Skip Navigation
Resources Blog Disable redeployment in Sonatype Nexus Repository

Disable redeployment in Sonatype Nexus Repository

It's a fundamental tenet of Maven that release artifacts never change once they are released. This is enforced in Maven by the fact that once a release artifact or POM is located in the local repository, Maven will never check for an updated artifact in a remote repository. Once an artifact is released, it is considered a static, unchanging artifact. If you release an artifact and then subsequently change it (intentionally or otherwise), you're in for some fun as people will have different versions based on when they first retrieved it... that's a situation not exactly conducive to a repeatable, standard build. This blog post discusses a feature in Sonatype Nexus Repository 1.4 which can enforce this rule and help you avoid problems caused by the redeployment of release artifacts.

To illustrate this problem, consider a 1.0 build of your product that depends on foo-1.2.jar. It works great. Then you build 2.0 of your product which still depends on foo-1.2.jar. Since then, foo-1.2.jar was patched and now breaks your application. However the application still works for half of your developers because the original foo-1.2.jar is in their local repository and possibly proxied in another Sonatype Nexus Repository instance.

The solution is to release a new version foo-1.2.1.jar. (i.e., foo-1.2.2.jar or foo-1.2.1.1-jar), but that alone isn't enough. You want to make sure that you are using a repository manager that prevents someone from updating a release artifact once it has been published.

It has always been possible to stop people from doing this in Sonatype Nexus Repository, but the solution was difficult to explain. In the 1.4 release, we have reworked and simplified the interface to encourage this best practice.

To disable redeployment, edit your repository and set the 'Deployment Policy' field to 'Disable Redeploy' then click save.

Upgrading from a previous version of Sonatype Nexus Repository 1.4.0 will set this field to 'Allow Redeploy', so no existing repositories will be changed and the behavior matches previous releases. However the default value when creating a new repository is now 'Disable Redeploy.'

When you use Sonatype Nexus Repository, you are not just using a capable repository manager, you are adopting the best practice.

Picture of Brian Demers

Written by Brian Demers

Brian is a Developer Advocate at Okta. He has a strong knowledge of Java including experience with an array of java and web-base technologies, along with involvement in open source communities.