dependency mediation - this determines what version of a dependency
will be used when multiple versions of an artifact are encountered.
Currently, Maven 2.0 only supports using the "nearest definition"
which means that it will use the version of the closest dependency to
your project in the tree of dependencies. You can always guarantee a
version by declaring it explicitly in your project's POM.
Just exclude 1.5.10 version of SLF4J
<dependency>
<groupId>...</groupId>
<artifactId>BoneCP</artifactId>
<version>...</version>
<exclusions>
<exclusion> <!-- declare the exclusion here -->
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.5.10</version>
</exclusion>
</exclusions>
</dependency>