The Docker - Delete unused manifests and images task will perform a database query to find all components ( docker manifests) that reference a given asset. If this query will select a large number of records, and exceeds 10000 records, there is a possibility that some manifests that do reference a layer asset will not be found. In this case NXRM will think a layer is not referenced and may incorrectly delete it.
Example of what one may see in the nexus.log indicating this could have happened:
docker pulls for previously working images may fail to find certain layers. Docker pull may show an error message to the user containing the message:
error pulling image configuration: unknown blob
If you have the Audit Log feature enabled, then the audit log should be able to prove what task actually deleted the affected layers. Find the entry in the audit log by grepping the audit log for the layer hash that is being reported missing.
Make the query this task performs more robust such that it will not accidentally delete referenced layers.
The issue was introduced in version 3.30.0.
If you have recently upgraded to an affected version with this bug, and are running the Docker - Delete unused manifests and images task, Sonatype recommends the task be disabled until you can upgrade to a version with the fix for this issue. Go to the task Settings page and uncheck the Task enabled checkbox and Save.