From cc828e83890464b1c7c2b003b25629f17abeb1eb Mon Sep 17 00:00:00 2001 From: Nihal Jain Date: Mon, 21 Oct 2024 21:26:41 +0530 Subject: [PATCH] HBASE-28921 Skip bundling hbase-webapps folder in jars (#6368) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We are bundling all webapp resources in hbase-server, hbase-thrift, hbase-rest and transitively to hbase-shaded-mapreduce jar. This can be an issue, say if any of the Js projects used by hbase are vulnerable, security scan tools like sonatype start flagging the jars too as vulnerable since they contain vulnerable code. With this JIRA, we skip bundling static webapp resources in our jars. Signed-off-by: Istvan Toth Reviewed-by: Dávid Paksy (cherry picked from commit 836630422df2776287a860eff9d7104c3eca0582) --- hbase-rest/pom.xml | 9 +++++++++ hbase-server/pom.xml | 1 + hbase-thrift/pom.xml | 9 +++++++++ 3 files changed, 19 insertions(+) diff --git a/hbase-rest/pom.xml b/hbase-rest/pom.xml index 2ac2686ec38c..5b60ed4c963e 100644 --- a/hbase-rest/pom.xml +++ b/hbase-rest/pom.xml @@ -297,6 +297,15 @@ true + + org.apache.maven.plugins + maven-jar-plugin + + + **/hbase-webapps/** + + + maven-antrun-plugin diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml index 132e1faa6ca6..52993aeccfcf 100644 --- a/hbase-server/pom.xml +++ b/hbase-server/pom.xml @@ -465,6 +465,7 @@ log4j.properties mapred-queues.xml mapred-site.xml + **/hbase-webapps/** diff --git a/hbase-thrift/pom.xml b/hbase-thrift/pom.xml index 64d8fc933ab7..7bfc6f39a2bc 100644 --- a/hbase-thrift/pom.xml +++ b/hbase-thrift/pom.xml @@ -210,6 +210,15 @@ true + + org.apache.maven.plugins + maven-jar-plugin + + + **/hbase-webapps/** + + + maven-antrun-plugin