Skip to main content

2025 Release Notes

This page contains a list of 2025 Sonatype Nexus Repository releases, links to each release's release notes, and a brief list of major changes per release.

Summary of Major Nexus Repository Changes in 2025

The following table lists major changes to Sonatype Nexus Repository in 2025. Consider these changes when upgrading to a new version. Select a release to see the full release notes.

Release

Release Date

Major Changes

3.79.0 - 3.79.1

April 10, 2025 (3.79.1)

April 1, 2025 (3.79.0)

  • 3.79.1

    • Restored RUT auth realm for Community Edition

    • Resolved known issue preventing uploads to Azure blob store

    • Restored Windows service installation option

    • Additional bug fixes

  • 3.79.0

    • Monthly request metrics available in Usage Center

    • Support for AWS Pre-Signed URL Downloads (Pro Only)

      Pre-Signed URLs for Hugging Face and PyPI Not Yet Supported

      As of release 3.79.0, the pre-signed URL feature does not yet support Hugging Face and PyPI. We will add support for these formats as soon as possible.

    • Updates to Licensing Page in User Interface

    • Firewall - New Malware Defense Evaluation REST API (Requires IQ Server 189+)

    • Firewall - New Firewall REST API to protect against Namespace Confusion attacks (Requires IQ Server 189+)

    • Firewall - New Firewall for Artifactory Plugin supporting latest Artifactory versions

3.78.0 - 3.78.2

March 18, 2025 (3.78.2)

March 7, 2025 (3.78.1)

March 4, 2025 (3.78.0)

Known Issue for Community Edition 3.78.0-3.79.0

In Sonatype Nexus Repository 3.78.0 and 3.79.0, the RUT Auth Realm (rutauth-realm), which is used for authentication via remote user token, is not available for Community Edition deployments. Instances using rutauth-realm before upgrading will lose functionality, and downgrading is not possible without a database backup made before the upgrade.

We are investigating this issue and will provide a fix as soon as possible.

This issue does not impact Pro deployments or Community Edition 3.77.x deployments.

Warning

Sonatype is aware of an issue preventing successful installation of Sonatype Nexus Repository 3.78.2 as a Windows service. If you use Nexus Repository as a Windows service, do not upgrade to 3.78.x. We will release a fix for our Windows users as soon as possible.

3.78.2

  • Multiple fixes for bugs impacting releases 3.78.0 and 3.78.1; see the full release notes for details.

3.78.1

  • Multiple fixes for bugs impacting release 3.78.0; see the full release notes for details.

  • Reverted previous core dependency updates, including moving back to SLF4J 1.7 and Logback 1.2.

3.78.0

  • Breaking change for custom plugins: Nexus Repository migrates to Spring Boot architecture.

  • Custom OSGi bundle deployment no longer supported.

  • Important breaking change for Windows users. JReleaser replaces Install4J as our tool for building installers. If you configure Windows Service Manager to run Nexus Repository, please review the updated instructions in our installation help docs before upgrading for details, including the commands you will need to use for starting, stopping, and uninstalling the service.

  • Unix archive now comes with platform-specific JDK and can no longer be used in a Mac environment.

  • Simpliefied JDK upgrades with Nexus Repository source code migration to Java.

  • ARM Docker images now available on Docker Hub.

  • Improved npm audit security with Firewall integration.

  • Sunsetting Log4J Visualizer and Bower format.

  • Core dependency updates, including move from SLF4J 1.7 to SLF4J 2.0 and from Logback 1.2 to Logback 1.5. (Reverted in 3.78.1)

Breaking Changes with JFrog Artifactory 7.104

JFrog Artifactory 7.104 is the latest and is incompatible with the Repository Firewall plugin. JFrog Artifactory has introduced a newer version of groovy-core that is not backward compatible with the version the Repository Firewall plugin is compiled against.

We recommend not upgrading to Artifactory 7.104 as doing so causes an interruption with the Repository Firewall service and exposes you to malware entering the environment.

3.70.0 - 3.70.4

February 13, 2025 (3.70.4)

October 10, 2024 (3.70.3)

September 3, 2024 (3.70.2)

July 10, 2024 (3.70.1)

July 9, 2024 (3.70.0)

Important

The Nexus Repository 3.70.x line is the last release line to support OrientDB. If you must remain on OrientDB, you will need to remain on our 3.70.x release line until you can migrate to H2 or PostgreSQL.

This marks OrientDB's transition to Extended Maintenance as defined in our sunsetting documentation.

There is no official sunset date for OrientDB at this time.

3.70.4

  • New Docker Tag for 3.70.x Releases

  • Multiple bug fixes

3.77.0 - 3.77.2

February 25, 2025 (3.77.2)

February 6, 2025 (3.77.1)

February 4, 2025 (3.77.0)

  • 3.77.2

    • Multiple bug fixes to improve performance.

  • 3.77.1

    • Fixes an issue in 3.77.0 where using the X-Forwarded-Port header with that exact letter case caused Docker repositories to return a 500 Server Error due to a conversion issue.

    • Fixes an issue in 3.77.0 that prevented the option to automatically remove malware from displaying when configuring the Automatic Malware Management task.

  • 3.77.0

    • Nexus Repository OSS becomes Nexus Repository Community Edition

    • Support for Hugging Face Proxy Repositories (Pro and Community Edition)

    • Automatically Remove Malicious Components with Repository Firewall (Pro Only)

    • Content Replication for Conan V2 (Pro Only)

    • Helm Staging Support (Pro Only)

    • Status Check for Embedded Database Use (H2 Only)

3.76.0 - 3.76.1

January 23, 2025 (3.76.1)

January 7, 2025 (3.76.0)

Known Issue

Sonatype is aware of an issue impacting Azure Blob Store users where attempting to download binary files exceeding 2GB can cause Nexus Repository to become unresponsive. We will release a patch for this issue as soon as possible.

  • 3.76.1

    • Fixed a bug that caused 404 errors during yum install commands for some 3.76.0 deployments.

    • Fixed a bug that prevented the Assets REST API from returning maven2 assets in some 3.76.0 deployments.

  • 3.76.0

    • Native support for Conan 2.0 (Pro only)

    • Malware remediation task

    • Firewall added to solution switcher

    • Google Cloud Platform (GCP) blob store Region field is now auto-populated when creating a new blob store