[RTFACT-18447] Users are allowed to overwrite the manifest.json even if they have deploy/cache permissions only Created: 04/Feb/19  Updated: 17/Sep/20

Status: Open
Project: Artifactory Binary Repository
Component/s: Docker
Affects Version/s: 6.7.0
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Rafael Cunha de Almeida Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: PB_Done, QF, QF-P2

Attachments: PNG File Screen Shot 2019-02-13 at 9.32.57.png     PNG File Screen Shot 2019-02-13 at 9.43.45.png     PNG File Screen Shot 2019-02-13 at 9.46.18.png    


After creating a docker registry and giving users permissions to deploy/cache only, pushing the same image twice will cause the manifest.json metadata to be changed (deployed by and last modified). This will not happen if the contents of manifest.json the user tries to push are different than what's stored in artifactory.

Generated at Tue Sep 22 15:16:19 UTC 2020 using Jira 8.5.3#805003-sha1:b4933e02eaff29a49114274fe59e1f99d9d963d7.