Skip to main content

Sonatype Nexus Repository 3.57.0 - 3.57.1 Release Notes

Highlights in This Release


Critical Fix for 3.57.0 and 3.58.0 Deployments Using Sonatype Repository Firewall (3.57.1)

This release fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall.

Default Role Alert (3.57.0)

In this release, we added a Default Role alert to inform administrators when the Default Role capability is enabled and what role is configured as the default role granted to all authenticated users.

Helpful New Columns in Repositories and Search Results Tables (3.57.0)

This release includes multiple UX enhancements, including a new Blob Store column in the Repositories table and a sortable Last Updated column to Search results.

3.57.1 Released July 21, 2023

Critical Fix for 3.57.0 and 3.58.0 Deployments Using Sonatype Repository Firewall

This release fixes a critical bug impacting Sonatype Nexus Repository3.57.0and3.58.0deployments that use Sonatype Repository Firewall.

This bug could allow for users to unintentionally download quarantined components. We have retracted versions 3.57.0 and 3.58.0; please use 3.57.1 or 3.58.1 instead.

3.57.0 Released July 5, 2023

Default Role Alert

The Default Role capability allows administrators to select a configured role to be granted to all authenticated users. This means all authenticated users will have the privileges granted to the default role. To make it easier for you to see what role (if any) is configured as your default role, we added an alert to the Roles screen providing this information when you have a default role configured.

Blob Store Column in Repositories Table

To make it easier for you to identify the blob stores to which your repositories belong, we added a Blob Store column to the Manage r epositories table providing this information.


Last Updated Column in Search Results

In order to allow you to easily sort your search results by latest or oldest builds, we've added a Last Updated column to the search results table.


Improvements in Support of Sonatype Repository Firewall

We continue to make changes in Sonatype Nexus Repository to continually progress in unifying Sonatype's product suite. To this end, we have made changes to ensure that highly available (HA) Sonatype Nexus Repository deployments can support the new Sonatype Repository Firewall SaaS offering. We have also added validation to ensure that Sonatype Nexus Repository and Firewall only exchange information when Firewall configuration is enabled to avoid data becoming out of sync.

In the UI, we've renamed the Component IQ and IQ Application fields in the component browse view to Sonatype Lifecycle Component and Application respectively.

We’ve also modified the policy-compliant component selection checkbox so that it is disabled until and unless both the Firewall - Audit and Quarantine capability is enabled and the Enable Quarantine checkbox that appears within that capability is checked. This is to prevent the Nexus Repository from getting into an inconsistent state with the Firewall server.

Bug Fixes



You can now properly remove an S3 blob store from a group even when it references an S3 bucket that is no longer accessible; such blob stores no longer cause UI errors.


Made enhancements to the Search APIs to improve the behavior for query parameters on fields that accept empty values. An empty value for most fields is now treated as “specifically empty" instead of the former behavior of treating it like a wildcard. However, note that therepositoryandformatparameters should not be empty as every component is both stored in a repository and has a format.


Fixed errors that were sporadically preventing startup in some cases due to a corrupted org.apache.karaf.features.cfg file.


Downloading a pom.xml that uses unicode characters no longer fails due to calling getBytes without using UTF8.


Searching for Maven versions now returns versions in alpha-numeric order as expected.


Raw proxy URL no longer encodes special characters for outbound requests.


The Repair - Reconcile component database from blob store task with only Integrity Check option selected now removes stale objects from S3 blob stores as expected.


Browse privileges are no longer required to execute a NuGet search; only Read is needed.


Deleting large repositories is no longer impeded by errors where Sonatype Nexus Repository looks for repository_blobstore in the component database.


Running a search for Maven assets in an HA environment now returns the versions in descending order.


npm exports no longer skip assets with an application/x-tgz content type.


The permissions required for the search API are now consistent between HA and non-HA environments. Searching a group repository from the API only requires the user to have read permissions for the group.