Maven plugin version not specified

From Maven 3.x Compatibility Notes:

Automatic Plugin Version Resolution

When a plugin was invoked without an explicit version given in the POM or on the command line, Maven 2.x used to pick the latest version available where the latest version could either be a release or a snapshot. For the sake of stability, Maven 3.x prefers the latest release version over the latest snapshot version.

Given the threat of non-reproducible builds imposed by automatic plugin version resolution, this feature is scheduled for removal as far as plugin declarations in the POM are concerned. Users of Maven 3.x will find it output a warning when missing plugin versions are detected to encourage the addition of plugin versions to the POM or one of its parent POMs. The Enforcer rule requirePluginVersions can be used additionally check for missing plugin versions in the POM.


If you check the maven-metadata.xml file that is in your remote repository (e.g. Nexus) alongside the plugin artifact, you'll see something like this:

<metadata>
    <groupId>com.company.maven.plugins</groupId>
    <artifactId>some-maven-plugin</artifactId>
    <versioning>
      <latest>0.3.6</latest>
      <release>0.3.6</release>
      <versions>
        <version>0.1</version>
        <version>0.2</version>
        <version>0.3.0</version>
        <version>0.3.1</version>
        <version>0.3.2</version>
        <version>0.3.4</version>
        <version>0.3.5</version>
        <version>0.3.6</version>
      </versions>
      <lastUpdated>20140414212942</lastUpdated>
    </versioning>
  </metadata>

I think Maven may use the <latest> value to decide which plugin to download if the version is not specified.

Maven 3.0.x gives warnings for missing plugin versions and says "future versions of Maven may refuse to build malformed POMs like these" or something like that. You should always specify the plugin versions so your build is reproducible. Otherwise you can end up with some really hard to find bugs.