[BUG] State leaks across parse operations since 2.1.24, causing cross-module schema contamination in long-lived JVMs (mvnd)

[sleicht]

Description

Since swagger-parser 2.1.24, schemas from one OpenAPIParser.readLocation() call can contaminate a subsequent call in the same JVM. This causes cross-module schema contamination when using openapi-generator-maven-plugin with mvnd (Maven Daemon) and parallel builds (-T1C).

The issue was introduced by two changes in 2.1.24:

1. ResolverFully response resolution logic (Add logic to process responses with resolvFully parsing option #2131)
2. IdsTraverser for OAS 3.1 $id dereferencing

Observed behaviour

Two independent Maven modules define schemas with case-near-colliding names:

• Module A: CountryDto (fields: identifier, label)
• Module B: CountryDTO (fields: code, name)

After several builds with a warm mvnd daemon, module A's generated CountryDto.java contains module B's CountryDTO class with fields code, name.

The issue reproduces almost every time with a warm daemon but never on the first build after daemon restart, and never with mvnd clean test-compile (only mvnd clean compile — the extra time from test compilation likely allows internal caches to expire).

Expected behaviour

Each OpenAPIParser.readLocation() call should be fully independent, with no shared mutable state leaking between invocations in the same JVM.

Version matrix

swagger-parser	Result with warm mvnd
2.1.23	✅ Works (last good)
2.1.24	❌ Breaks (first bad)
2.1.25–2.1.37	❌ Breaks

This is NOT the same issue as swagger-core#4672 (Json.mapper() thread-safety, fixed in swagger-core 2.2.24). Both working and broken swagger-parser versions use swagger-core ≥2.2.24 with that fix included.

Why mvnd specifically

Unlike standard Maven, mvnd keeps a long-lived daemon JVM alive between builds. Any static or class-level mutable state in swagger-parser persists across build invocations. Standard Maven (mvn) gets a fresh JVM each time, so the issue does not reproduce there.

Environment

• swagger-parser: 2.1.24+ (via openapi-generator-maven-plugin 7.14.0+)
• mvnd: 1.0.5
• Java: 21 (Temurin 21.0.10+7)
• Build config: -T1C (parallel builds, 1 thread per core)

Workaround

Pin swagger-parser to 2.1.23:

<plugin>
    <groupId>org.openapitools</groupId>
    <artifactId>openapi-generator-maven-plugin</artifactId>
    <version>7.20.0</version>
    <dependencies>
        <dependency>
            <groupId>io.swagger.parser.v3</groupId>
            <artifactId>swagger-parser</artifactId>
            <version>2.1.23</version>
        </dependency>
    </dependencies>
</plugin>

Related

• swagger-core#4672 — Json.mapper() thread-safety (different issue, already fixed)
• swagger-parser#2131 — the PR that introduced the ResolverFully response resolution