One of the project I work on includes a whole mish-mash of XML-related libraries including xerces, jdom, dom4j, jaxen, xalan. Some are direct dependencies and some are pulled in by other third-party dependencies like hibernate, tika, gate, etc. Many of these libraries have transitive dependencies on xerces and/or on some form of xml-api artifact, though the exact artifact name, and even the group name seem to vary randomly. What was xerces:xmlParserApis vs xml-apis:xml-apis vs xml-apis:xmlParserAPIs? Why were there versions of xml-api artifacts in the 2.0.x range, but they seemed older than version 1.0.b2 which so many libs depend on?
I recently tried to upgrade the included version of xerces from 2.6.2 to 2.9.1. This is the latest official release posted to Maven Central, though it is nearly 4 years old. (The latest official xerces release, 2.11.0, and the previous one, 2.10.0, are not in the primary maven repos. See XERCESJ-1454 if interested in more on why.) The upgrade caused some rather strange class loader errors that forced me to finally dig into this. What follows are my rough notes on the various xml-api related artifacts. They go in chronological order.
Group ID Artifact ID Version Release Date Notes
06/21/2002 xerces xmlParserApis 2.2.1 11/11/2002 includes all classes in 2.0.2, plus some security support stuff and other mods
xml-apis xml-apis 1.0.b2
12/01/2002 includes all but some security support and other util class in xerces:xmlParserApis:2.2.1, plus some additions
xerces xmlParserApis 2.6.0
11/18/2003 * all but 1 class from xml-apis:1.0.b2, plus the security support classes that were in xerces:xmlParserApis:2.2.1
* 2.6.2 was the last of this artifact
xml-apis xml-apis 1.2.01 * no jar, just a relocation tag to xerces:xmlParserApis:2.6.2
* Looks like this was added on 02/03/2010 (judging by date in http://repo1.maven.org/maven2/xml-apis/xml-apis/), about 3 years after other xml-apis:xml-apis entries like 1.3.04
xml-apis xml-apis 1.3.02 07/22/2005 * includes all but 1 class from v2.6.2 (dropped older security support stuff), plus many additions
* Included with xerces 2.7.1
xml-apis xml-apis 1.3.03 02/25/2006 * released with xerces 2.8.0
* xercesImpl:2.8.0 was the first one where they included dependency info in the pom
xml-apis xml-apis 1.3.04 11/19/2006 * xerces:xercesImpl:2.9.1 (09/14/2007) depends on this
* this is the last of this artifact in maven repos
One interesting note is that xml-apis:xml-apis:2.0.0 and 2.0.2 are newer than their equivalent versions of xerces:xmlParserApis and xml-apis:xmlParserAPIs.
While tedious, working out these relationships helped me track down the conflicting dependencies. I added these entries to my root project’s dependencyManagement section:
<dependency> <groupId>xml-apis</groupId> <artifactId>xml-apis</artifactId> <version>1.3.04</version> </dependency> <dependency> <groupId>jaxen</groupId> <artifactId>jaxen</artifactId> <version>1.1.1</version> <exclusions> <exclusion> <groupId>xerces</groupId> <artifactId>xmlParserAPIs</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>jmimemagic</groupId> <artifactId>jmimemagic</artifactId> <version>0.1.2</version> <exclusions> <exclusion> <groupId>xml-apis</groupId> <artifactId>xmlParserAPIs</artifactId> </exclusion> </exclusions> </dependency>
and all was good in the world again.