I don't like these JavaEE jars in Maven... there are zillions of jars containing javax.* classes...
currently, org.apache.geronimo.bundles:jstl:1.2_1 contains for example org.apache.taglibs.standard.extra.spath package, but it's not part of (what I think) official org.apache.taglibs:taglibs-standard*:1.2.5.
this package is also inside org.glassfish.web:javax.servlet.jsp.jstl:1.2.5 but this jar contains for example packages com.oracle.wls.shaded which I don't think we want.
org.apache.taglibs jars also do not contain c-1_0-rt.tld (and *-rt.tld versions).
I used org.jboss.spec.javax.servlet.jstl:jboss-jstl-api_1.2_spec:1.1.4.Final which is based on org.apache.taglibs:taglibs-standard-*:1.2.5, but with org.apache.taglibs.standard.extra.spath package.