Skip to main content

2025 Release Notes

This page contains a list of 2025 Sonatype Nexus Repository releases, links to each release's release notes, and a brief list of major changes per release.

Note that while we strive to fully document new features before releasing them to our Cloud environments, there may be occasional delays. In such instances, we will update this page with links to the relevant help documentation as soon as it becomes available.

Summary of Major Nexus Repository Changes in 2025

The following table lists major changes to Sonatype Nexus Repository in 2025. Consider these changes when upgrading to a new version. Select a self-hosted release to see the fully featured release notes.

Major Changes

Cloud Release Date*

Included in Self-Hosted Version

  • Sonatype Nexus Repository Now Available in the Cloud – Sonatype Nexus Repository Pro is now available as a fully managed, cloud-hosted service, eliminating the overhead of infrastructure management and allowing your development teams to focus on building and delivering secure and reliable software faster.

  • Docker Registry Path-Based Repository Support.

July 16, 2025

3.83.0 (Coming August 2025)

  • New Capabilities API to view, create, update, and delete capabilities.

  • Firewall quarantine messaging restored and improved.

July 9, 2025

(self-hosted release date)

3.82.0

Known Issue in 3.81.1: Quarantine Messages Missing from 403 Responses

Sonatype is aware of an issue in Nexus Repository 3.81.1 that prevents all quarantine messages—both default and custom—from appearing in HTTP responses when components are blocked by Repository Firewall. Affected requests return only a generic “403 Forbidden” status with no explanatory message or link to the component report. This may impact environments that depend on these messages to inform users about quarantine reasons.

  • 3.81.1

    • This release fixes an issue that caused dotnet restore commands to fail due to NuGet v3 content requests returning 404 errors.

Known Issue in 3.81.0: dotnet restore Command Fails

We’ve identified an issue in Nexus Repository 3.81.0 that causes dotnet restore commands to fail due to NuGet v3 content requests returning 404 errors. This can disrupt build pipelines that rely on NuGet group repositories. If your environment uses the dotnet build tool, do not upgrade to 3.81.0. A fix is in progress and will be released as soon as possible.

  • 3.81.0

    • Egress information available in the Usage tab under Licensing.

    • Upgraded from Jetty 9 to Jetty 12.

    • Performance improvements for Change Repository Blobstore task in Google Cloud environments.

    • Integrate Sonatype Repository Firewall with Zscaler.

June 11, 2025 (3.81.1)

June 10, 2025 (3.81.0)

(self-hosted release dates)

3.81.0 - 3.81.1

  • New modern user interface

  • Usage Center support for high availability

  • Historical usage table with insights into month-to-month usage

  • LDAP to SAML user token migration task

  • Simplified cleanup for S3 blob stores with Compact Blob Store task and retention property

  • Improvements to high availability configurations for AWS database failover

  • Upgrade impact for those with custom Jetty configuration: in this release, we renamed the logging framework module from nexus-pax-logging to nexus-logging

  • Hugging Face support for Firewall (requires Lifecycle 191) and Firewall for Artifactory Plugin (Plugin version 2.6.0)

May 6, 2025

(self-hosted release date)

3.80.0

  • 3.79.1

    • Restored RUT auth realm for Community Edition

    • Resolved known issue preventing uploads to Azure blob store

    • Restored Windows service installation option

    • Additional bug fixes

  • 3.79.0

    • Monthly request metrics available in Usage Center

    • Support for AWS Pre-Signed URL Downloads (Pro Only)

      Pre-Signed URLs for Hugging Face and PyPI Not Yet Supported

      As of release 3.79.0, the pre-signed URL feature does not yet support Hugging Face and PyPI. We will add support for these formats as soon as possible.

    • Updates to Licensing Page in User Interface

    • Firewall - New Malware Defense Evaluation REST API (Requires IQ Server 189+)

    • Firewall - New Firewall REST API to protect against Namespace Confusion attacks (Requires IQ Server 189+)

    • Firewall - New Firewall for Artifactory Plugin supporting latest Artifactory versions

April 10, 2025 (3.79.1)

April 1, 2025 (3.79.0)

(self-hosted release dates)

3.79.0 - 3.79.1

Known Issue for Community Edition 3.78.0-3.79.0

In Sonatype Nexus Repository 3.78.0 and 3.79.0, the RUT Auth Realm (rutauth-realm), which is used for authentication via remote user token, is not available for Community Edition deployments. Instances using rutauth-realm before upgrading will lose functionality, and downgrading is not possible without a database backup made before the upgrade.

We are investigating this issue and will provide a fix as soon as possible.

This issue does not impact Pro deployments or Community Edition 3.77.x deployments.

Warning

Sonatype is aware of an issue preventing successful installation of Sonatype Nexus Repository 3.78.2 as a Windows service. If you use Nexus Repository as a Windows service, do not upgrade to 3.78.x. We will release a fix for our Windows users as soon as possible.

3.78.2

  • Multiple fixes for bugs impacting releases 3.78.0 and 3.78.1; see the full release notes for details.

3.78.1

  • Multiple fixes for bugs impacting release 3.78.0; see the full release notes for details.

  • Reverted previous core dependency updates, including moving back to SLF4J 1.7 and Logback 1.2.

3.78.0

  • Breaking change for custom plugins: Nexus Repository migrates to Spring Boot architecture.

  • Custom OSGi bundle deployment no longer supported.

  • Important breaking change for Windows users. JReleaser replaces Install4J as our tool for building installers. If you configure Windows Service Manager to run Nexus Repository, please review the updated instructions in our installation help docs before upgrading for details, including the commands you will need to use for starting, stopping, and uninstalling the service.

  • Unix archive now comes with platform-specific JDK and can no longer be used in a Mac environment.

  • Simpliefied JDK upgrades with Nexus Repository source code migration to Java.

  • ARM Docker images now available on Docker Hub.

  • Improved npm audit security with Firewall integration.

  • Sunsetting Log4J Visualizer and Bower format.

  • Core dependency updates, including move from SLF4J 1.7 to SLF4J 2.0 and from Logback 1.2 to Logback 1.5. (Reverted in 3.78.1)

Breaking Changes with JFrog Artifactory 7.104

JFrog Artifactory 7.104 is the latest and is incompatible with the Repository Firewall plugin. JFrog Artifactory has introduced a newer version of groovy-core that is not backward compatible with the version the Repository Firewall plugin is compiled against.

We recommend not upgrading to Artifactory 7.104 as doing so causes an interruption with the Repository Firewall service and exposes you to malware entering the environment.

March 18, 2025 (3.78.2)

March 7, 2025 (3.78.1)

March 4, 2025 (3.78.0)

(self-hosted release dates)

3.78.0 - 3.78.2

Important

The Nexus Repository 3.70.x line is the last release line to support OrientDB. If you must remain on OrientDB, you will need to remain on our 3.70.x release line until you can migrate to H2 or PostgreSQL.

This marks OrientDB's transition to Extended Maintenance as defined in our sunsetting documentation.

As of January 9, 2026, OrientDB will be considered officially sunset.

3.70.4

  • New Docker Tag for 3.70.x Releases

  • Multiple bug fixes

February 13, 2025 (3.70.4)

October 10, 2024 (3.70.3)

September 3, 2024 (3.70.2)

July 10, 2024 (3.70.1)

July 9, 2024 (3.70.0)

(self-hosted release dates)

3.70.0 - 3.70.4

  • 3.77.2

    • Multiple bug fixes to improve performance.

  • 3.77.1

    • Fixes an issue in 3.77.0 where using the X-Forwarded-Port header with that exact letter case caused Docker repositories to return a 500 Server Error due to a conversion issue.

    • Fixes an issue in 3.77.0 that prevented the option to automatically remove malware from displaying when configuring the Automatic Malware Management task.

  • 3.77.0

    • Nexus Repository OSS becomes Nexus Repository Community Edition

    • Support for Hugging Face Proxy Repositories (Pro and Community Edition)

    • Automatically Remove Malicious Components with Repository Firewall (Pro Only)

    • Content Replication for Conan V2 (Pro Only)

    • Helm Staging Support (Pro Only)

    • Status Check for Embedded Database Use (H2 Only)

    • Options like Vulnerability Lookup and Advanced Search no longer display in the standalone Firewall user interface available via Solution Switcher. You can find these items by switching to the Lifecycle option via Solution Switcher.

February 25, 2025 (3.77.2)

February 6, 2025 (3.77.1)

February 4, 2025 (3.77.0)

(self-hosted release dates)

3.77.0 - 3.77.2

Known Issue

Sonatype is aware of an issue impacting Azure Blob Store users where attempting to download binary files exceeding 2GB can cause Nexus Repository to become unresponsive. We will release a patch for this issue as soon as possible.

  • 3.76.1

    • Fixed a bug that caused 404 errors during yum install commands for some 3.76.0 deployments.

    • Fixed a bug that prevented the Assets REST API from returning maven2 assets in some 3.76.0 deployments.

  • 3.76.0

    • Native support for Conan 2.0 (Pro only)

    • Malware remediation task

    • Firewall added to solution switcher

    • Google Cloud Platform (GCP) blob store Region field is now auto-populated when creating a new blob store

January 23, 2025 (3.76.1)

January 7, 2025 (3.76.0)

(self-hosted release dates)

3.76.0 - 3.76.1

* Sonatype Nexus Repository Cloud was introduced on July 16 2025; Cloud Release Date only applies to versions after this date. All releases before July 2025 were self-hosted only.