When configuring event based replication with pathPrefix in 7.27.4+, any file that does not match the pathPrefix still creates replication events, but only the file path is replicated. This means if you have a docker repository with event-based replication and a pathPrefix of /test/path/, when you push an image of /test/path/test/image it will replicate over. An image of /different/path/to/image should not replicate, but it still triggers the replication for the folders. This creates empty folders under /different/path/to/, and then the image replication is skipped (due to the pathPrefix).
This causes tons of empty folders to appear, which can be a security issue if you show information to the destination repository that should not be there (project names, sensitive information, etc). Additionally this is creating a large amount of replication events which creates a heavily increased load on the systems, making them prone to instability.
What is the expected behavior?
Before 7.27.4, the replication only occurred if the file path matched the pathPrefix. If the did not match, then replication skipped over both the file and the folders. Currently, only the file is skipped, the folders are still replicated.
Steps to reproduce: (On a clean environment)
Set up two instances, one source and one destination. Set up event based replication from the source to the destination with a specific pathPrefix, then upload a file that does not match the pathPrefix. You will see the destination now has empty folders created.
To further portray the issue, I've provided an image below. The pathPrefix was /docker-path/, so when I uploaded an image under docker-path/test/tutum/dnsutils it replicated an image, but any other path is replicating over a path of empty folders.