Sonatype Nexus Repository 3.69.0 Release Notes

Released June 4, 2024

Highlights in This Release
Java 17 Support for Deployments Using H2 or PostgreSQL Databases Sonatype Nexus Repository Pro operators can now choose to run their H2 or PostgreSQL-based Nexus Repository Pro deployments on Java 8, Java 11, or Java 17. Note that OrientDB cannot support Java 17. Configure User Token Expiration Sonatype Nexus Repository Pro deployments using user tokens for user authentication can now improve security by configuring user tokens to expire after a defined period of time.

Highlights in This Release

Java 17 Support for Deployments Using H2 or PostgreSQL Databases

Sonatype Nexus Repository Pro operators can now choose to run their H2 or PostgreSQL-based Nexus Repository Pro deployments on Java 8, Java 11, or Java 17. Note that OrientDB cannot support Java 17.

Configure User Token Expiration

Sonatype Nexus Repository Pro deployments using user tokens for user authentication can now improve security by configuring user tokens to expire after a defined period of time.

What’s New in Sonatype Nexus Repository 3.69.0?

Check out what’s new in Sonatype Nexus Repository 3.69.0.

Java 17 Support for Deployments Using H2 or PostgreSQL Databases (Pro Only)

Sonatype Nexus Repository Pro operators with H2- or PostgreSQL-based deployments can now choose to use Java 8, Java 11, or Java 17. This new choice helps organizations that are seeking to move to more modern Java versions.

Note that OrientDB cannot support Java 17. Should you attempt to use Java 17 in a Sonatype Nexus Repository deployment that uses an OrientDB database, Nexus Repository will not start.

We have provided multiple Nexus Repository 3.69.0 binaries split by required Java version. When using the Docker image, the following pulls will provide a Docker image with a Java 8, 11, or 17 runtime:

Java 8
- sonatype/nexus3:latest
- sonatype/nexus3:3.69.0
- sonatype/nexus3:3.69.0-java8
Java 11
- sonatype/nexus3:3.69.0-java11
Java 17
- sonatype/nexus3:3.69.0-java17

Need help changing your Java version? See our help documentation on upgrading your Nexus Repository Java version.

This improvement was made possible through your feedback in the Sonatype Ideas portal.

Configure User Token Expiration (Pro Only)

Sonatype Nexus Repository Pro deployments using user tokens for user authentication can now improve security by configuring user tokens to expire after a defined period of time. See our help documentation on configuring user tokens for details on how to take advantage of this new feature.

Sonatype Nexus Repository users are also able see the remaining time until their tokens expire in the User Token section of their accounts. See our help documentation about accessing and generating your user token for full details.

This improvement was made possible through your feedback in the Sonatype Ideas portal.

SAML Integration Improvements

This release introduces multiple SAML integration improvements:

You can now optionally specify a user realm source when deleting a user via the Users API. This makes it easier to identify a unique user even in cases where multiple LDAP servers are involved (e.g., by specifying LDAP realm and LDAP server ID in the delete request).

Administrators can also now delete cached authenticated SAML user records via user administration section in the Sonatype Nexus Repository user interface.

Lastly, if a user’s IdP field mappings change, Nexus Repository now automatically updates the user’s profile to show the new values.

Dependency Updates

Release 3.69.0 includes the following dependency updates:

org.bouncycastle : bcprov-jdk15to18 upgraded from 1.75 to 1.78.1

Bug Fixes

Issue ID	Description
NEXUS-42786	Exporting npm assets with application/x-gzip content type now works as expected.
NEXUS-42560	The YumAbsouteUrlRemover no longer recalculates or updates checksums for XML files containing the xml:base attribute; this change greatly improves performance.
NEXUS-42434	Adjusted all places in AuditDTO where ObjectMapper was instantiated to use the injected global mapper. Users should no longer see errors in the logs when uploading assets.
NEXUS-42411	Database Migrator: Reduced log noise by adjusting the ProcessChunkListener to log migration progress in time intervals (e.g., showing how many records were migrated each 10 seconds).
NEXUS-42409	Firewall works with Conda format as expected.
NEXUS-42276	The System Information page appears as expected with no NullPointerException.
NEXUS-41974	Running the Cleanup unused asset blobs task and Staging move in parallel now works as expected.
NEXUS-41862	Nexus Repository logs for deployments using PyPI Policy-Compliant Component Selection now only include filtered versions.
NEXUS-41692	User tokens for Crowd-backed users now use auth caching as expected.
NEXUS-41385	Downloading files through a proxy PyPI repository no longer leaves files in the blob store’s temporary directory.
NEXUS-41374	Nexus Repository no longer logs an ERROR message when a remote PyPI repository does not have a requested package.
NEXUS-41250	The nx-tasks-run privilege details in the Nexus Repository user interface no longer display an error under the Actions section.
NEXUS-41218	Added a property to nexus.properties that users may configure in order to reduce overly verbose audit logging for NuGet v2 on deployments using PostgreSQL. To turn off attributes logging, add the following to nexus.properties: `nexus.audit.attribute.changes.enabled=true`.
NEXUS-41403	Reduced excessive Database Migrator logging.
NEXUS-39085	To ensure consistency across the REST API, we updated all asset ID formats to use only the long ID.
NEXUS-37307	The Crowd realm user cache is now used for npm client bearer token-authenticated requests.
NEXUS-36248	As mentioned in the improvements above, we have extended the users API to allow you to include a realm parameter when deleting a user.
NEXUS-31205	Adjusted support zip algorithms to not truncate any support zip files other than log files.
NEXUS-26828	When a remote Docker repository indicates that something is “not found,” the proxy repository no longer logs a WARN message.
NEXUS-23052	As mentioned in the improvements above, Administrators can now delete cached authenticated SAML user records via user administration section in the Sonatype Nexus Repository user interface.
NEXUS-17740	Created a Repair - Recalculate blob store storage task that can be run if blob store blob count and total size display incorrect information. This is a slow-running task and should be used with careful consideration of available system resources. See our published performance testing for details.