Nexus Repository 3.43.0 Release Notes

Released November 7, 2022

Highlights in This Release
NuGet V2 Support for H2 and PostreSQL DeploymentsPRO Those requiring NuGet V2 support can now take advantage of our newer H2 or PostgreSQL databases. Upgraded Apache Shiro Nexus Repository versions up to 3.42.0 (inclusive) included a vulnerable version of Apache Shiro. While we do not know of a reported exploit, we’ve upgraded Apache Shiro from 1.9.1 to 1.10.0 out of an abundance of caution. To ensure your safety, you should update to the latest version of Nexus Repository.

Highlights in This Release

NuGet V2 Support for H2 and PostreSQL DeploymentsPRO

Those requiring NuGet V2 support can now take advantage of our newer H2 or PostgreSQL databases.

Upgraded Apache Shiro

Nexus Repository versions up to 3.42.0 (inclusive) included a vulnerable version of Apache Shiro. While we do not know of a reported exploit, we’ve upgraded Apache Shiro from 1.9.1 to 1.10.0 out of an abundance of caution. To ensure your safety, you should update to the latest version of Nexus Repository.

NuGet V2 Support for H2 and PostgreSQL Database Users PRO

We heard you! Many of you requested that Nexus Repository deployments using H2 and PostgreSQL databases support NuGet V2 repositories. In response, we have added NuGet V2 support for deployments using one of these newer database options. This allows more of you to take advantage of the benefits of an external PostgreSQL database, including resilient deployment options.

Note that our implementation is compatible with Microsoft's NuGet Gallery, which means it does not support custom OData queries.

While we still recommend moving to NuGet V3, this support allows you more time to plan and execute such a big move.

Nexus Repository Now Mirrors PyPI Yank Attribute

In order to facilitate development and delivery for Nexus mirror users, we have added support for the PyPI Yank attribute added to the Simple Repository API in PEP 592.

Upgraded Apache Shiro

Nexus Repository versions up to 3.42.0 (inclusive) included a vulnerable version of Apache Shiro. While we do not know of a reported exploit, we’ve upgraded Apache Shiro from 1.9.1 to 1.10.0 out of an abundance of caution.To ensure your safety, you should update to the latest version of Nexus Repository.

Upgraded Jackson Databind

We have upgraded Jackson Databind from version 2.13.2.1 to 2.13.4.2.

Upgraded SnakeYAML

We have upgraded SnakeYAML from version 1.28 to version 1.32.

Bug Fixes	Description
NEXUS-34774	Fixed an issue that was preventing some NuGet v3 dependencies from being downloaded when using the NuGet install command.
NEXUS-35259	PyPi group repositories on deployments using PostgreSQL or H2 databases now return cached assets as expected rather than creating unnecessary extra blob files.
NEXUS-35515	Casting `DetachingList` to `ArrayList` when retrieving Docker proxy repository configuration via REST API no longer results in an error.