Sonatype Nexus Repository 3.61.0 Release Notes
Released October 4, 2023
New OpenShift Operator for PostgreSQL and High Availability Deployments We have built and published a new OpenShift Operator for Sonatype Nexus Repository Pro deployments using PostgreSQL, including High Availability (HA) deployments. Change Repository Blob Store Task Supports Proxy Repositories You can now use the Admin - Change repository blob storetask to change the blob store source of proxy repositories; the task previously worked for hosted repositories only. Sonatype Nexus Repository Usage Statistics We've updated our Outreach capability to provide you with valuable insights into your Sonatype Nexus Repository usage. Note: 3.61.0-01 binaries were briefly made available for download on October 3; however, we then discovered a bug that we have now fixed in the 3.61.0-02 binaries. Please ensure you use the 3.61.0-02 binaries when upgrading. |
New OpenShift Operator for PostgreSQL and High Availability Deployments PRO
Sonatype Nexus Repository Pro customers now have an installation option; we have built and published a new OpenShift Operator for Sonatype Nexus Repository deployments using PostgreSQL, including High Availability (HA) support.
As explained in our Sonatype Nexus Repository 3 Feature Status page in the Sonatype Sunsetting Information section, Sonatype will be officially sunsetting the old OrientDB OpenShift operator on December 15, 2023. The old operator presents data corruption risks when running the embedded OrientDB database inside container orchestration (Kubernetes, OpenShift).
However, an updated operator for Sonatype Nexus Repository Pro using an external PostgreSQL database is now available. This new operator is more scalable, resilient, and compatible with our High Availability Deployment Options.
The operator is available through the RedHat catalog; look for the operator called Nexus Repository HA Certified Operator.
Full installation details are available in our Installing Sonatype Nexus Repository Using the OpenShift Operator help documentation.
Change Repository Blobstore Task Supports Proxy Repositories PRO
In response to speaking with our customers about how they would like to use the Admin - Change repository blob storetask, we have added support for using this task on proxy repositories. This task, which allows you to change the blob store source of a selected repository, previously worked for hosted repositories only.
However, in speaking with our customers, we found that some of you would like to use the task as a stepping stone towards implementing one of our High Availability Deployment Options. By adding support for proxy repositories, customers on single-node deployments with file-backed blob stores can now use this task to help move content to S3 blob stores before enabling HA. We hope this will enable more of you to take advantage of our most resilient deployment options.
Policy-Compliant Component Selection for PyPI PRO
Policy-compliant component selection for PyPI requires IQ Server version 167+.
Policy-compliant component selection is a Pro feature available to those who integrate Sonatype Nexus Repository with Sonatype Repository Firewall.
For formats where one might typically request a "latest" version, it's important to ensure that the version returned does not have policy violations causing the Sonatype Repository Firewall to quarantine the component. Attempting to return such a package will cause a build failure requiring time and resources to fix.
Those integrating the Sonatype Repository Firewall and Sonatype Nexus Repository can use our policy-compliant component selection feature to remove quarantined versions from package metadata to prevent selecting a version with policy violations.
This feature was previously only available for npm format; however, it is now available for PyPI as well.
Azure Blob Store Performance Improvements PRO
We reworked our implementation to avoid copy operations while uploading components so as to improve Azure blob store performance.
Sonatype Nexus Repository Usage Metrics
This feature is not currently available for high-availability deployments.
Ever wonder how much you use Sonatype Nexus Repository? We've added usage metrics to give you insight into the actual scale of your Sonatype Nexus Repository deployment.
If you have our outreach capability enabled and have nexus:metrics:read
privileges, you will now see a breakdown of some useful usage information on your Welcome screen:
The total number of components in this Sonatype Nexus Repository instance across all repository formats.
Unique successful logins to this Sonatype Nexus Repository instance in the last 30 days. (Note: this metric currently only displays on non-Pro installations.)
Maximum number of requests per minute to repository endpoints for all repositories in this Sonatype Nexus Repository instance over the past 24 hours.
Maximum number of requests per day to repository endpoints for all repositories in this Sonatype Nexus Repository instance over the past 30 days.
You can use this information to help scale and mature your Sonatype Nexus Repository deployment.
Read more in our usage metrics help documentation.
Improved Security When Specifying Credentials as JVM Arguments
In this release, we improved Sonatype Nexus Repository security by ensuring that sensitive credentials are always masked in any location where they may appear. Previously, credentials passed in through JVM arguments were visible in some locations. While we do not know of any exploits, we encourage you to upgrade to this release to ensure no sensitive information is visible.
Bug Fixes | Description |
---|---|
NEXUS-40135 | Fixed an issue that was causing upgrade errors to 3.59.0 or 3.60.0 when user tokens existed in earlier Sonatype Nexus Repository versions with the exact same user ID but different principals (security realms). (This was noted as a known issue in 3.59.0 and 3.60.0.) |
NEXUS-40130 | Resolved an issue that was causing Sonatype Nexus Repository to throw an unhandled error and inserting a record into the database when users attempted to configure an unsupported Azure blob store type. |
NEXUS-39995 | Resolved an issue that was preventing administrator users from generating support zips. |
NEXUS-39973 | Fixed an issue that was causing Docker proxy or group repositories to return a 404 error even though the remote returned the correct manifest. |
NEXUS-39624 | The task for migrating the |
NEXUS-38800 | AssetBlobCleanupTask now works as expected; the number of threads eventually stays around the same number as expected. |
NEXUS-38530 | Blob store metrics now update as expected after HA migration. |
NEXUS-38292 | Improved repository import task memory efficiency so that imports will not fail with out-of-memory errors even with large import sets. |
NEXUS-36697 | Made changes to the Admin - Delete blob store temporary files task to prevent it accidentally deleting in-use tmp files. |
NEXUS-23185 | Made improvements for those using Sonatype Nexus Repository with Sonatype Repository Firewall to prevent overloading IQ Server with asset deletion requests. |