From 90ab6387974a92f290cb2409e88733e3fb71d74b Mon Sep 17 00:00:00 2001 From: Nihal Jain Date: Mon, 21 Oct 2024 21:26:41 +0530 Subject: [PATCH] HBASE-28921 Skip bundling hbase-webapps folder in jars (#6368) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We are bundling all webapp resources in hbase-server, hbase-thrift, hbase-rest and transitively to hbase-shaded-mapreduce jar. This can be an issue, say if any of the Js projects used by hbase are vulnerable, security scan tools like sonatype start flagging the jars too as vulnerable since they contain vulnerable code. With this JIRA, we skip bundling static webapp resources in our jars. Signed-off-by: Istvan Toth Reviewed-by: Dávid Paksy (cherry picked from commit 836630422df2776287a860eff9d7104c3eca0582) --- hbase-rest/pom.xml | 9 +++++++++ hbase-server/pom.xml | 1 + hbase-thrift/pom.xml | 9 +++++++++ 3 files changed, 19 insertions(+) diff --git a/hbase-rest/pom.xml b/hbase-rest/pom.xml index 99eb0fb77bec..c632b0ed8286 100644 --- a/hbase-rest/pom.xml +++ b/hbase-rest/pom.xml @@ -297,6 +297,15 @@ true + + org.apache.maven.plugins + maven-jar-plugin + + + **/hbase-webapps/** + + + maven-antrun-plugin diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml index 24bea0f07f54..6a1df3652816 100644 --- a/hbase-server/pom.xml +++ b/hbase-server/pom.xml @@ -460,6 +460,7 @@ log4j.properties mapred-queues.xml mapred-site.xml + **/hbase-webapps/** diff --git a/hbase-thrift/pom.xml b/hbase-thrift/pom.xml index c83988e530a1..afdbd0c5b7fa 100644 --- a/hbase-thrift/pom.xml +++ b/hbase-thrift/pom.xml @@ -210,6 +210,15 @@ true + + org.apache.maven.plugins + maven-jar-plugin + + + **/hbase-webapps/** + + + maven-antrun-plugin