You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Hudson (Jira)" <ji...@apache.org> on 2022/06/16 16:09:00 UTC
[jira] [Commented] (MASSEMBLY-580) dependencySet ignores directoryMode descriptor
[ https://issues.apache.org/jira/browse/MASSEMBLY-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17555169#comment-17555169 ]
Hudson commented on MASSEMBLY-580:
----------------------------------
Build succeeded in Jenkins: Maven » Maven TLP » maven-assembly-plugin » master #14
See https://ci-maven.apache.org/job/Maven/job/maven-box/job/maven-assembly-plugin/job/master/14/
> dependencySet ignores directoryMode descriptor
> ----------------------------------------------
>
> Key: MASSEMBLY-580
> URL: https://issues.apache.org/jira/browse/MASSEMBLY-580
> Project: Maven Assembly Plugin
> Issue Type: Bug
> Components: dependencySet
> Affects Versions: 2.2.1
> Reporter: Johno Crawford
> Assignee: Kristian Rosenvold
> Priority: Major
> Fix For: 2.5.2
>
> Attachments: directoryModeIgnored.zip
>
>
> Despite having set the directoryMode for the dependencySet the permissions are ignored and the folder is set to 777 which poses as a possible security risk. Please find attached project which can be used to create the test zip containing the folder with incorrect permissions.
> {noformat}
> $ unzip project-deploy.zip
> Archive: project-deploy.zip
> creating: webapps/
> inflating: webapps/commons-fileupload.jar
> $ ls -lah
> total 92K
> drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:26 .
> drwxr-xr-x 4 johno sulake 4.0K Oct 27 20:25 ..
> drwxr-xr-x 2 johno sulake 4.0K Oct 27 20:25 archive-tmp
> -rw-r--r-- 1 johno sulake 51K Oct 27 20:25 project-deploy.zip
> drwxrwxrwx 2 johno sulake 4.0K Oct 27 20:25 webapps
> {noformat}
> Thanks in advance!
--
This message was sent by Atlassian Jira
(v8.20.7#820007)