Sonatype Nexus Repository 3.58.0 - 3.58.1 Release Notes
Note Critical Fix for 3.57.0 and 3.58.0 Deployments Using Sonatype Repository Firewall (3.58.1) This release fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall. Restored Admin - Change repository blob store Task for Deployments Using PostgreSQL or H2 PRO (3.58.0) We have re-enabled the Admin - Change repository blob store task for Sonatype Nexus Repository deployments using PostgreSQL or H2 databases. We are also providing performance testing information to help you plan before using this task, which often takes substantial time to complete. Bug Fixes This release includes multiple bug fixes. Note Notable Compatibility Change: Sonatype Nexus Repository 3.58.0+ is only compatible with IQ Server versions 138+. |
Critical Fix for 3.57.0 and 3.58.0 Deployments Using Sonatype Repository Firewall
This release fixes a critical bug impacting Sonatype Nexus Repository 3.57.0 and 3.58.0 deployments that use Sonatype Repository Firewall.
This bug could allow for users to unintentionally download quarantined components. We have retracted versions 3.57.0 and 3.58.0; please use 3.57.1 or 3.58.1 instead.
Restored Admin - Change repository blob store Task for Deployments Using PostgreSQL or H2PRO
The Admin - Change repository blob store task is a popular Pro feature that allows you to change the blob store source for a hosted repository. This can be helpful when moving from a local volume blob store to S3, from one S3 bucket to another, etc.
In 3.45.0, we disabled the Admin - Change repository blob store task after discovering multiple issues that could result in data loss. In this release, we have made changes to this task and are re-enabling it for deployments using H2 or PostgreSQL databases. We are also providing performance testing information to help you appropriately plan for the significant time it can take for this task to complete.
Due to known issues related to OrientDB, the Admin - Change repository blob store task remains deactivated for deployments using OrientDB while we continue to investigate these issues.
Task Performance
As noted above, we are also providing Admin - Change repository blob store performance testing data, which is now available in our help documentation. You will see from this data that the task usually takes significant time to complete; the amount of time depends on scenario (file to S3; S3 to S3; etc.) and the amount of data you are attempting to move. While our performance data is based on strictly controlled and limited scenarios, we hope you can use it to help plan for how you will use this task going forward.
Support for Firewall Customizable Quarantine Message
As detailed in the Sonatype IQ Server version 165 release notes, Sonatype Repository Firewall recently added a new property to the Configuration REST API to allow Application Security teams to set meaningful remediation messages that will be visible in the command line should developers request components quarantined by Sonatype Repository Firewall. This new Firewall feature requires Sonatype Nexus Repository 3.58.0+ and IQ Server 165+. See the Firewall Custom Quarantine Message help documentation for full details.
Bug Fixes | Description |
|---|---|
NEXUS-36777 | npm group repositories now return the latest version of npm packages without needing to invalidate the group repository cache. |
NEXUS-39766 | Docker Subdomain connectors work with nGrok again as expected. |
NEXUS-39415 | Added logging for and made Rubygems - Generate SHA256 Checksums and Repair - Update attributes for RubyGems tasks configurable via the user interface. |