Skip to end of metadata
Go to start of metadata

Repository Manager 3.8.0


Sonatype is pleased to announce the immediate availability of Nexus Repository 3.8.0. A summary of the highlights in this release is shown below.

For more detail see the complete release notes.

Multiple XSS Vulnerabilities

Multiple XSS vulnerabilities have been discovered in Nexus Repository 3.x up to and including version 3.7.1. We recommend upgrading to 3.8.0 or later immediately. See our support knowledge base article for more information.

Yum Hosted


With our initial support for Yum Proxy released in version 3.5.0 we are now continuing on with the Yum Hosted. This new feature is no longer built on top of Maven and no longer dependant on the external createrepo program. Yum hosting is now platform independent. Yum group repository and support for upgrading 2.x yum repositories to 3.x will be included in future releases.

Use permissive Deploy Policy if you're using Maven to deploy RPMs to Yum Hosted.

REST API deprecating /siesta


The "/service/siesta/rest/v1/script" endpoint has been moved to "/service/rest/v1/script".

Upgrading from 3.x

This version upgrades Eclipse Jetty from 9.3.x to 9.4.x. This upgrade required a line to be removed from the shipped <install-dir>/etc/jetty/jetty-http.xml and <install-dir>/etc/jetty/jetty-https.xml as compared to previous versions.

Startup will fail if you try to use a jetty configuration file from a previous version that contains the following line:

line that will fail startup if present in jetty-http.xml or jetty-https.xml
<Set name="selectorPriorityDelta"><Property name="jetty.http.selectorPriorityDelta" default="0"/></Set>

This highlights why it is important to always compare install files you previously modified on upgrade as recommended by our upgrade instructions.

Upgrading from 2.x

If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.6. See the upgrade compatibility matrix for more information.

General Improvements


  • [NEXUS-15467] - Make blob store type field not editiable



  • [NEXUS-12452] - Bower install no longer fails when user has only group level privileges

Content Selectors,Tree View

  • [NEXUS-15545] - Tree view now works properly with content selectors


  • [NEXUS-14969] - HA-C nodes now properly rejoin their cluster after cluster shutdown
  • [NEXUS-15084] - HA-C properly syncs user accounts between nodes


  • [NEXUS-15147] - Prevent ConcurrentModificationException when editing multiple user roles


  • [NEXUS-15364] - Logging from different task threads may log to the same task log if tasks are started within the same second


  • [NEXUS-12482] - Inconsistent behaviour with upload to snapshot repository fixed


  • [NEXUS-15282] - NPM allows redeploys despite Deploy Policy
  • [NEXUS-15425] - Assets now properly updated when a npm package is republished


  • [NEXUS-15466] - Welcome screen content is now displayed for administrators who are mapped in via LDAP group


  • [NEXUS-15202] - Take classifier into account when downloading a jar through the REST endpoint /rest/beta/search/assets/download
  • [NEXUS-15088] - Incorrect error response code 406 for bad ID in DELETE /component
  • [NEXUS-15089] - Error response code 204 not listed in REST API codes for component and asset delete


  • [NEXUS-15131] - Component naming for Yum Proxy now matches RPM header

  • No labels