Hi
This is what grok ai (free version) suggests
The error you're seeing occurs during the **close** operation of a Nexus
staging repository (typically when preparing to release to Maven Central
via Sonatype OSSRH or your own Nexus instance with Central Sync rules
enabled).
### What the Error Means
- The rule `no-traversal-paths-in-archive-file` is a security validation
enforced by Sonatype (both in their public OSSRH staging and in Nexus
instances with Central Sync enabled).
- It scans every archive (JAR, sources JAR, javadoc JAR, etc.) in the
staging repository for **insecure paths** that could enable path traversal
attacks (e.g., paths containing `../` or absolute paths like `/etc/passwd`).
- If such a path is detected, Nexus aborts the walk through the repository,
resulting in the `WalkerException` and the message **"Archives must not
contain insecure paths"**.
The `Unknown mode. Full: 5543562b Masked: 5000` part is an internal Java
`FileAttributes` or `PosixFilePermissions` parsing error that sometimes
appears when the walker encounters a problematic file during the scan
(often related to corrupted or unusual file metadata).
### Common Causes
The most frequent reasons for this failure are:
1. **Path traversal in archive entries** (the classic case):
- Files inside a JAR with names like `../../some/file.txt`, `../..`, or
absolute paths.
- This often happens when build scripts (e.g., Gradle, Maven assembly,
or custom packaging) accidentally include files from outside the project
directory.
2. **Special characters or invalid Unicode in file names**:
- Non-ASCII characters, emoji, or malformed Unicode in class/file names
inside the JAR (e.g., Greek letters, symbols).
- This can cause `java.nio.file.InvalidPathException` during the scan.
3. **Corrupted or malformed JARs**:
- Broken checksums, zero-byte files, or archives that Nexus can't fully
read.
4. **Recently introduced stricter validation**:
- Sonatype tightened the rule around 2024, so artifacts that previously
passed now fail even if they haven't changed.
### How to Fix It
1. **Identify the offending archive**:
- In the Nexus UI, go to the staging repository → Staging Repositories →
select your repo → **Preview** (or **Close** again) → look at the detailed
failure report.
- It usually lists the exact artifact (e.g.,
`your-artifact-1.0-sources.jar`) and the bad path(s) (e.g.,
`../../some/file` or a Unicode filename).
2. **Fix the problematic archive**:
- If it's path traversal (`../` or absolute paths):
- Review your build configuration (Maven assembly plugin, Gradle jar
task, etc.) to ensure no files are copied from parent directories.
- Common culprits: scripts, resources, or test files placed outside
`src/main`/`src/test` and then included with relative paths.
- If it's invalid Unicode characters:
- Rename the offending files/classes to use only ASCII characters.
- Rebuild the affected JAR(s).
- After fixing, re-deploy the corrected artifacts to the same staging
repository (or drop and recreate the staging repo).
3. **Re-close the staging repository**:
- Once the bad paths are removed, the close operation should succeed.
4. **If you can't find the bad path**:
- Download the failing JAR from the staging repo and inspect its
contents with `jar tvf your-artifact.jar` or unzip it.
- If the JAR is corrupted, rebuild it cleanly.
### Prevention
- Use tools like `zipinfo` or `unzip -l` on JARs before deploying.
- For Maven Central releases, always test the staging close locally or in a
dev Nexus instance with the same Central Sync rules enabled.
- Keep your Nexus version up to date (the walker code has improved handling
in newer releases).
This is a very common issue when releasing to Maven Central, and fixing the
bad path(s) in the archive(s) always resolves it. If you share the exact
artifact name and the bad path(s) from the failure report, I can help
pinpoint the cause more precisely.
On Thu, Dec 11, 2025 at 10:24 PM Claus Ibsen <[email protected]> wrote:
> Hi
>
> And is that all the log / error information there is? That is not very
> much to go after.
>
> On Thu, Dec 11, 2025 at 10:09 PM Gregor Zurowski <[email protected]>
> wrote:
>
>> Hi Everyone:
>>
>> I have built the Camel 4.14.3 release candidate, but I am getting the
>> following error when attempting to close the staging repository in
>> Nexus:
>>
>> ```
>> Event: Failed: Archives must not contain insecure paths
>>
>> typeId no-traversal-paths-in-archive-file
>> failureMessage Rule evaluation unexpectedly failed:
>> org.sonatype.nexus.proxy.walker.WalkerException: Aborted walking on
>> repository ID='orgapachecamel-1911' from path='/'.
>> x.x.causedBy.1 java.lang.IllegalArgumentException: Unknown mode. Full:
>> 5543562b Masked: 5000
>> x.x.causedBy.0 org.sonatype.nexus.proxy.walker.WalkerException:
>> Aborted walking on repository ID='orgapachecamel-1911' from path='/'.
>> ```
>>
>> Any ideas what might be causing this?
>>
>> Thanks in advance,
>> Gregor
>>
>
>
> --
> Claus Ibsen
>
--
Claus Ibsen
