This is an automated email from the ASF dual-hosted git repository. gnodet pushed a commit to branch fix/downgrade-classworlds-2.9.0 in repository https://gitbox.apache.org/repos/asf/maven.git
commit d9987e73dddb38967ee8ec3f7d959da87b8b9468 Author: Guillaume Nodet <[email protected]> AuthorDate: Tue May 19 09:26:09 2026 +0200 Downgrade plexus-classworlds from 2.11.0 to 2.9.0 Classworlds 2.11.0 introduced a bug in ConfigurationParser.loadGlob where the glob file filter uses || (OR) instead of && (AND), causing patterns like "maven-*.jar" to match all jars. On Linux ext4, where File.listFiles() returns non-deterministic ordering, this leads to unpredictable classloading order and class collisions between maven-embedder and sisu-plexus (PlexusXmlBeanConverter), breaking lifecycle configuration injection. Fix: https://github.com/codehaus-plexus/plexus-classworlds/pull/147 Co-Authored-By: Claude Opus 4.6 <[email protected]> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 13ef71e0f8..456083d34c 100644 --- a/pom.xml +++ b/pom.xml @@ -145,7 +145,7 @@ under the License. <assertjVersion>3.27.7</assertjVersion> <asmVersion>9.9.1</asmVersion> <byteBuddyVersion>1.18.8</byteBuddyVersion> - <classWorldsVersion>2.11.0</classWorldsVersion> + <classWorldsVersion>2.9.0</classWorldsVersion> <commonsCliVersion>1.11.0</commonsCliVersion> <guiceVersion>5.1.0</guiceVersion> <guavaVersion>33.6.0-jre</guavaVersion>
