Skip to main content

2025 Release Notes

This page contains a list of 2025 IQ Server releases, links to each release's release notes, and a brief list of major changes per release.

Note

While we strive to fully document new features before releasing them to our Cloud environments, there may be occasional delays. In such instances, we will update this page with links to the relevant help documentation as soon as it becomes available.

Summary of Major Changes in 2025

The following table lists major changes in 2025 that should be considered when upgrading to a new version.

Features and fixes are added to Sonatype Cloud-based deployments on a weekly basis. The same features and fixes are made available to self-hosted deployments on a monthly basis.

Features and Changes

Cloud Release Date

Included in Self-Hosted Version

May 21, 2025

192 (Coming June 2025)

* Dashboard already available for 189+

May 14, 2025

192 (Coming June 2025)

* Dashboards already available for 184+

  • Hugging Face Support for Repository Firewall (Requires Nexus Repository 3.80.0+)

May 7, 2025

191

  • Automated waivers for non-reachable methods (Developer)

  • Support for multiple auto-waivers (Developer)

  • Doc notification that Cocoapods approaching end-of-life

April 30, 2025

191

  • Data Insights Enhancement: Enhanced Security Risk Analysis Dashboard

April 23, 2025

191

  • Added support for Dart and Flutter analysis

  • Data Insights is now Enterprise Reporting

April 16, 2025

191

  • Change to License Overrides REST API Naming (licenseOverride changes to licenseOverrides)

April 9, 2025

191

  • Release 190 fixes multiple bugs impacting the 189 release.

  • Data Insights is now Enterprise Reporting with a newly redesigned landing page.

April 8, 2025

190

  • Improved browser tab identification across solutions

  • Policy conditions for derivative AI models

  • Support for scanning LFS files for AI/ML

  • Coordinate constraint supports all formats; this release adds the following formats:

    • Conda

    • Cran

    • Gem

    • Golang

    • NuGet

    • Pub

    • RPM

    • SWID

    • Swift

  • Re-evaluation now uses latest HDS data

  • New License Override REST API

  • Display CLI/Plugin version in latest evaluations

  • When merging multiple SBOMs, SBOM manager now merges associated licenses and vulnerabilities for duplicate components

  • New Malware Defense Evaluation REST API

  • New Firewall REST API to protect against Namespace Confusion attacks.

  • Swagger now uses malware-defense instead of firewall; this does not impact functionality and 'firewall' will still work

  • UI URL for Firewall uses malware-defense; 'firewall' will not work in the UI URL

  • New Firewall for Artifactory Plugin supporting latest Artifactory versions

  • Firewall Classic sunsetting April 9

April 1, 2025

189

  • API documentation, powered by Swagger and OpenAPI, is now available in the user interface for all IQ-powered solutions (i.e., Lifecycle, Developer, SBOM Manager, Firewall, and Advanced Legal Pack).

  • Update existing waivers with the Policy Waivers REST API.

  • Policy Violations REST API now returns waived, legacy, and auto-waived violations.

  • Report REST API policy violations now returns openTime.

  • Success Metrics Enterprise Dashboard displays remediation status chart.

  • Enhanced Security Risk Analysis Dashboard.

Breaking Changes with JFrog Artifactory 7.104

JFrog Artifactory 7.104 is the latest and is incompatible with the Repository Firewall plugin. JFrog Artifactory has introduced a newer version of groovy-core that is not backward compatible with the version the Repository Firewall plugin is compiled against.

We recommend not upgrading to Artifactory 7.104 as doing so causes an interruption with the Repository Firewall service and exposes you to malware entering the environment.

March 4, 2025

188

Upgrade Impact

After upgrading a Lifecycle instance using a PostgreSQL database from IQ 182 or earlier to IQ 183 or later, you may temporarily see an internal error when accessing the violations dashboard and find a NullPointerException (NPE) in the logs. This is due to an internal job running in the background; the dashboard will load as expected after the job completes. We will improve this experience in a future release.

  • Hugging Face declared and observed license detection

  • View Latest Evaluations option in Lifecycle

  • Improvements to Security Risk Analysis dashboard

  • Specify SBOM application version during import

  • Easily view SBOM release status

  • Support for Python pipfile.lock

  • Branch name displays in Priorities view

  • Sonatype Developer: Auto-waivers for policy violations on components with no path forward

February 4, 2025

187

Upgrade Impact

After upgrading a Lifecycle instance using a PostgreSQL database from IQ 182 or earlier to IQ 183 or later, you may temporarily see an internal error when accessing the violations dashboard and find a NullPointerException (NPE) in the logs. This is due to an internal job running in the background; the dashboard will load as expected after the job completes. We will improve this experience in a future release.

  • Lifecycle Changes

    • Lifecycle dashboard performance improvements (includes UI changes)

      • Total count no longer displays on each tab

      • Removed sorting by component name

      • Applications filter displays up to 500 apps with type-ahead filter to refine list

      • Pagination change to only include back/forward buttons within page numbers to select

    • Easier onboarding with automatic role assignment

    • Waiver reasons in API responses for the Applicable Waivers, Similar Waivers, Component Waivers, and Stale Waivers REST APIs as well as the UI

    • Dependency tree visualization for Cargo

    • Improved matching process for SBOM scans (impacts Lifecycle and SBOM Manager)

    • New AI Model Usage Data Insight

  • Sonatype Developer Changes

    • All integrations now listed on homepage tabs

    • Avoid recommending milestone versions

  • SBOM Manager Changes

    • Sort components by name on BOM page

    • Leverage Sonatype Container Security for SBOM Manager container scans

    • Policy violations visible in UI

    • Skip validation support for CycloneDX and SPDX

    • Search by license

    • Original binary filename visible in BOM page

    • Improved matching process for SBOM scans (impacts Lifecycle and SBOM Manager)

  • Repository Firewall Changes

    • Access Firewall via Solution Switcher

  • Notable Integrations Changes

    • IQ CLI is now a standalone solution (i.e., IQ CLI 2.0), which means it is a separate download and is no longer included in the bundled IQ download

    • IQ CLI 2.0 supports Python pipfile.lock

    • IQ CLI 2.0 dependency tree visualization for Cargo

  • This release fixes an issue in release 185 that could cause deadlocking to occur under heavy usage causing the application to become unresponsive.

January 8, 2025

186