Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-25736

specially crafted inbound repository URLs can lead to outbound http connection pool starvation

    XMLWordPrintable

Details

    • Yes
    • 2
    • 2

    Description

      Specially crafted inbound HTTP requests to a repository can trigger outbound proxy repository org.apache.http.conn.ConnectionPoolTimeoutException: Timeout waiting for connection from pool checking remote for update messages. The result is since no new HTTP outbound connections can be retrieved from the outbound connection pool, no repository related outbound HTTP connections can be made for new or updated content.

      Mitigation

      NXRM admins should restart NXRM to mitigate the immediate pool leak.

      If you are a paid customer, contact Sonatype Support for help identifying the problematic requests that can trigger the leak.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-32408 "String index out of range: -1" errors on Repository Import

          • Major - Major loss of function.
          • New

          Activity

            People

              mallen Mick Allen
              plynch Peter Lynch
              Michael Oliverio Michael Oliverio
              NXRM - Groot
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                tigCommentSecurity.panel-title