Uploaded image for project: 'Maven Shade Plugin'
  1. Maven Shade Plugin
  2. MSHADE-240

support relocation pom.properties and pom.xml descriptors in shaded jars

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.3
    • Fix Version/s: 3.0.0
    • Labels:
      None

      Description

      When using shade plugin to embbed (and relocate to be safe) some dependency the final jar ends up with the dependency /META-INF/maven/<groupid>/<artifactid>/* files.

      The problem is that in the final jars those files essentially become a lie for any tools looking at those descriptors to find out what the jar contains and you end up with false positive.

      Ideally they should be stripped when relocating a dependency since it means the jar does not contain what is indicated in those files anymore, only something that happen to have the same feature but with completely different packages (so unusable). An alternative is to move them in some other place like /META-INF/shade/maven/<groupid>/<artifactid>/* for example, so that you still keep information about what has been shaded.

        Attachments

          Activity

            People

            • Assignee:
              rfscholte Robert Scholte
              Reporter:
              tmortagne Thomas Mortagne
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: