Skip to main content

Sonatype Nexus Repository 3.58.0 - 3.58.1 Release Notes

Highlights in This Release

Note

Critical Fix for 3.57.0 and 3.58.0 Deployments Using Sonatype Repository Firewall (3.58.1)

This release fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall.

Restored Admin - Change repository blob store Task for Deployments Using PostgreSQL or H2 PRO (3.58.0)

We have re-enabled the Admin - Change repository blob store task for Sonatype Nexus Repository deployments using PostgreSQL or H2 databases. We are also providing performance testing information to help you plan before using this task, which often takes substantial time to complete.

Bug Fixes

This release includes multiple bug fixes.

Note

Notable Compatibility Change: Sonatype Nexus Repository 3.58.0+ is only compatible with IQ Server versions 138+.

What's New in 3.58.1?

Released July 21, 2023

Critical Fix for 3.57.0 and 3.58.0 Deployments Using Sonatype Repository Firewall

This release fixes a critical bug impacting Sonatype Nexus Repository 3.57.0 and 3.58.0 deployments that use Sonatype Repository Firewall.

This bug could allow for users to unintentionally download quarantined components. We have retracted versions 3.57.0 and 3.58.0; please use 3.57.1 or 3.58.1 instead.

What's New in 3.58.0?

Released July 17, 2023

Restored Admin - Change repository blob store Task for Deployments Using PostgreSQL or H2PRO

The Admin - Change repository blob store task is a popular Pro feature that allows you to change the blob store source for a hosted repository. This can be helpful when moving from a local volume blob store to S3, from one S3 bucket to another, etc.

In 3.45.0, we disabled the Admin - Change repository blob store task after discovering multiple issues that could result in data loss. In this release, we have made changes to this task and are re-enabling it for deployments using H2 or PostgreSQL databases. We are also providing performance testing information to help you appropriately plan for the significant time it can take for this task to complete.

Note

Due to known issues related to OrientDB, the Admin - Change repository blob store task remains deactivated for deployments using OrientDB while we continue to investigate these issues.

Task Performance

As noted above, we are also providing Admin - Change repository blob store performance testing data, which is now available in our help documentation. You will see from this data that the task usually takes significant time to complete; the amount of time depends on scenario (file to S3; S3 to S3; etc.) and the amount of data you are attempting to move. While our performance data is based on strictly controlled and limited scenarios, we hope you can use it to help plan for how you will use this task going forward.

Support for Firewall Customizable Quarantine Message

As detailed in the Sonatype IQ Server version 165 release notes, Sonatype Repository Firewall recently added a new property to the Configuration REST API to allow Application Security teams to set meaningful remediation messages that will be visible in the command line should developers request components quarantined by Sonatype Repository Firewall. This new Firewall feature requires Sonatype Nexus Repository 3.58.0+ and IQ Server 165+. See the Firewall Custom Quarantine Message help documentation for full details.Custom Quarantine Messages

Bug Fixes

Ticket Number

Description

NEXUS-36777

npm group repositories now return the latest version of npm packages without needing to invalidate the group repository cache.

NEXUS-39766

Docker Subdomain connectors work with nGrok again as expected.

NEXUS-39415

Added logging for and made Rubygems - Generate SHA256 Checksums and Repair - Update attributes for RubyGems tasks configurable via the user interface.