Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Component/s: artifact-manager-s3-plugin
Labels:
- issue-exported-to-github
Environment:

Hide
Jenkins 2.504.3 running in Docker on Debian 12 using the official jenkins/jenkins:2.504.3-lts image accessed through Traefik reverse proxy to handle HTTPS
S3 backend - MinIO running in Docker (quay.io/minio/minio:RELEASE.2025-04-22T22-12-26Z) accessed through Traefik reverse proxy to handle HTTPS

Jenkins: 2.504.3
OS: Linux - 6.1.0-37-amd64
Java: 21.0.7 - Eclipse Adoptium (OpenJDK 64-Bit Server VM)
---
ArtifactoryArtifactManager:1.3.1
Office-365-Connector:5.1.0
ace-editor:1.1
active-directory:2.40
analysis-model-api:13.7.0
ant:513.vde9e7b_a_0da_0f
antisamy-markup-formatter:173.v680e3a_b_69ff3
apache-httpcomponents-client-4-api:4.5.14-269.vfa_2321039a_83
apache-httpcomponents-client-5-api:5.5-150.veb_76e719855b_
artifact-manager-s3:949.v2567c4c52d79
artifactory:4.0.8
asm-api:9.8-163.vb_2a_96d3f9c3c
authentication-tokens:1.131.v7199556c3004
aws-credentials:248.v78a_dcfc9db_ff
aws-global-configuration:146.vfcec61593eea_
aws-java-sdk-ec2:1.12.780-480.v4a_0819121a_9e
aws-java-sdk-minimal:1.12.780-480.v4a_0819121a_9e
aws-java-sdk2-core:2.31.63-54.vcf1e5a_c56c49
aws-java-sdk2-ec2:2.31.63-54.vcf1e5a_c56c49
aws-java-sdk2-s3:2.31.63-54.vcf1e5a_c56c49
blueocean:1.27.21
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.27.21
blueocean-commons:1.27.21
blueocean-config:1.27.21
blueocean-core-js:1.27.21
blueocean-dashboard:1.27.21
blueocean-display-url:2.4.4
blueocean-events:1.27.21
blueocean-git-pipeline:1.27.21
blueocean-github-pipeline:1.27.21
blueocean-i18n:1.27.21
blueocean-jira:1.27.21
blueocean-jwt:1.27.21
blueocean-personalization:1.27.21
blueocean-pipeline-api-impl:1.27.21
blueocean-pipeline-editor:1.27.21
blueocean-pipeline-scm-api:1.27.21
blueocean-rest:1.27.21
blueocean-rest-impl:1.27.21
blueocean-web:1.27.21
bootstrap5-api:5.3.7-1
bouncycastle-api:2.30.1.80-261.v00c0e2618ec3
branch-api:2.1235.v04e86c7ce54c
build-monitor-plugin:1.14-985.v7b_f37b_3d0b_f5
build-timeout:1.38
build-timestamp:1.1.0
built-on-column:1.5
caffeine-api:3.2.2-178.v353b_8428ed56
checks-api:373.vfe7645102093
cloud-stats:377.vd8a_6c953e98e
cloudbees-bitbucket-branch-source:936.4.4
cloudbees-folder:6.1036.vb_94fd035b_287
command-launcher:123.v37cfdc92ef67
commons-collections4-api:4.5.0-8.va_d5448ef9011
commons-compress-api:1.27.1-3
commons-lang3-api:3.18.0-98.v3a_674c06072d
commons-text-api:1.14.0-194.v804a_dc3a_1b_d8
conditional-buildstep:1.5.0
config-file-provider:988.v0461fcc2b_9d1
copyartifact:770.va_6c69e063442
credentials:1419.v2337d1ceceef
credentials-binding:702.vfe613e537e88
dashboard-view:2.537.v5132851f6ca_f
data-tables-api:2.3.2-3
display-url-api:2.209.v582ed814ff2f
docker-commons:457.v0f62a_94f11a_3
docker-java-api:3.5.2-119.v54c784c71fa_3
docker-plugin:1274.vc0203fdf2e74
docker-workflow:621.va_73f881d9232
doxygen:178.v6ea_ef5f7dfdb
dtkit-api:3.0.3
durable-task:595.ve87b_f1318d67
echarts-api:5.6.0-5
eddsa-api:0.3.0.1-19.vc432d923e5ee
email-ext:1922.v5c93c9e80a_f9
envinject:2.926.v69c9b_3896a_96
envinject-api:1.235.va_14c74f8f487
external-monitor-job:223.vb_fddcf42c9b_3
favorite:2.237.v79163ca_8b_892
file-operations:353.vf3b_9b_a_f1f7f7
font-awesome-api:7.0.0-1
forensics-api:3.1.0
git:5.7.0
git-changelog:3.45
git-client:6.2.0
git-server:137.ve0060b_432302
github:1.44.0
github-api:1.321-488.v9b_c0da_9533f8
github-branch-source:1833.v77b_6542df5a_8
gitlab-api:5.6.0-100.v83f8f4b_f1129
gitlab-oauth:1.22
gitlab-plugin:1.9.8
gradle:2.15
gson-api:2.13.1-153.vb_3d0c48a_a_b_4a_
handlebars:1.1.1
handy-uri-templates-2-api:2.1.8-36.v85e4cb_234a_13
htmlpublisher:427
hudson-pview-plugin:1.8
influxdb:5.0
instance-identity:203.v15e81a_1b_7a_38
ionicons-api:88.va_4187cb_eddf1
ivy:582.v35fb_da_0312f7
jackson2-api:2.19.2-408.v18248a_324cfe
jakarta-activation-api:2.1.3-2
jakarta-mail-api:2.1.3-2
javadoc:327.vdfe586651ee0
javax-activation-api:1.2.0-8
javax-mail-api:1.6.2-11
jaxb:2.3.9-133.vb_ec76a_73f706
jdk-tool:83.v417146707a_3d
jenkins-design-language:1.27.21
jenkins-webterminal:1.2
jersey2-api:2.47-165.ve7809a_3e87e0
jira:3.18
jjwt-api:0.11.5-120.v0268cf544b_89
jobConfigHistory:1343.v4b_e819a_ecdc2
joda-time-api:2.14.0-149.v1c3ce991d1b_9
jquery-detached:1.2.1
jquery3-api:3.7.1-3
jsch:0.2.16-95.v3eecb_55fa_b_78
json-api:20250517-163.v1c5da_e99c775
json-path-api:2.9.0-178.vca_b_c71881321
jsoup:1.21.1-58.vfc578e6e2610
junit:1335.v6b_a_a_e18534e1
ldap:780.vcb_33c9a_e4332
lockable-resources:1408.vb_7d1f371781d
log-parser:2.5.0
mailer:509.vc54d23fc427e
mapdb-api:1.0.9-44.va_1e1310c9118
matrix-auth:3.2.6
matrix-project:849.v0cd64ed7e531
maven-plugin:3.26
mercurial:1309.v6802b_f0efb_b_9
mina-sshd-api-common:2.15.0-161.vb_200831a_c15b_
mina-sshd-api-core:2.15.0-161.vb_200831a_c15b_
modernstatus:1.3
momentjs:1.1.1
msbuild:1.37
nested-view:241.v178f0b_a_cd76a_
next-build-number:66.v4b_4762172d53
nodejs:1.6.5
nomad:0.10.0
okhttp-api:4.11.0-189.v976fa_d3379d6
oss-symbols-api:390.va_22c30a_b_23a_2
pam-auth:1.12
parameterized-trigger:859.vb_e3907a_07a_16
pipeline-build-step:571.v08a_fffd4b_0ce
pipeline-github-lib:65.v203688e7727e
pipeline-graph-analysis:241.vc3d48fb_b_2582
pipeline-groovy-lib:752.vdddedf804e72
pipeline-input-step:532.v9e7466cb_4406
pipeline-milestone-step:138.v78ca_76831a_43
pipeline-model-api:2.2258.v4e96d2b_da_f9b_
pipeline-model-definition:2.2258.v4e96d2b_da_f9b_
pipeline-model-extensions:2.2258.v4e96d2b_da_f9b_
pipeline-multibranch-defaults:2.1
pipeline-rest-api:2.38
pipeline-stage-step:322.vecffa_99f371c
pipeline-stage-tags-metadata:2.2258.v4e96d2b_da_f9b_
pipeline-stage-view:2.38
pipeline-utility-steps:2.19.0
plain-credentials:199.v9f8e1f741799
plugin-usage-plugin:4.10
plugin-util-api:6.1.0
postbuild-task:78.v24529f1f5cdb_
powershell:2.3
prism-api:1.30.0-1
pubsub-light:1.19
release:2.19
resource-disposer:0.25
run-condition:243.v3c3f94e46a_8b_
scm-api:707.v749f968369d4
script-security:1373.vb_b_4a_a_c26fa_00
short-workspace-path:0.3
simple-theme-plugin:211.v5424a_5510e47
snakeyaml-api:2.3-125.v4d77857a_b_402
sse-gateway:1.28
ssh-credentials:359.v2191c4cf635f
ssh-slaves:3.1071.v0d059c7b_c555
sshd:3.372.v5d04a_e92d8cf
structs:350.v3b_30f09f2363
subversion:1287.vd2d507146906
test-results-analyzer:309.vda_3a_a_f100542
text-finder:1.32
throttle-concurrents:2.16
timestamper:1.30
token-macro:444.v52de7e9c573d
trilead-api:2.209.v0e69b_c43c245
variant:70.va_d9f17f859e0
view-job-filters:401.va_809f6a_b_0c26
warnings-ng:12.8.0
workflow-aggregator:608.v67378e9d3db_1
workflow-api:1380.ve03e7a_63d139
workflow-basic-steps:1079.vce64b_a_929c5a_
workflow-cps:4169.vb_7e492a_1c7b_e
workflow-durable-task-step:1442.vb_a_b_f5f3da_9f9
workflow-job:1540.v295eccc9778f
workflow-multibranch:810.v6b_6e77da_7058
workflow-scm-step:437.v05a_f66b_e5ef8
workflow-step-api:704.ve4f0967e98fa_
workflow-support:968.v8f17397e87b_8
ws-cleanup:0.48
xunit:3.1.5

Show
Jenkins 2.504.3 running in Docker on Debian 12 using the official jenkins/jenkins:2.504.3-lts image accessed through Traefik reverse proxy to handle HTTPS S3 backend - MinIO running in Docker (quay.io/minio/minio:RELEASE.2025-04-22T22-12-26Z) accessed through Traefik reverse proxy to handle HTTPS Jenkins: 2.504.3 OS: Linux - 6.1.0-37-amd64 Java: 21.0.7 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- ArtifactoryArtifactManager:1.3.1 Office-365-Connector:5.1.0 ace-editor:1.1 active-directory:2.40 analysis-model-api:13.7.0 ant:513.vde9e7b_a_0da_0f antisamy-markup-formatter:173.v680e3a_b_69ff3 apache-httpcomponents-client-4-api:4.5.14-269.vfa_2321039a_83 apache-httpcomponents-client-5-api:5.5-150.veb_76e719855b_ artifact-manager-s3:949.v2567c4c52d79 artifactory:4.0.8 asm-api:9.8-163.vb_2a_96d3f9c3c authentication-tokens:1.131.v7199556c3004 aws-credentials:248.v78a_dcfc9db_ff aws-global-configuration:146.vfcec61593eea_ aws-java-sdk-ec2:1.12.780-480.v4a_0819121a_9e aws-java-sdk-minimal:1.12.780-480.v4a_0819121a_9e aws-java-sdk2-core:2.31.63-54.vcf1e5a_c56c49 aws-java-sdk2-ec2:2.31.63-54.vcf1e5a_c56c49 aws-java-sdk2-s3:2.31.63-54.vcf1e5a_c56c49 blueocean:1.27.21 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.27.21 blueocean-commons:1.27.21 blueocean-config:1.27.21 blueocean-core-js:1.27.21 blueocean-dashboard:1.27.21 blueocean-display-url:2.4.4 blueocean-events:1.27.21 blueocean-git-pipeline:1.27.21 blueocean-github-pipeline:1.27.21 blueocean-i18n:1.27.21 blueocean-jira:1.27.21 blueocean-jwt:1.27.21 blueocean-personalization:1.27.21 blueocean-pipeline-api-impl:1.27.21 blueocean-pipeline-editor:1.27.21 blueocean-pipeline-scm-api:1.27.21 blueocean-rest:1.27.21 blueocean-rest-impl:1.27.21 blueocean-web:1.27.21 bootstrap5-api:5.3.7-1 bouncycastle-api:2.30.1.80-261.v00c0e2618ec3 branch-api:2.1235.v04e86c7ce54c build-monitor-plugin:1.14-985.v7b_f37b_3d0b_f5 build-timeout:1.38 build-timestamp:1.1.0 built-on-column:1.5 caffeine-api:3.2.2-178.v353b_8428ed56 checks-api:373.vfe7645102093 cloud-stats:377.vd8a_6c953e98e cloudbees-bitbucket-branch-source:936.4.4 cloudbees-folder:6.1036.vb_94fd035b_287 command-launcher:123.v37cfdc92ef67 commons-collections4-api:4.5.0-8.va_d5448ef9011 commons-compress-api:1.27.1-3 commons-lang3-api:3.18.0-98.v3a_674c06072d commons-text-api:1.14.0-194.v804a_dc3a_1b_d8 conditional-buildstep:1.5.0 config-file-provider:988.v0461fcc2b_9d1 copyartifact:770.va_6c69e063442 credentials:1419.v2337d1ceceef credentials-binding:702.vfe613e537e88 dashboard-view:2.537.v5132851f6ca_f data-tables-api:2.3.2-3 display-url-api:2.209.v582ed814ff2f docker-commons:457.v0f62a_94f11a_3 docker-java-api:3.5.2-119.v54c784c71fa_3 docker-plugin:1274.vc0203fdf2e74 docker-workflow:621.va_73f881d9232 doxygen:178.v6ea_ef5f7dfdb dtkit-api:3.0.3 durable-task:595.ve87b_f1318d67 echarts-api:5.6.0-5 eddsa-api:0.3.0.1-19.vc432d923e5ee email-ext:1922.v5c93c9e80a_f9 envinject:2.926.v69c9b_3896a_96 envinject-api:1.235.va_14c74f8f487 external-monitor-job:223.vb_fddcf42c9b_3 favorite:2.237.v79163ca_8b_892 file-operations:353.vf3b_9b_a_f1f7f7 font-awesome-api:7.0.0-1 forensics-api:3.1.0 git:5.7.0 git-changelog:3.45 git-client:6.2.0 git-server:137.ve0060b_432302 github:1.44.0 github-api:1.321-488.v9b_c0da_9533f8 github-branch-source:1833.v77b_6542df5a_8 gitlab-api:5.6.0-100.v83f8f4b_f1129 gitlab-oauth:1.22 gitlab-plugin:1.9.8 gradle:2.15 gson-api:2.13.1-153.vb_3d0c48a_a_b_4a_ handlebars:1.1.1 handy-uri-templates-2-api:2.1.8-36.v85e4cb_234a_13 htmlpublisher:427 hudson-pview-plugin:1.8 influxdb:5.0 instance-identity:203.v15e81a_1b_7a_38 ionicons-api:88.va_4187cb_eddf1 ivy:582.v35fb_da_0312f7 jackson2-api:2.19.2-408.v18248a_324cfe jakarta-activation-api:2.1.3-2 jakarta-mail-api:2.1.3-2 javadoc:327.vdfe586651ee0 javax-activation-api:1.2.0-8 javax-mail-api:1.6.2-11 jaxb:2.3.9-133.vb_ec76a_73f706 jdk-tool:83.v417146707a_3d jenkins-design-language:1.27.21 jenkins-webterminal:1.2 jersey2-api:2.47-165.ve7809a_3e87e0 jira:3.18 jjwt-api:0.11.5-120.v0268cf544b_89 jobConfigHistory:1343.v4b_e819a_ecdc2 joda-time-api:2.14.0-149.v1c3ce991d1b_9 jquery-detached:1.2.1 jquery3-api:3.7.1-3 jsch:0.2.16-95.v3eecb_55fa_b_78 json-api:20250517-163.v1c5da_e99c775 json-path-api:2.9.0-178.vca_b_c71881321 jsoup:1.21.1-58.vfc578e6e2610 junit:1335.v6b_a_a_e18534e1 ldap:780.vcb_33c9a_e4332 lockable-resources:1408.vb_7d1f371781d log-parser:2.5.0 mailer:509.vc54d23fc427e mapdb-api:1.0.9-44.va_1e1310c9118 matrix-auth:3.2.6 matrix-project:849.v0cd64ed7e531 maven-plugin:3.26 mercurial:1309.v6802b_f0efb_b_9 mina-sshd-api-common:2.15.0-161.vb_200831a_c15b_ mina-sshd-api-core:2.15.0-161.vb_200831a_c15b_ modernstatus:1.3 momentjs:1.1.1 msbuild:1.37 nested-view:241.v178f0b_a_cd76a_ next-build-number:66.v4b_4762172d53 nodejs:1.6.5 nomad:0.10.0 okhttp-api:4.11.0-189.v976fa_d3379d6 oss-symbols-api:390.va_22c30a_b_23a_2 pam-auth:1.12 parameterized-trigger:859.vb_e3907a_07a_16 pipeline-build-step:571.v08a_fffd4b_0ce pipeline-github-lib:65.v203688e7727e pipeline-graph-analysis:241.vc3d48fb_b_2582 pipeline-groovy-lib:752.vdddedf804e72 pipeline-input-step:532.v9e7466cb_4406 pipeline-milestone-step:138.v78ca_76831a_43 pipeline-model-api:2.2258.v4e96d2b_da_f9b_ pipeline-model-definition:2.2258.v4e96d2b_da_f9b_ pipeline-model-extensions:2.2258.v4e96d2b_da_f9b_ pipeline-multibranch-defaults:2.1 pipeline-rest-api:2.38 pipeline-stage-step:322.vecffa_99f371c pipeline-stage-tags-metadata:2.2258.v4e96d2b_da_f9b_ pipeline-stage-view:2.38 pipeline-utility-steps:2.19.0 plain-credentials:199.v9f8e1f741799 plugin-usage-plugin:4.10 plugin-util-api:6.1.0 postbuild-task:78.v24529f1f5cdb_ powershell:2.3 prism-api:1.30.0-1 pubsub-light:1.19 release:2.19 resource-disposer:0.25 run-condition:243.v3c3f94e46a_8b_ scm-api:707.v749f968369d4 script-security:1373.vb_b_4a_a_c26fa_00 short-workspace-path:0.3 simple-theme-plugin:211.v5424a_5510e47 snakeyaml-api:2.3-125.v4d77857a_b_402 sse-gateway:1.28 ssh-credentials:359.v2191c4cf635f ssh-slaves:3.1071.v0d059c7b_c555 sshd:3.372.v5d04a_e92d8cf structs:350.v3b_30f09f2363 subversion:1287.vd2d507146906 test-results-analyzer:309.vda_3a_a_f100542 text-finder:1.32 throttle-concurrents:2.16 timestamper:1.30 token-macro:444.v52de7e9c573d trilead-api:2.209.v0e69b_c43c245 variant:70.va_d9f17f859e0 view-job-filters:401.va_809f6a_b_0c26 warnings-ng:12.8.0 workflow-aggregator:608.v67378e9d3db_1 workflow-api:1380.ve03e7a_63d139 workflow-basic-steps:1079.vce64b_a_929c5a_ workflow-cps:4169.vb_7e492a_1c7b_e workflow-durable-task-step:1442.vb_a_b_f5f3da_9f9 workflow-job:1540.v295eccc9778f workflow-multibranch:810.v6b_6e77da_7058 workflow-scm-step:437.v05a_f66b_e5ef8 workflow-step-api:704.ve4f0967e98fa_ workflow-support:968.v8f17397e87b_8 ws-cleanup:0.48 xunit:3.1.5

When downloading some files where the file extension is .pkg (e.g. artifact.pkg) but the file is downloaded with a .zip extension. The files in question, when uploaded by Jenkins, are stored with the metadata Content-Type application/zip. Other files with different MIME types are unaffected. This only appears to be an issue when downloaded using the magic link generated by Jenkins (with a short lived token), not when downloaded from MinIO without the additional magic link (or through the web console).

For e.g.:
https://minio-api.domain.com/jenkins-builds/5/artifact.pkg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20250731T183125Z&X-Amz-SignedHeaders=host&X-Amz-Credential=----------~~E7P15%2F20250731%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=3600&X-Amz-Signature=3c295c792518c9440cb0a4e3544055~~-----------------------
results in artifact.zip being downloaded

https://minio-api.domain.com/jenkins-builds/5/artifact.pkg results in artifact.pkg being downloaded

(Actual URLs obfuscated, secrets partially obfuscated with dashes)

In our case an easy mitigation would be be to let us specify anonymous download in Artifact Manager settings, letting users download the artifacts anonymously without creating a massive link with embedded credentials, however, this wouldn't fix the root cause.

Assignee:: Unassigned
Reporter:: Abhayraj

Created:: 2025-08-05 20:10
Updated:: 2025-12-02 20:35
Archived:: 2025-12-02 20:35

Details

Description

Attachments

Activity

People

Dates