From 6cdd0464fec833e678dff03e62baa64f76b41aa2 Mon Sep 17 00:00:00 2001 From: Nihal Jain Date: Mon, 21 Oct 2024 21:26:41 +0530 Subject: [PATCH] HBASE-28921 Skip bundling hbase-webapps folder in jars (#6368) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We are bundling all webapp resources in hbase-server, hbase-thrift, hbase-rest and transitively to hbase-shaded-mapreduce jar. This can be an issue, say if any of the Js projects used by hbase are vulnerable, security scan tools like sonatype start flagging the jars too as vulnerable since they contain vulnerable code. With this JIRA, we skip bundling static webapp resources in our jars. Signed-off-by: Istvan Toth Reviewed-by: Dávid Paksy (cherry picked from commit 836630422df2776287a860eff9d7104c3eca0582) --- hbase-rest/pom.xml | 9 +++++++++ hbase-server/pom.xml | 1 + hbase-thrift/pom.xml | 9 +++++++++ 3 files changed, 19 insertions(+) diff --git a/hbase-rest/pom.xml b/hbase-rest/pom.xml index 64ce0eb7746c..c57a896c8c0d 100644 --- a/hbase-rest/pom.xml +++ b/hbase-rest/pom.xml @@ -290,6 +290,15 @@ true + + org.apache.maven.plugins + maven-jar-plugin + + + **/hbase-webapps/** + + + maven-antrun-plugin diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml index b81c1492af9e..327579d5b00e 100644 --- a/hbase-server/pom.xml +++ b/hbase-server/pom.xml @@ -465,6 +465,7 @@ log4j.properties mapred-queues.xml mapred-site.xml + **/hbase-webapps/** diff --git a/hbase-thrift/pom.xml b/hbase-thrift/pom.xml index 0cd15bd48529..049ed345f939 100644 --- a/hbase-thrift/pom.xml +++ b/hbase-thrift/pom.xml @@ -203,6 +203,15 @@ true + + org.apache.maven.plugins + maven-jar-plugin + + + **/hbase-webapps/** + + + maven-antrun-plugin