Details
Description
Nexus 3.8.0 gets an NPE when merging GAV level maven-metadata.xml files from non-timestamped snapshot deploys.
Example maven-metadata.xml file:
<?xml version="1.0" encoding="UTF-8"?> <metadata> <groupId>org.sonatype</groupId> <artifactId>project</artifactId> <version>1.1.5-SNAPSHOT</version> <versioning> <snapshot> <buildNumber>1</buildNumber> </snapshot> <lastUpdated>20180227155805</lastUpdated> </versioning> </metadata>
When this file is merged with another repository's maven-metadata.xml file at the group level you get an NPE, and a 500 response:
2018-02-27 10:04:10,600-0600 WARN [qtp335821775-167] admin org.sonatype.nexus.repository.httpbridge.internal.ViewServlet - Failure servicing: GET /repository/maven-public/org/sonatype/project/1.1.5-SNAPSHOT/maven-metadata.xml java.lang.NullPointerException: null at org.sonatype.nexus.repository.maven.internal.group.RepositoryMetadataMerger.ts(RepositoryMetadataMerger.java:379) at org.sonatype.nexus.repository.maven.internal.group.RepositoryMetadataMerger.mergeVersioning(RepositoryMetadataMerger.java:337) at org.sonatype.nexus.repository.maven.internal.group.RepositoryMetadataMerger.merge(RepositoryMetadataMerger.java:264) at org.sonatype.nexus.repository.maven.internal.group.RepositoryMetadataMerger.merge(RepositoryMetadataMerger.java:191) at org.sonatype.nexus.repository.maven.internal.group.RepositoryMetadataMerger.merge(RepositoryMetadataMerger.java:87) at org.sonatype.nexus.repository.maven.internal.group.MavenGroupFacet.mergeAndCache(MavenGroupFacet.java:125) at org.sonatype.nexus.repository.maven.internal.group.MergingGroupHandler.doGet(MergingGroupHandler.java:98) at org.sonatype.nexus.repository.group.GroupHandler.handle(GroupHandler.java:81) at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) at org.sonatype.nexus.repository.storage.UnitOfWorkHandler.handle(UnitOfWorkHandler.java:39) at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) at org.sonatype.nexus.repository.view.handlers.ContentHeadersHandler.handle(ContentHeadersHandler.java:44) at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) at org.sonatype.nexus.repository.view.handlers.ConditionalRequestHandler.handle(ConditionalRequestHandler.java:72) at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) at org.sonatype.nexus.repository.view.handlers.ExceptionHandler.handle(ExceptionHandler.java:44) at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) at org.sonatype.nexus.repository.security.SecurityHandler.handle(SecurityHandler.java:52) at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:46) at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80) at org.sonatype.nexus.repository.view.Context.start(Context.java:114) at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:63) at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52) at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43) at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.dispatchAndSend(ViewServlet.java:211) at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.doService(ViewServlet.java:173) at org.sonatype.nexus.repository.httpbridge.internal.ViewServlet.service(ViewServlet.java:126) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
Reproduce Case: Create two snapshot repositories, put them in a group repository. Deploy a normal timestamped snapshot into the first one. For the second one, put "<uniqueVersion>false</uniqueVersion>" in the distributionManagement section in the pom file, and deploy using 2.2.1.
Then attempt to retreive the GAV level maven-metadata.xml file through the group repository.
Expected #1: Nexus should be able to handle files like these, there are still commonly used tools (Ivy) that can't deploy timestamped snapshots.
Expected #2: In the more general case, if Nexus encounters a maven-metadata.xml file it can't parse during merge it should log a warning, and ignore the bad file.