For Java, it doesn't matter how many class versions you provide. By default, the class loader simply selects the first of the found class path.
Since you can run the application without errors, this means one of the following:
if javassist-3.9.0.GA.jar is the first in the class path: your application does not rely on new APIs or patches in javassist-3.20.0-GA.jar. Also, the APIs that you used for this library, changed between these versions (which the library should not do between minor versions) are not used
If javassist-3.20.0-GA.jar is the first in the classpath: the library is backward compatible
I suggest:
- If these dependencies are direct dependencies in different parts of the application, make sure that you use the same version everywhere. The best way is to fix the version in the dependencyManagement section of the parent POM and then omit the version attribute in the dependency sections.
- If these dependencies are transitive dependencies, then exclude the one you do not want to use to make sure that you have only one version of the library in your final application. Also consider the issue of the issue for a project that is still using the old version, and ask to update the dependency version.
- If you need to work with two incompatible versions of the same library that have the same package and class names, consider using a modular system such as OSGi, which to some extent supports different versions of the same library.