Skip to main content

Sonatype Nexus Repository 3.61.0 Release Notes

Released October 4, 2023

Highlights in This Release

New OpenShift Operator for PostgreSQL and High Availability Deployments

We have built and published a new OpenShift Operator for Sonatype Nexus Repository Pro deployments using PostgreSQL, including High Availability (HA) deployments.

Change Repository Blob Store Task Supports Proxy Repositories

You can now use the Admin - Change repository blob storetask to change the blob store source of proxy repositories; the task previously worked for hosted repositories only.

Sonatype Nexus Repository Usage Statistics

We've updated our Outreach capability to provide you valuable insights into your Sonatype Nexus Repository usage.

Note: 3.61.0-01 binaries were briefly made available for download on October 3; however, we then discovered a bug that we have now fixed in the 3.61.0-02 binaries. Please ensure you use the 3.61.0-02 binaries when upgrading.

What's New and Noteworthy in This Release?

New OpenShift Operator for PostreSQL and High Availability Deployments PRO

Sonatype Nexus Repository Pro customers now have an installation option; we have built and published a new OpenShift Operator for Sonatype Nexus Repository deployments using PostgreSQL, including High Availability (HA) support.

As explained in our Sonatype Nexus Repository 3 Feature Status page in the Sonatype Sunsetting Information section, Sonatype will be officially sunsetting the old OrientDB OpenShift operator on December 15, 2023. The old operator presents data corruption risks when running the embedded OrientDB database inside container orchestration (Kubernetes, OpenShift).

However, an updated operator for Sonatype Nexus Repository Pro using an external PostgreSQL database is now available. This new operator is more scalable, resilient, and compatible with our High Availability Deployment Options.

The operator is available through the RedHat catalog; look for the operator called "Nexus Repository HA Certified Operator."

Full installation details are available in our Installing Sonatype Nexus Repository Using the OpenShift Operator help documentation.

Change Repository Blobstore Task Supports Proxy Repositories PRO

In response to speaking with our customers about how they would like to use the Admin - Change repository blob storetask, we have added support for using this task on proxy repositories. This task, which allows you to change the blob store source of a selected repository, previously worked for hosted repositories only.

However, in speaking with our customers, we found that some of you would like to use the task as a stepping stone towards implementing one of our High Availability Deployment Options. By adding support for proxy repositories, customers on single-node deployments with file-backed blob stores can now use this task to help move content to S3 blob stores before enabling HA. We hope this will enable more of you to take advantage of our most resilient deployment options.

Policy-Compliant Component Selection for PyPI PRO

Note

Policy-compliant component selection for PyPI requires IQ Server version 167+.

Policy-compliant component selection is a Pro feature available to those who integrate Sonatype Nexus Repository with Sonatype Repository Firewall.

For formats where one might typically request a "latest" version, it's important to ensure that the version returned does not have policy violations causing Sonatype Repository Firewall to quarantine the component. Attempting to return such a package will cause a build failure requiring time and resources to fix.

Those integrating Sonatype Repository Firewall and Sonatype Nexus Repository can use our policy-compliant component selection feature to remove quarantined versions from package metadata to prevent selecting a version with policy violations.

This feature was previously only available for npm format (See Remove Quarantined Versions: Policy-Compliant Component Selection for npm); however, it is now available for PyPI as well. You can learn more in our PyPI format help documentation.

Azure Blob Store Performance Improvements PRO

We reworked our implementation to avoid copy operations while uploading components so as to improve Azure blob store performance.

Sonatype Nexus Repository Usage Metrics

Note

This feature is not currently available for High Availability deployments.

Ever wonder how much you really use Sonatype Nexus Repository? We've added usage metrics to give you insight into the actual scale of your Sonatype Nexus Repository deployment.

Welcome page showing usage metrics, including total components, unique logins, Peak requests per minute, and peak requests per day

If you have our outreach capability enabled and have nexus:metrics:read privileges, you will now see a breakdown of some useful usage information on your Welcome screen:

  • Total number of components in this Sonatype Nexus Repository instance across all repository formats.

  • Unique successful logins to this Sonatype Nexus Repository instance in the last 30 days. (Note: this metric currently only displays on non-Pro installations.)

  • Maximum number of requests per minute to repository endpoints for all repositories in this Sonatype Nexus Repository instance over the past 24 hours.

  • Maximum number of requests per day to repository endpoints for all repositories in this Sonatype Nexus Repository instance over the past 30 days.

You can use this information to help scale and mature your Sonatype Nexus Repository deployment.

Read more in our usage metrics help documentation.

Improved Security When Specifying Credentials as JVM Arguments

In this release, we improved Sonatype Nexus Repository security by ensuring that sensitive credentials are always masked in any location where they may appear. Previously, credentials passed in through JVM arguments were visible in some locations. While we do not know of any exploits, we encourage you to upgrade to this release to ensure no sensitive information is visible.

Bug Fixes

Issue ID

Description

NEXUS-40135

Fixed an issue that was causing upgrade errors to 3.59.0 or 3.60.0 when user tokens existed in earlier Sonatype Nexus Repository versions with the exact same user ID but different principals (security realms). (This was noted as a known issue in 3.59.0 and 3.60.0.)

NEXUS-40130

Resolved an issue that was causing Sonatype Nexus Repository to throw an unhandled error and inserting a record into the database when users attempted to configure an unsupported Azure blob store type.

NEXUS-39995

Resolved an issue that was preventing administrator users from generating support zips.

NEXUS-39973

Fixed an issue that was causing Docker proxy or group repositories to return a 404 error even though the remote returned the correct manifest.

NEXUS-39624

The task for migrating the blobRef assets field now handles blob_ref duplicates correctly.

NEXUS-38800

AssetBlobCleanupTask now works as expected; the number of threads eventually stays around the same number as expected.

NEXUS-38530

Blob store metrics now update as expected after HA migration.

NEXUS-38292

Improved repository import task memory efficiency so that imports will not fail with out-of-memory errors even with large import sets.

NEXUS-36697

Made changes to the Admin - Delete blob store temporary files task to prevent it accidentally deleting in-use tmp files.

NEXUS-23185

Made improvements for those using Sonatype Nexus Repository with Sonatype Repository Firewall to prevent overloading IQ Server with asset deletion requests.