I have a web application in which the dependencies pull in two jars called:
when I package the WAR I have both of these in the WEB-INF/lib directory, my question is that the application is running and why I wouldn't get any issues because apparently I have same classes in both jars and there should be issues right?
For Java it doesn't matter how many versions of a class you provide. The default classloader will just pick the first one on the classpath it can find.
Since you can run the application without error this means one of the following:
if javassist-3.9.0.GA.jar is first on the classpath: your application doesn't rely on new APIs or bugfixes in javassist-3.20.0-GA.jar Also no APIs you used of this library changed between these versions (which a library shouldn't do between minor versions)
if javassist-3.20.0-GA.jar is first on the classpath: the library is backwards compatible
I suggest: