Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-13085

Allowed to overwrite artefacts without delete permissions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: 4 - Normal
    • Resolution: Unresolved
    • Affects Version/s: 4.15.0
    • Fix Version/s: None
    • Component/s: Maven
    • Environment:

      Artifactory v 4.15.0, Jenkins 2.19.4

    • Severity:
      Medium

      Description

      We have a Maven repository set up that our Jenkins server is allowed to deploy to. The repository Snapshot behavior is set to "Deployer" so the version information from the Maven POM file is retained. Deploying works without a problem.

      However, it is still possible for Jenkins (or any user with Deploy permissions for that matter) to re-upload a build of the same version. This is not expected, as this effectively allows user to overwrite existing artefacts without having Delete permissions.

      Using a different Snapshot behavior to ensure artefacts are not overwritten by jenkins is not a viable option as users can still re-upload manually.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            ulrichth Thomas Ulrich (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Sync Status

                Connection: RTFACT Sync
                RTMID-13085 -
                SYNCHRONIZED
                • Last Sync Date: