Interpreting "omitted for conflict" in maven 2 dependency tree
This is a dependency tree generated by Maven 2.2.1 with
mvn -o dependency:tree -Dverbose -Dincludes=log4j
[INFO] [dependency:tree {execution: default-cli}]
[INFO] com.openboxes.renderingservice:common:jar:1.0
[INFO] +- org.springframework:spring:jar:2.0.4:compile
[INFO] | \- commons-logging:commons-logging:jar:1.1:compile
[INFO] | \- log4j:log4j:jar:1.2.12:compile
[INFO] \- it.mycompany.portal:server:jar:1.5-SNAPSHOT:compile
[INFO] \- org.slf4j:slf4j-log4j12:jar:1.1.0:compile
[INFO] \- (log4j:log4j:jar:1.2.13:compile - omitted for conflict with 1.2.12)
As you can see log4j v1.2.12 is preferred over v1.2.13.
I know that "Maven resolves version conflicts with a nearest-wins strategy" (see http://maven.apache.org/plugins/maven-dependency-plugin/examples/resolving-conflicts-using-the-dependency-tree.html) but these two dependencies seem to be at the same distance (two nesting levels, am I wrong?) so I expect that the most recent one is used.
Can someone explain this result?
Yes, log4j is not explicitly declared in this POM (and I think it should be), but I would like to better understand the way Maven works.
Thx
Answer
I've found the answer by myself at http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html: "if two dependency versions are at the same depth in the dependency tree, until Maven 2.0.8 it was not defined which one would win, but since Maven 2.0.9 it's the order in the declaration that counts: the first declaration wins".
It seems a very questionable strategy to me. :-\