Importing maven pom XML that's not UTF-8 encoded creates broken package #11214

New Issue

Closed

opened 2025-11-02 09:31:03 -06:00 by GiteaMirror · 1 comment

GiteaMirror commented 2025-11-02 09:31:03 -06:00

Owner

Copy Link

Originally created by @TobiX on GitHub (Jul 12, 2023).

Description

When trying to mirror some old packages into a maven repository, we ran into an error when trying to upload ISO-8859-1-encoded pom XML files:

2023/07/10 16:54:52 ...kages/maven/maven.go:328:UploadPackageFile() [E] [64ac1bbc-4] Error parsing package metadata: xml: encoding "ISO-8859-1" declared but Decoder.CharsetReader is nil

While this will probably not happen with modern Maven versions, one might run into this problem when trying to cache/host old artifacts inside Gitea.

To Reproduce

1. Get commons-jxpath-1.3 jar and pom from https://repo1.maven.org/maven2/commons-jxpath/commons-jxpath/1.3/
2. Try to deploy to Gitea: mvn deploy:deploy-file -Dfile=commons-jxpath-1.3.jar -DrepositoryId=gitea -Durl=https://try.gitea.io/api/packages/encoding/maven -DpomFile=commons-jxpath-1.3.pom
3. Receive 500 Internal Server Error (https://gist.github.com/TobiX/08ba809cb6d27df8aa5e85d0f3633b01)
4. Repository view is now also broken: https://try.gitea.io/encoding/-/packages/maven/commons-jxpath-commons-jxpath/1.3

Gitea Version

1.19.4

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

Git Version

2.39.2

Operating System

Debian 12 (bookworm)

How are you running Gitea?

• Downloaded from https://dl.gitea.com/gitea/1.19.4/
• Running with systemd, listening on a UNIX socket
• Caddy as reverse proxy

Database

PostgreSQL

Originally created by @TobiX on GitHub (Jul 12, 2023). ### Description When trying to mirror some old packages into a maven repository, we ran into an error when trying to upload ISO-8859-1-encoded pom XML files: ``` 2023/07/10 16:54:52 ...kages/maven/maven.go:328:UploadPackageFile() [E] [64ac1bbc-4] Error parsing package metadata: xml: encoding "ISO-8859-1" declared but Decoder.CharsetReader is nil ``` While this will probably not happen with modern Maven versions, one might run into this problem when trying to cache/host old artifacts inside Gitea. ## To Reproduce 1. Get commons-jxpath-1.3 jar and pom from https://repo1.maven.org/maven2/commons-jxpath/commons-jxpath/1.3/ 2. Try to deploy to Gitea: `mvn deploy:deploy-file -Dfile=commons-jxpath-1.3.jar -DrepositoryId=gitea -Durl=https://try.gitea.io/api/packages/encoding/maven -DpomFile=commons-jxpath-1.3.pom` 3. Receive `500 Internal Server Error` (https://gist.github.com/TobiX/08ba809cb6d27df8aa5e85d0f3633b01) 4. Repository view is now also broken: https://try.gitea.io/encoding/-/packages/maven/commons-jxpath-commons-jxpath/1.3 ### Gitea Version 1.19.4 ### Can you reproduce the bug on the Gitea demo site? Yes ### Log Gist _No response_ ### Screenshots  ### Git Version 2.39.2 ### Operating System Debian 12 (bookworm) ### How are you running Gitea? - Downloaded from https://dl.gitea.com/gitea/1.19.4/ - Running with systemd, listening on a UNIX socket - Caddy as reverse proxy ### Database PostgreSQL

GiteaMirror added the topic/packagestype/bug labels 2025-11-02 09:31:03 -06:00

GiteaMirror closed this issue 2025-11-02 09:31:03 -06:00

GiteaMirror commented 2025-11-02 09:31:04 -06:00

Author

Owner

Copy Link

@KN4CK3R commented on GitHub (Jul 13, 2023):

Thank you for the report. Fixed in #25873. To get rid of the 500 error you have to delete the package. Visit the package url + /settings to delete it or use the admin panel.

@KN4CK3R commented on GitHub (Jul 13, 2023): Thank you for the report. Fixed in #25873. To get rid of the 500 error you have to delete the package. Visit the package url + `/settings` to delete it or use the admin panel.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label topic/packages type/bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#11214