Howdy,

just my 5 cents: I'd align with Francois here. Ranges (to me) are like
SNAPSHOTs. You DO want to control them, and not let someone/something
else control those.

T

On Tue, 30 Jun 2026 at 13:37, Francois Marot <[email protected]> wrote:
>
> Hello all,
> I would not be as affirmative as Greg and Elliotte. I think that parents
> pom usually either define WHAT you build (defining dependencies) or HOW you
> build (defining Maven plugins configuration) or a mix of both.
> In the case of a parent pom defining exclusively HOW you build, it may be a
> good idea to benefit from plugins upgrades shared amongst many projects.
> But as soon as thing turn specific (defining Java version, dependencies
> version, ...) I agree this may not be a good idea.
> best regards
>
> Francois
>
> Le mar. 30 juin 2026 à 13:21, Elliotte Rusty Harold <[email protected]> a
> écrit :
>
> > Whether it works or not, you really, really don't want to do this.
> > It's a source of really hard to diagnose security bugs.
> >
> > On Mon, Jun 29, 2026 at 6:37 PM KARR, DAVID via users
> > <[email protected]> wrote:
> > >
> > > We are wondering whether we can use a version range for the
> > "parent"->"version" property in our pom.xml. The docs don't explicitly say
> > so, but comparing the info for the "version" property in "parent" vs.
> > "dependency", we see that only in "dependency" does it mention the
> > possibility of using the range syntax.  In our tests, it didn't reject the
> > range syntax in the parent, but we'd have to set up a more complex test to
> > verify whether it's actually respecting it.  We're currently on version
> > 3.9.8.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [email protected]
> > > For additional commands, e-mail: [email protected]
> > >
> >
> >
> > --
> > Elliotte Rusty Harold
> > [email protected]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to