Avoiding the use of unversioned plugins
If you have associated a plugin with your application POM, without a version, then Maven will download the corresponding maven-metadata.xml file and store it locally. Only the latest released version of the plugin will be downloaded and used in the project. This can easily create uncertainties. Your project may work fine with the current version of a plugin, but later, if there is a new release of the same plugin, your Maven project will start to use the latest one automatically. This can result in an unpredictable behavior and lead to a debugging mess.
Tip
It is always recommended that you specify the plugin version along with the plugin configuration.
You can enforce this as a rule with the Maven enforcer plugin, shown as follows:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.3.1</version>
<executions>
<execution>
...
