Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-13085

Allowed to overwrite artefacts without delete permissions

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Deferred
    • Affects Version/s: 4.15.0
    • Fix Version/s: None
    • Component/s: Maven
    • Environment:

      Artifactory v 4.15.0, Jenkins 2.19.4

    • Severity:
      Medium

      Description

      We have a Maven repository set up that our Jenkins server is allowed to deploy to. The repository Snapshot behavior is set to "Deployer" so the version information from the Maven POM file is retained. Deploying works without a problem.

      However, it is still possible for Jenkins (or any user with Deploy permissions for that matter) to re-upload a build of the same version. This is not expected, as this effectively allows user to overwrite existing artefacts without having Delete permissions.

      Using a different Snapshot behavior to ensure artefacts are not overwritten by jenkins is not a viable option as users can still re-upload manually.

        Attachments

          Activity

              People

              Assignee:
              Unassigned
              Reporter:
              ulrichth Thomas Ulrich (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-13085 -
                  SYNCHRONIZED
                  • Last Sync Date: