Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-8032

Setting a bad S3 endpoint can delete filestore if eventual/_add symlink is set

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.9.4, 4.0.2
    • Fix Version/s: 4.2.0
    • Component/s: Filestore
    • Labels:
      None

      Description

      If you set an S3 endpoint in your storage.properties file and that endpoint goes to a page that returns 200 (like standard HTML like a login page) then Artifactory will see the 200 when checking if a file exists on the bucket, take that as confirmed file exists, skip uploading and delete it from the filestore. This has the effect of deleting the whole filestore. If no backup was made this could cause a serious situation.

      We need to check that the endpoint is valid before performing any filesync or some other logical way to prevent this.

        Attachments

          Activity

            People

            Assignee:
            gidis Gidi Shabat
            Reporter:
            aaronr Aaron Rhodes
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: