Skip to main content

Nexus Repository 3.30.0 - 3.30.1 Release Notes

Nexus Repository Manager 3.30.1

Includes a security fix for an Information Disclosure CVE. See the CVE-2021-30635 advisory for details.

Includes a security fix for an XSS vulnerability. See CVE-2021-29159 advisory for details.

Includes a security fix for a Sensitive Information Disclosure CVE. See the CVE-2021-29158 advisory for details.

Sonatype recommends administrators running Nexus Repository Manager 3.30.0 and earlier upgrade immediately.

2021-04-22

These notes are a compilation of the improvements and significant bug fixes for Nexus Repository Manager 3.30.1.

Warning

If you installed this version and utilize the Docker - Delete unused manifests and images task this message is critical.

A bug in this Nexus Repository version can cause loss of some Docker data when running the Docker - Delete unused manifests and images task. We recommend disabling this task immediately to avoid data loss. If this is not possible for your organization, we recommend not updating to this version.

General Improvements

[NEXUS-27384] Upgrade Eclipse Jetty to 9.4.40.v20210413

Maven

[NEXUS-26789] Performance improvement to rebuilding GA maven-metadata.xml

NuGet V3

[NEXUS-26501] Package content is out of specification when downloading from NuGet hosted

Raw

[NEXUS-27013] Raw proxy is encoding slashes for outbound requests

[NEXUS-26855] Non-indexed raw proxy repositories cannot be browsed

Nexus Repository Manager 3.30.0

2021-03-04

Warning

If you installed this version and utilize the Docker - Delete unused manifests and images task this message is critical.

A bug in this Nexus Repository version can cause loss of some Docker data when running the Docker - Delete unused manifests and images task. We recommend disabling this task immediately to avoid data loss. If this is not possible for your organization, we recommend not updating to this version.

Azure Blob Store Support

[NEXUS-24446] PRO Nexus Repository Manager now includes the ability to create blobstores backed by Microsoft's Azure Blob storage.

Protection Against Namespace Confusion

Users of Sonatype's Nexus Firewall can indicate which repositories include proprietary content. When combined with a new policy condition in Nexus IQ this can help prevent namespace attacks by quarantining external packages which use the same name as your proprietary internal components. For more details check out our demo video.

GPG for Yum Repositories

Yum repositories can be configured with GPG support for binary signing.

Logjam Attack Prevention

[NEXUS-25909] To protect against the logjam attacks Nexus Repository Manager now enforces a minimum of 2048-bit keys.

Bug Fixes

NEXUS-26606 - Upgraded Jetty to 9.4.38.v20210224

NEXUS-23750 - Added support for Github's npm repositories

NEXUS-12022 - Allow configuring HTTPS Maven proxy repositories with pre-emptive authentication