[MNG-7375] Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.8.4
Fix Version/s: None
Component/s: Artifacts and Repositories
Labels:
None

Description

Currently the metadata at https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml contains an invalid entry without a prefix:

<metadata>
  <plugins>
    <plugin>
      <name>Apache Jackrabbit FileVault - Package Maven Plugin</name>
      <prefix>filevault-package</prefix>
      <artifactId>filevault-package-maven-plugin</artifactId>
    </plugin>
    <plugin>
      <name>filevault-package-maven-plugin</name>
      <artifactId>filevault-package-maven-plugin</artifactId>
    </plugin>
  </plugins>
</metadata>

This leads to an NPE when trying to deploy a new version with org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...):

Caused by: java.lang.NullPointerException
    at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:276)
    at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata (AbstractRepositoryMetadata.java:121)
    at org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository (AbstractRepositoryMetadata.java:67)
    at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge (MetadataBridge.java:65)
    at org.eclipse.aether.internal.impl.DefaultDeployer.upload (DefaultDeployer.java:433)
    at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:321)
    at org.eclipse.aether.internal.impl.DefaultDeployer.deploy (DefaultDeployer.java:213)
    at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy (DefaultRepositorySystem.java:386)
    at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy (DefaultArtifactDeployer.java:142)

Although this happened in the context of using "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8" (issue https://issues.sonatype.org/browse/NEXUS-30749 opened, exported to NEXUS-30749 - Broken groupId metadata and follow-up NPE during org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp - Sonatype JIRA.pdf ), the affected code is in Maven.

The metadata is probably invalid but the Metadata class should be more robust when trying to do the merge in https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100 and just ignore all plugin entries without all mandatory elements.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

NEXUS-30749 - Broken groupId metadata and follow-up NPE during org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp - Sonatype JIRA.pdf
02/Jan/22 08:27
176 kB
Konrad Windszus

Issue Links

is broken by

MPLUGIN-377 Drop use of legacy APIs

Closed

is related to

JCRVLT-579 CI/CD: Snapshot deployment fails with NPE

Resolved

MNG-7418 Incorrect merging of snapshot versions in o.a.m.artifact.repository.metadata.Metadata.merge(...)

Closed

MNG-8121 NullPointerException at org.apache.maven.artifact.repository.metadata.Metadata.merge (Metadata.java:293)

Closed

MPLUGIN-384 Nexus Staging Plugin - incompatibility

Closed

MNG-7385 Improve documentation on repository metadata

Closed

relates to

MNG-7055 Using MINSTALL/DEPLOY 3.0.0-M1+ does not write plugin information into maven-metadata.xml

Closed

links to

GitHub Pull Request #645

NEXUS-30749

(1 is related to, 1 relates to, 3 links to)

Activity

People

Assignee:: Unassigned

Reporter:: Konrad Windszus

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 27/Dec/21 10:19

Updated:: 20/Jul/24 17:49