When running quarkusDev, .env is copied to build/classes/java/main/ (or build/classes/kotlin/main/). If quarkusBuild is executed afterwards without running "clean" before, an uber-jar will contain that file.
Linux ***** 5.14.14-arch1-1 #1 SMP PREEMPT Wed, 20 Oct 2021 21:35:18 +0000 x86_64 GNU/Linux
Output of java -version
openjdk version "11.0.13" 2021-10-19 OpenJDK Runtime Environment GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05) OpenJDK 64-Bit Server VM GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05, mixed mode, sharing)
GraalVM version (if different from Java)
No response
Quarkus version or git rev
2.3.1.Final
Build tool (ie. output of mvnw --version or gradlew --version)
Gradle 7.2
Additional information
This might leak potentially sensitive information like credentials used during development.
Describe the bug
When running quarkusDev, .env is copied to build/classes/java/main/ (or build/classes/kotlin/main/). If quarkusBuild is executed afterwards without running "clean" before, an uber-jar will contain that file.
Expected behavior
Uber-jar should not contain .env file.
Actual behavior
It does.
How to Reproduce?
Output of
uname -aorverLinux ***** 5.14.14-arch1-1 #1 SMP PREEMPT Wed, 20 Oct 2021 21:35:18 +0000 x86_64 GNU/Linux
Output of
java -versionopenjdk version "11.0.13" 2021-10-19 OpenJDK Runtime Environment GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05) OpenJDK 64-Bit Server VM GraalVM CE 21.3.0 (build 11.0.13+7-jvmci-21.3-b05, mixed mode, sharing)
GraalVM version (if different from Java)
No response
Quarkus version or git rev
2.3.1.Final
Build tool (ie. output of
mvnw --versionorgradlew --version)Gradle 7.2
Additional information
This might leak potentially sensitive information like credentials used during development.
https://github.com/quarkusio/quarkus/issues/21024
$upstream:21024$