Skip to main content

2021 Release Notes

Summary of Major Changes in 2021

The following table lists major changes in 2021 that should be considered when upgrading to a new version. Select a release for more information.


Release Date

Major Changes

3.37.0 - 3.37.3

  • November 24, 2021 (3.37.0)

  • December 17, 2021 (3.37.1)

  • December 28, 2021 (3.37.2)

  • December 29, 2021 (3.37.3)

  • Introduced Log4j Visualizer and a subsequent wording update; see the Log4j Visualizer documentation. (3.37.2 & 3.37.3)

  • Update to logback library version. (3.37.1)

  • Repository replication now supports the NuGet and PyPI formats. PRO

  • Improved SQL INSERT performance into format specific browse_node tables to improve performance for those migrating to Nexus Repository 3 with an external PostgreSQL database. PRO

  • Made the node id persistent in the event of a node failover PRO

  • Modified the Repair - Rebuild repository search task for rebuilding the Elastic Search (ES) index when a Kubernetes node starts up to only rebuild the ES index if it is not present on the node. PRO

  • New Repair - Rebuild npm metadata task.

  • Repair - rebuild Maven repository metadata task now recreates hosted metadata files when it encounters one that is an invalid blob reference.

  • When migrating from Nexus Repository version 2 to version 3, Nexus Repository now retains information about when assets from that Nexus Repository 2 instance were created and who created them.

  • We reworked our implementation to avoid copy operations while uploading components so as to improveS3 storage performance.


October 27, 2021

  • This release includes a security fix for an incorrect access control. See the CVE-2021-42568 for full details.

  • This release includes a security fix for a server side request forgery vulnerability. See CVE-2021-43293 for full details.

  • Replication Improvement: You can now use Truststore certificates for replication connections PRO

  • Added OrientDB health check and repair to database migration PRO

  • Added an automated Nexus Repository database version check for H2 and PostgreSQL databases to prevent using an H2 or PostgreSQL database version that is newer than your Nexus Repository version PRO

  • Added a new single-node cloud resilient deployment example using Azure to our help documentation. PRO

  • Changed how Yum metadata is handled so that stale metadata is temporarily retained after rebuilding Yum metadata in order to support clients with an update metadata operation already in progress.

  • In order to make migration from Nexus Repository 2 to 3 faster, we've removed building search indexes and browse nodes from the upgrade process.


October 12, 2021

  • Replication support for Docker and npm formats PRO

  • Replicator runs continuously by default PRO

  • New Replicator Administrator role PRO

  • Updated Database Migrator for easier migration between PostgreSQL and H2 Databases PRO

  • Conan hosted support for PostgreSQL and H2 databases; not supported for OrientDB. PRO

  • Firewall integration improvement: policy-compliant component selection for npm

  • Hardlink support for Docker, npm, NuGet, PyPI, RubyGems, and Yum

3.34.0 - 3.34.1

  • September 1, 2021 (3.34.0)

  • September 23, 2021 (3.34.1)

  • Includes a security fix for an HTTP header injection. See the CVE-2021-40143 advisory for details

  • Repository replication now available for all Pro customers PRO

  • Added Cocoapods, RubyGems, p2, and Go formats for PostgreSQL database for H2 and PostgreSQL databases PRO

  • Improvements to Nexus Repository 2 to Nexus Repository 3 migration

  • Changed default location for storing import task metadata


  • August 4, 2021 (3.33.0)

  • August 17, 2021 (3.33.1)

  • Critical fix for those migrating to a PostgreSQL database that prevents moving over privilegs for formats not yet supported in the PostgreSQL solution

  • Upgrade Eclipse Jetty to version 9.4.43.v20210629

  • Changes to Single-Node cloud resilient deployment example to remove the dependency on Amazon Elastic File System (EFS) PRO

  • Added npm, Conan, Conda, Git LFS, and R formats for PostgreSQL database PRO

  • New pro trial landing page


  • July 8, 2021 (3.32.0)

  • December 20, 2021 (3.32.1)

  • Introduction of repository replication product preview PRO

  • Added APT format for PostgreSQL database

  • Fix for known Docker issue NEXUW-28247

  • Updated logback library from version 1.2.3 to version 1.2.9.


  • June 16, 2021 (3.31.0)

  • June 23, 2021 (3.31.1)

  • Includes a security fix for an Information Disclosure CVE. See the CVE-2021-34553 advisory for details

  • Nexus Repository Pro can now use an externalized PostgreSQL database instead of OrientDB. PRO

    • Formats supported include Maven, Docker, NuGet V3, PyPI, Helm, Raw, and Yum

  • Upgrade Eclipse Jetty to 9.4.42.v20210604

  • Fix for NEXUS-28078 - Docker - Delete unused manifests and images task may delete referenced layers if the database query to select components encounters limits


  • March 4, 2021 (3.30.0)

  • April 22, 2021 (3.30.1)

  • Includes a security fix for an Information Disclosure CVE. See the CVE-2021-30635 advisory for details

  • Includes a security fix for an XSS vulnerability. See CVE-2021-29159 advisory for details

  • Includes a security fix for a Sensitive Information Disclosure CVE. See the CVE-2021-29158 advisory for details

  • Known Docker issue in 3.30.0 (NEXUS-28247); This is fixed in 3.32.0

  • Upgrade Eclipse Jetty to 9.4.40.v20210413

  • Azure blob store support PRO

  • Protection against namespace confusion

  • GPG for Yum repositories

  • Logjam attack prevention


  • December 4, 2020 (3.29.0)

  • December 24, 2020 (3.29.1)

  • January 6, 2021 (3.29.2)

  • Includes Security Fix for XML External Entity CVE. See the CVE-2020-29436 advisory for details.
  • 3.29.2 contains a fix for a Cleanup Policies bug found in 3.29.1

  • Filtering npm package root metadata

  • Deprecated /service/metrics/healthcheck

  • Support for Maven and Gradle SHA256/SHA512 hashing

  • Remote URL of defaults to V3 for new installs

  • More secure direct inbound HTTPS connection ciphers and TLS protocols