Details
-
Bug
-
Resolution: Fixed
-
Major
-
3.37.3, 3.38.1, 3.41.0, 3.40.1
-
3
-
NXRM Immortals Sprint 39, NXRM Immortals Sprint 40
-
3
-
non-concept
-
2
Description
Configure a nuget.org v3 proxy repository in Nexus Repo 3.37.3 running new DB (h2 or postgres). Enable audit and quarantine on it. Configure firewall policies to fail for security-critical, security-high, and security-medium. Add this proxy repository to a nuget group repository.
Request this package through it:
/repository/nuget-groupl/v3/content/log4net/2.0.3/log4net.2.0.3.nupkg
This will fail with a 404.
The logs show:
2022-02-10 08:46:06,188-0600 INFO [qtp1852501519-676] admin com.sonatype.nexus.clm.internal.datastore.FirewallContributedHandler - Blocked serving of quarantined asset nuget.org-proxy:/log4net/2.0.3 because quarantineStatus=DENY
{quotew}Expected: This is a regression, the group should return a 403 not a 404.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- relates
-
-
- Closed
-
