Skip to main content

Sonatype Nexus Repository 3.53.0 - 3.53.1 Release Notes

Warning

There is a known issue in Sonatype Nexus Repository 3.53.0 and 3.53.1 impacting those using community or custom plugins. These plugins will not load from the typical install directory and, in some cases, this may prevent Sonatype Nexus Repository from starting.

If you are using community or custom plugins and wish to upgrade, remove the plugin before doing so. Otherwise, wait to upgrade until we release a fix for this issue.

If you are not using community or custom plugins, there is no impact.

Highlights in This Release

Critical 3.53.0 Bug Fixes

Sonatype Nexus Repository 3.53.1 includes critical bug fixes impacting those using RubyGems who upgraded to Sonatype Nexus Repository 3.53.0.

Change in Database Property Evaluation Priority when Using PostgreSQL

To help you more easily change database connection details, we've changed the way and order in which Sonatype Nexus Repository evaluates the mechanism for evaluating this information. You will also need to provide all required fields through the same mechanism.

Fix for RubyGems Dependency API Deprecation

RubyGems will deprecate its dependency API as of May 10, 2023. Those using RubyGems will need to upgrade to Sonatype Nexus Repository 3.53.0 by May 10 to avoid encountering errors caused by this deprecation.

New Name & UI Changes

As part of a Sonatype-wide renaming initiative impacting all of our products (see the Sonatype blog for full details), Nexus Repository has officially become Sonatype Nexus Repository. We've also adjusted some verbiage in our user interface.

What's New and Noteworthy in 3.53.1?

Released May 12, 2023

Critical 3.53.0 Bug Fixes

While we believed the Sonatype Nexus Repository 3.53.0 release included all necessary fixes to address the RubyGems Dependencies API deprecation, some Sonatype Nexus Repository customers reported unforeseen issues once the deprecation took place on May 10. This release addresses those issues as outlined in the Bug Fixes section.

It is possible that you may still encounter issues even after upgrading to 3.53.1. We have observed packaging inconsistencies in the RubyGems ecosystem that leave required fields missing or with values that are non-conforming to spec. In these scenarios, Sonatype Nexus Repository is unable to properly store the gem or complete normal operations.

In 3.53.0 and earlier, this error would occur with a 500 error and not enough data being provided in the log file to identify the specific gem.

In 3.53.1, gems that have this gap will be reported in the nexus.log file with a log line like the following:

2023-05-12 12:20:32,043-0500 WARN [quartz-11-thread-2] *SYSTEM org.sonatype.nexus.repository.rubygems.orient.internal.hosted.OrientGemInfoHostedFacet - Could not parse version 0.2.2 from gem gems/nexus-0.2.2.gem

Please report if this occurs so that we can properly address non-conforming gems in future releases.

What's New and Noteworthy in 3.53.0?

Released May 2, 2023

Change in Database Property Evaluation Priority when Using PostgreSQL PRO

Those using or migrating to a PostgreSQL database can now more easily change or correct database credentials and connection details. We've adjusted the way in which Sonatype Nexus Repository evaluates the mechanisms for evaluating this information. The new priority order is as follows:

  1. environment variables

  2. system properties

  3. sonatype-work/nexus3/etc/fabric/nexus-store.properties

You must provide all required fields through the same mechanism. Sonatype Nexus Repository will use the first of the following mechanisms that it encounters and will ignore the others (e.g., if you use environment variables, Sonatype Nexus Repository will ignore the system properties and nexus-store.properties file); environment variables and system properties are no longer used to populate the nexus-store.properties file. This is evaluated each time you start Sonatype Nexus Repository.

Tip

If you are already using a PostgreSQL database and are using environment variables or system properties along with your nexus-store.properties, note that this will cause Sonatype Nexus Repository to ignore the nexus-store.properties file on disk. This is a change in behavior from previous versions in which environment variables and system properties were used to populate the nexus-store.properties.

Make sure to update how you are providing this information so that Sonatype Nexus Repository does not ignore any important configurations.

Check out the Configuring Nexus Repository Pro for H2 or PostgreSQL help topic for full details on moving to a PostgreSQL database.

Fix for RubyGems Dependencies API Removal

As of May 10, 2023, RubyGems will deprecate its dependency API (See the RubyGems blog for full details). With this release, we provide important updates to ensure those using RubyGems repositories will not encounter errors.

Note

If you are using RubyGems, you must upgrade to Sonatype Nexus Repository 3.53.0 by May 10 to avoid encountering errors caused by the dependency API deprecation.

Nexus Repository Becomes Sonatype Nexus Repository

You may have noticed the beginning of our rebranding in our last release. In case you missed it, Nexus Repository has officially become Sonatype Nexus Repository! Along with a new name, Sonatype Nexus Repository has a new logo. In fact, the entire Sonatype platform has been refreshed. You can learn more in the Sonatype blog!

Notable UI Changes

As we work to enhance the Sonatype platform experience, including helping customers benefit from the power and security of an integrated suite of Sonatype products, we're adjusting some items in our user interface. This is only a UI change; functionality is not impacted. You will notice the following changes:

  • IQ Server configuration in API page becomes Sonatype Repository Firewall configuration. The API URL is not affected and remains the same.

    API user interface showing Manage Sonatype Repository Firewall configuration section
  • IQ Policy Violation column that appears when browsing repositories becomes Firewall Report.

    Browse repositories user interface with Firewall Report column highlighted

Bug Fixes

3.53.1 Bug Fixes

Ticket Number (Where Available)

No Public Ticket Available

Fixed an issue that was causing the RubyGems Info API to work with incorrect groups.

NEXUS-39091

Concurrent event handling and asynchronous processing works as expected for RubyGems.

No Public Ticket Available

Fixed a paging issue on OrientDB for RubyGems upgrade tasks.

No Public Ticket Available

Fixed a GroovyCastException that was occurring when installing the nexus gem.

No Public Ticket Available

Resolved an issue for those using OrientDB where, if a package was uploaded while a rebuild was in progress, it may result in missing a package until the next upload.

No Public Ticket Available

Fixed an issue that was causing an exception when running the Repair - Rebuild Rubygems versions file task.

3.53.0 Bug Fixes

Ticket Number

Description

NEXUS-25408

Setting Authenticated user status interval to "0" will no longer cause buttons to be disabled upon logging in. Note that we plan to prevent users from setting this value to "0" in future.

NEXUS-31023

Fixed an issue that was causing Sonatype Nexus Repository to fail to serve npm component metadata under a high load of requests to an npm group repository.

NEXUS-31286

Adjusted the order in which Sonatype Nexus Repository honors the mechanisms for setting database properties. It now first looks for environment variables, then system properties, and finally settings in the nexus-store.properties file. (This is a reversal from previous releases.) All required fields must be set via the same mechanism. See the Configuring Sonatype Nexus Repository for PostgreSQL help topic for full details.

NEXUS-31635

Added validation so that users cannot update a repository with an invalid version policy via the REST API.

NEXUS-35728

The kubectl cp and oc cp commands work again as expected.

Note: The Sonatype Nexus Repository 3.53.0 Docker image was re-released with this fix on May 11, 2023. Earlier 3.53.0 Docker images will not include this fix.

NEXUS-37958

Blob store health check no longer inaccurately reports group blob stores as not writable.

NEXUS-38579

Provided improvements to reduce performance issues after deleting large repositories.

NEXUS-38585

Searching Conan repositories with attributes containing special characters now works as expected.

N/A

Upgraded org.apache.karaf.jaas:org.apache.karaf.jaas.modules package from 4.3.6 to 4.3.9 due to a vulnerability. There are no known exploits of this vulnerability, and we are upgrading out of an abundance of caution.