In an url path segment space is mapped to + The repo manager should be blocking those... likely not doing it’s job.
We probably should also barf on : in a version. There is validation on artifactId and groupId when last I checked On Tue 9 Jan 2018 at 09:59, Andreas Sewe <s...@st.informatik.tu-darmstadt.de> wrote: > Hi Maven developers, > > doing a large-scale analysis of Maven Central, I've come across a couple > of "weird" GAVs like this one: groupId=com.knappsack, > artifactId=swagger4spring-web, version=mvn+release:perform [1]. > > The colon in the version raises the question as to the allowed > characters in the different components of a GAV. AFAICT, a colon in the > version is at least rejected by the > org.eclipse.aether.artifact.DefaultArtifact(String) constructor, so that > seems to be illegal, but DefaultModelValidator doesn't complain. Also, > querying the index of Central returns an > org.apache.maven.index.ArtifactInfo with a version of > "mvn+release:perform" just fine. > > What's the best way to handle this? > > Should every plug-in that consumes, say, a Maven Index sanitize the > results? > > Or should this be handled upstream in the repository manager? (Note that > the POM of [1] has a <version> of "mvn release:perform", but the > ArtifactInfo's version is "mvn+release:perform", so some sanitation has > already happened somewhere, probably in Nexus.) > > Best wishes, > > Andreas > > [1] > < > http://search.maven.org/#artifactdetails%7Ccom.knappsack%7Cswagger4spring-web%7Cmvn%2Brelease%3Aperform%7Cjar > > > > -- Sent from my phone
