Access to the Central Repository has been temporarily blocked despite being up to date


#1

I have upgraded my Nexus Repository to the latest version (3.16.2-01) due to the botnet exploitation, but i still get the following message when i try to read/download a pom:

Error:

Access to the Central Repository has been temporarily blocked
You've been identified as running a version of Nexus Repository Manager that is vulnerable to botnet exploitation

URL:

https://myhost/repository/mirror/io/projectreactor/kotlin/reactor-kotlin-extensions/1.0.0.M1/reactor-kotlin-extensions-1.0.0.M1.pom

What i’m missing ?


#2

There was a brief misconfiguration in Maven Central which caused it to return that error page with a 200 response. If the “strict content validation” setting was not enabled in your Maven Central proxy repository then this error page would have been cached as content. Just delete the invalid file from you proxy repository to fix this.

Rich


#3

I went to my maven-central proxy repository and removed the invalid pom and my build worked.

I was expecting it to be downloaded and cached again after the first request but the file is still unavailable for browsing and accessing the old url give a 404.

Anyway, thank you for your help! I will investigate this new… “problem”.


#4

The file was never on the remote, it’s just that a request to it came into the proxy repository, and the remote responded with a 200 response and HTML content. The strict content validation feature should have prevented this from getting cached. Was that disabled? In any case, it is expected that it won’t come back.

Regards,

Rich