I am not sure if we have enough context yet about the actual issue, warnings and errors reported here. Maybe breaking this down helps us understand the actual behavior of Gradle / Maven.
In the warning it reports that solr:solr-core is invalid because it is missing version definitions for 5 dependencies, specifically the faterxml dependencies defined in our gradle file. This is the case because we have not specified the BOM as platform dependency, which means that there will be no DependencyManagement block added to the pom.xml. Adding fasterxml's BOM as platform dependency to solr-core module will resolve the warning and likely all the errors mentioned. The missing version definition is a behavior expected when BOMs are added via DependencyManagement. If the above addition to solr-core does not solve the errors, then it is likely an issue with the scopes or Maven itself (not being able to take DependencyManagement into account), which I believe may require us to explicitly define all versions for all modules with a post-action task like Jan proposed in his PR. I was able to identify this behavior by following these steps: 1. generate the pom.xml file of solr-core via ./gradlew :solr:solr-core:generatePomFileForJarsPublication 2. see that <dependencyManagement> is missing 3. add implementation platform(libs.fasterxml.jackson.bom) to the solr-core's build.gradle dependencies 4. regenerate the pom.xml and find the <dependencyManagement> For all the other modules that were mentioned we currently have specified the versions explicitly or have the BOM already included, so I couldn't find any issues there, neither was a warning or error mentioning these (correct me if there are any). What I would suspect too are any transitive dependencies inside our project that could eventually not make it to the pom.xml due to the transitive resolution, but I couldn't find anything suspicious there either. I also asked Claude what else could cause issues, and it mentioned the different scopes (which could be an issue, but I don't believe so) and the way the BOMs are included, via implementation or api, which could lead to missing dependencyManamagement block if using implementation (which in my case did not cause any issues). Can we check if the warnings and errors are gone by adding the missing BOM as platform dependency? And an additional check I would like to do, are the warnings and errors gone if the project manually adds the dependencyManagement block with the BOMs of the libraries that don't have a version? Because that would likely be a quick workaround / solution for any consumers of Solr 10.0.0. Best, Christos On Sat, Mar 7, 2026 at 6:03 PM Bram Luyten <[email protected]> wrote: > Hi Jan, > > Thank you for the swift feedback. To clarify: our app (DSpace, an > open-source repository platform) depends on both: > > 1. solr-solrj (runtime) — as a Solr client > 2. solr-core (test scope) — for EmbeddedSolrServer in our integration tests > > The issue we're seeing is that the published Maven POMs for solr-core (and > solr-solrj, solr-api) on Maven Central reference > com.fasterxml.jackson.core:jackson-databind, jackson-core, > jackson-annotations, jackson-dataformat-smile, and jackson-dataformat-cbor > without specifying a version. Since Solr's Gradle build manages these > versions via a BOM/platform that isn't published as a Maven BOM, Maven > considers the POM invalid and drops all transitive dependencies from that > artifact. > > The Maven warning we see is: > > [WARNING] The POM for org.apache.solr:solr-core:jar:10.0.0 is invalid, > transitive dependencies (if any) will not be available: > 5 problems were encountered while building the effective model for > org.apache.solr:solr-core:10.0.0 > [ERROR] 'dependencies.dependency.version' for > com.fasterxml.jackson.core:jackson-annotations:jar is missing. > [ERROR] 'dependencies.dependency.version' for > com.fasterxml.jackson.core:jackson-core:jar is missing. > [ERROR] 'dependencies.dependency.version' for > com.fasterxml.jackson.core:jackson-databind:jar is missing. > [ERROR] 'dependencies.dependency.version' for > com.fasterxml.jackson.dataformat:jackson-dataformat-smile:jar is missing. > [ERROR] 'dependencies.dependency.version' for > com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar is missing. > > The practical impact for Maven consumers: all transitive dependencies of > the affected artifact are lost (not just the Jackson ones). We had to > manually declare ~20+ transitive dependencies of solr-core in our own POM > (Jersey, OpenTelemetry, Curator, Lucene modules, etc.) to work around this. > > For solr-solrj the impact is smaller since it has fewer transitive deps, > but the same invalid-POM warning appears. > > Bram > > On Sat, Mar 7, 2026 at 3:32 PM Jan Høydahl <[email protected]> wrote: > > > I have not looked into it, but it sounds like something that deserves a > > JIRA to look into. > > To clarify, your app imports solr-solrj to act as a client, and you are > > forced to manually specify jackson version. You do not depend on > solr-core > > directly? > > > > Jan > > > > > 7. mars 2026 kl. 08:28 skrev Bram Luyten <[email protected]>: > > > > > > Hi, > > > > > > I've been lurking on the sidelines on your mailinglist since December > > > watching the final steps of the SOLR 10 release, thank you very much > for > > > all the work and congratulations on the release!!! > > > > > > While integrating Solr 10.0.0 as a Maven dependency in our project > > > (DSpace), we discovered that the published POMs for solr-core, > > solr-solrj, > > > and solr-api on Maven Central are missing <version> elements for their > > > Jackson 2 (com.fasterxml.jackson) dependencies. > > > > > > Affected artifacts: > > > > > > solr-core:10.0.0 jackson-annotations, jackson-core, jackson-databind, > > > jackson-dataformat-smile, jackson-dataformat-cbor > > > solr-solrj:10.0.0 jackson-databind, jackson-annotations, jackson-core > > > solr-api:10.0.0 jackson-annotations > > > > > > Impact: Maven marks these POMs as invalid and refuses to resolve any > > > transitive dependencies from the affected modules. For solr-core, this > > > means ~50+ transitive dependencies are silently lost (Jersey, > > > OpenTelemetry, Curator, Lucene modules, HPPC, etc.). Projects that use > > > solr-core as a test dependency for EmbeddedSolrServer must manually > > declare > > > all of these. > > > > > > Maven warning: > > > [WARNING] The POM for org.apache.solr:solr-core:jar:10.0.0 is invalid, > > > transitive dependencies > > > (if any) will not be available: 5 problems were encountered while > > > building the effective model > > > for org.apache.solr:solr-core:10.0.0 > > > [ERROR] 'dependencies.dependency.version' for > > > com.fasterxml.jackson.core:jackson-annotations:jar is missing. > > > [ERROR] 'dependencies.dependency.version' for > > > com.fasterxml.jackson.core:jackson-core:jar is missing. > > > [ERROR] 'dependencies.dependency.version' for > > > com.fasterxml.jackson.core:jackson-databind:jar is missing. > > > [ERROR] 'dependencies.dependency.version' for > > > com.fasterxml.jackson.dataformat:jackson-dataformat-smile:jar is > missing. > > > [ERROR] 'dependencies.dependency.version' for > > > com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar is > missing. > > > > > > Root cause (likely): Solr 10 uses Gradle for building and uses a > Jackson > > 2 > > > BOM (jackson-bom) for version management. The Gradle maven-publish > plugin > > > generates the POM from the Gradle model, but BOM-managed versions are > not > > > resolved/flattened into the published POM. Since the published POM has > no > > > <parent> element, there is no BOM to fall back on at consumption time. > > > > > > Workaround: Projects that depend on solr-core (e.g. for testing with > > > EmbeddedSolrServer) must explicitly declare all dependencies that would > > > normally come transitively through solr-core. In our case this meant > > adding > > > ~20 explicit test dependencies to match what solr-core would have > > provided. > > > > > > Would it be worth creating a JIRA for this? The fix would likely > involve > > > either adding explicit versions to the Gradle dependency declarations > for > > > Jackson, or configuring the maven-publish plugin to resolve BOM-managed > > > versions when generating POMs. > > > > > > Thanks, > > > > > > Bram Luyten, Atmire > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > >
