[
https://issues.apache.org/jira/browse/CXF-8204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Colm O hEigeartaigh resolved CXF-8204.
--------------------------------------
Resolution: Fixed
I updated CXF 3.3.x to use WSS4J 2.2.5-SNAPSHOT to make sure we pick up WSS4J
2.2.5 before CXF 3.3.6 is released.
> Dependency convergence issues with jaxws-api
> --------------------------------------------
>
> Key: CXF-8204
> URL: https://issues.apache.org/jira/browse/CXF-8204
> Project: CXF
> Issue Type: Bug
> Affects Versions: 3.3.5
> Reporter: Peter Major
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: 3.3.6
>
>
> When trying to use CXF 3.3.5 the Maven enforcer plugin reports the following
> dependency convergence issue:
> {noformat}
> +-org.apache.cxf:cxf-rt-ws-security:3.3.5
> +-org.apache.cxf:cxf-rt-security-saml:3.3.5
> +-javax.xml.ws:jaxws-api:2.3.1
> and
> +-org.apache.cxf:cxf-rt-ws-security:3.3.5
> +-org.apache.wss4j:wss4j-ws-security-dom:2.2.4
> +-org.apache.wss4j:wss4j-ws-security-common:2.2.4
> +-javax.xml.ws:jaxws-api:2.2.9
> {noformat}
> It appears that CXF brings in jaxws-api 2.3.1, but the 2.2.4 version of wss4j
> brings in 2.2.9. Looks like the upcoming 2.2.5 wss4j version will
> [update|https://github.com/apache/ws-wss4j/blob/2_2_x-fixes/pom.xml#L427]
> jaxws-api, but it hasn't been released yet.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
