Maven + SLF4J: Version conflict when using two different dependencies that require two different SLF4J versions

Question

I have a project that use both dependencies independently: BoneCP and Hibernate. But thanks to SLF4J and its version conflicts it does not work because BoneCP requires SLF4J 1.5 and Hibernate requires SLF4j 1.6. As you know it is not possible to important two different versions of the same dependency in your pom.xml. So what can I do to workaround this amazing SLF4J side-effect???

The error I get is the infamous:

SLF4J: The requested version 1.5.10 by your slf4j binding is not compatible with [1.6] SLF4J: See http://www.slf4j.org/codes.html#version_mismatch for further details. 

I would need to add this, but same dependency with two different versions is not allowed:

<dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.5.10</version> <scope>provided</scope> </dependency>     <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.6.2</version> <scope>provided</scope> </dependency>    

Maven dependency tree:

[INFO] [dependency:tree {execution: default-cli}] [INFO] org.mentawai:menta:war:1.0.5-SNAPSHOT [INFO] +- javax.servlet.jsp:jsp-api:jar:2.0:provided [INFO] +- javax.servlet:servlet-api:jar:2.5:provided [INFO] +- javax.activation:activation:jar:1.1:compile [INFO] +- javax.mail:mail:jar:1.4:compile [INFO] +- javax.persistence:persistence-api:jar:1.0:compile [INFO] +- org.slf4j:slf4j-log4j12:jar:1.5.10:compile [INFO] |  +- org.slf4j:slf4j-api:jar:1.5.10:compile [INFO] |  \- log4j:log4j:jar:1.2.14:compile [INFO] +- org.hibernate:hibernate-core:jar:3.6.7.Final:compile [INFO] |  +- antlr:antlr:jar:2.7.6:compile [INFO] |  +- commons-collections:commons-collections:jar:3.1:compile [INFO] |  +- dom4j:dom4j:jar:1.6.1:compile [INFO] |  +- org.hibernate:hibernate-commons-annotations:jar:3.2.0.Final:compile [INFO] |  +- org.hibernate.javax.persistence:hibernate-jpa-2.0-api:jar:1.0.1.Final:compile [INFO] |  \- javax.transaction:jta:jar:1.1:compile [INFO] +- javassist:javassist:jar:3.12.1.GA:compile [INFO] +- junit:junit:jar:4.8.1:test [INFO] +- c3p0:c3p0:jar:0.9.1.2:compile [INFO] +- com.h2database:h2:jar:1.2.138:compile [INFO] +- mysql:mysql-connector-java:jar:5.1.13:compile [INFO] +- me.soliveirajr:mentawai:jar:2.3.3-SNAPSHOT:compile [INFO] |  +- net.sf.json-lib:json-lib:jar:jdk15:2.3:compile [INFO] |  |  +- commons-beanutils:commons-beanutils:jar:1.8.0:compile [INFO] |  |  +- commons-logging:commons-logging:jar:1.1.1:compile [INFO] |  |  \- net.sf.ezmorph:ezmorph:jar:1.0.6:compile [INFO] |  +- org.jdom:jdom:jar:1.1:compile [INFO] |  +- com.thoughtworks.xstream:xstream:jar:1.3.1:compile [INFO] |  |  \- xpp3:xpp3_min:jar:1.1.4c:compile [INFO] |  +- org.ajaxtags:ajaxtags:jar:1.2-beta3:compile [INFO] |  |  +- javax.servlet:jstl:jar:1.0.6:compile [INFO] |  |  +- taglibs:standard:jar:1.0.6:compile [INFO] |  |  \- net.htmlparser:jericho-html:jar:2.1:compile [INFO] |  +- jgroups:jgroups-all:jar:2.2.9.1:compile [INFO] |  +- me.soliveirajr:menta-container:jar:0.9.8:compile [INFO] |  +- me.soliveirajr:menta-bean:jar:1.1.1:compile [INFO] |  +- me.soliveirajr:menta-regex:jar:0.9.5:compile [INFO] |  +- org.beanshell:bsh:jar:2.0b4:compile [INFO] |  +- com.jolbox:bonecp:jar:0.7.1.RELEASE:compile [INFO] |  |  \- com.google.guava:guava:jar:r08:compile [INFO] |  +- velocity:velocity-dep:jar:1.4:compile [INFO] |  +- commons-fileupload:commons-fileupload:jar:1.2.2:compile [INFO] |  +- commons-io:commons-io:jar:1.3.2:compile [INFO] |  +- net.tanesha.recaptcha4j:recaptcha4j:jar:0.0.7:compile [INFO] |  \- commons-dbcp:commons-dbcp:jar:1.4:compile [INFO] |     \- commons-pool:commons-pool:jar:1.5.4:compile [INFO] +- commons-lang:commons-lang:jar:2.5:compile [INFO] \- asm:asm:jar:3.2:compile 

Answer 1

The link provided in the error message, "http://www.slf4j.org/codes.html#version_mismatch", states:

An SLF4J binding designates an artifact such as slf4j-jdk14.jar or slf4j-log4j12.jar used to bind slf4j to an underlying logging framework, say, java.util.logging or log4j. Mixing mixing different versions of slf4j-api.jar and SLF4J binding can cause problems. For example, if you are using slf4j-api-1.6.6.jar, then you should also use slf4j-simple-1.6.6.jar, using slf4j-simple-1.5.5.jar will not work.

NOTE From the client's perspective all versions of slf4j-api are compatible. Client code compiled with slf4j-api-N.jar will run perfectly fine with slf4j-api-M.jar for any N and M. You only need to ensure that the version of your binding matches that of the slf4j-api.jar. You do not have to worry about the version of slf4j-api.jar used by a given dependendency in your project. You can always use ANY version of slf4j-api.jar, and as long as the version of slf4j-api.jar and its binding match, you should be fine.

Given that all versions of slf4j-api are interchangeable from the clients perspective, in the scenario where different versions of slf4j-api and its binding e.g. slf4j-log4j12 are pulled in, explicitly declare them as dependencies in your POM as follows:

<dependency>   <groupId>org.slf4j</groupId>   <artifactId>slf4j-api</artifactId>   <version>1.7.25</version> </dependency>     <dependency>   <groupId>org.slf4j</groupId>   <artifactId>slf4j-log4j12</artifactId>   <version>1.7.25</version> </dependency>    

Here I am assuming that you do not actually need to declare slf4j-api and slf4j-log4j12 in the provided scope.

See also Introduction to the Dependency Mechanism which states:

Dependency mediation - this determines what version of a dependency will be used when multiple versions of an artifact are encountered. Currently, Maven 2.0 only supports using the "nearest definition" which means that it will use the version of the closest dependency to your project in the tree of dependencies. You can always guarantee a version by declaring it explicitly in your project's POM.