Skip to main content

Sonatype Nexus Repository 3.70.0 - 3.70.3 Release Notes

Important

The Nexus Repository 3.70.x line is the last release line to support OrientDB. If you must remain on OrientDB, you will need to remain on our 3.70.x release line until you can migrate to H2 or PostgreSQL.

This marks OrientDB's transition to Extended Maintenance as defined in our sunsetting documentation.

There is no official sunset date for OrientDB at this time.

What's New in 3.70.3?

Released October 10, 2024

Sonatype Nexus Repository 3.70.3 fixes two cleanup policy-related bugs. We switched the order of staging delete and move operations to avoid a concurrency issue when running staging move and cleanup tasks at the same time. We also resolved an issue that was preventing the option to retain a select number of previous versions when running cleanup from working as expected.

  • Upgraded protobuf-java from 1.36.0 to 3.25.5

  • Upgraded pax-url-aether from 2.6.7 to 2.6.12

What's New in 3.70.2?

Released September 3, 2024

Sonatype Nexus Repository 3.70.2 fixes a Database Migrator issue that caused some customers to see duplicate key errors after migrating from OrientDB to H2. Both Pro and OSS users seeking to migrate from OrientDB to H2 should now upgrade to 3.70.2 and then use the 3.70.2 Database Migrator to move to H2.

  • Upgraded axios back to 1.6.4

What’s New in 3.70.1?

Released July 10, 2024

Sonatype Nexus Repository 3.70.1 fixes an issue that broke UI functionality in instances using a custom context path. This issue only impacted the UI and did not impact other functionality (e.g., requests for components). Sonatype Nexus Repository deployments should upgrade to 3.70.1 when possible.

  • downgraded axios to 0.27.2 to address the issue

What’s New in 3.70.0?

Released July 9, 2024

Here's what's new in Nexus Repository 3.70.0.

H2 Database Upgraded to Version 2.2.244

Tip

Required Action Before Upgrading

If you are using an H2 database, you must use the Admin - Export SQL database to script task (released in 3.69.0) to create a SQL script export of your H2 database before upgrading to Nexus Repository 3.70.0. This means you must upgrade to 3.69.0 before upgrading to 3.70.0.

In release 3.70.0, we have upgraded Sonatype Nexus Repository’s embedded H2 database to use version 2.2.244. As there are considerable changes between version 1.4.200 and 2.2.244, those using an H2 database will need to take some additional steps to upgrade to Nexus Repository 3.70.0.

In release 3.69.0, we added an Admin - Export SQL database to script task you can use to create a SQL script export of your H2 database. If you are using an H2 database, you will need to run this task and follow our H2 upgrade instructions in order to upgrade to release 3.70.0. This means that you must upgrade to version 3.69.0 before upgrading to 3.70.0.

You can learn more about the differences between the H2 1.x and 2.x version lines in the H2 documentation.

If you are unsure what database your deployment is using, follow the help documentation for determining your current database.

Create and Manage Cleanup Policies via New REST API (Pro Only)

Administrators can now create and manage cleanup policies using the REST API, making it easier to enhance automation in your DevOps workflows and take advantage of a powerful Nexus Repository feature without having to access the user interface.

The new API allows you to retrieve, create, update, and delete cleanup policies. Learn more in our Cleanup Policies API documentation.

This feature was made possible through your feedback in the Sonatype Ideas portal.

Create and Manage Tasks via API (Pro Only)

Administrators who prefer to work via API instead of the user interface can now create, update, and delete tasks through new endpoints in the Tasks REST API. Learn more in our updated Tasks API documentation.

This feature was made possible through your feedback in the Sonatype Ideas portal.

Retrieve and Set IQ Audit and Quarantine Statuses via API (Pro Only)

Sonatype Nexus Repository deployments that are also using Repository Firewall can now leverage Nexus Repository’s IQ REST API to retrieve and set audit and quarantine statuses for repositories. This allows administrators to configure further automation of CI/CD pipelines. Learn more in our updated IQ API documentation.

This feature was made possible through your feedback in the Sonatype Ideas portal.

New Database Migrator Flow

We have changed our Database Migrator flow to improve performance and reliability. Check out our help documentation for the new steps for migrating your database. If you need to use an older version of the Database Migrator, you can still read our legacy database migrator documentation.

OrientDB, Java 8, and Java 11 Enter Extended Maintenance

Release 3.70.0 marks a turning point for Sonatype Nexus Repository as it is the final release that will include OrientDB alongside H2 and PostgreSQL. Starting in August 2024, OrientDB, Java 8, and Java 11 will all enter extended maintenance as defined in our Sunsetting documentation. Release 3.71.0+ will require either an H2 or PostgreSQL database and Java 17.

Note

Note that both H2 and PostgreSQL are currently only available to Pro customers. We expect to announce a new database option for OSS customers and will provide detailed migration paths in our August 2024 release.

Sonatype is invested in continually improving our solutions to take advantage of newer, more advanced technologies. As such, we are strategically moving away from legacy technologies like OrientDB, Java 8, and Java 11 and investing in supporting newer database options and Java versions. Moreover, Sonatype has observed data integrity problems in some deployments using OrientDB.

As migrating to H2 or PostgreSQL can take some time and planning, Sonatype will continue to provide security patches and critical bug fixes to release 3.70.0 while it is in extended maintenance. We encourage Sonatype Nexus Repository Pro customers using an OrientDB database to follow our documentation for migrating to H2 or PostgreSQL.

Dependency Updates in 3.70.0

  • commons-io upgraded to 2.15.0

  • org.apache.commons: commons-compress upgraded to 1.26.1

  • com.h2database : h2 upgraded to 2.2.224

  • axios upgraded to 1.6.4 (Note: this update was reverted in Nexus Repository 3.70.1)

Bug Fixes

Bug fixes in Nexus Repository 3.70.x.

Issue ID

Description

NEXUS-44370

(Release 3.70.3) Switched order of staging delete and move operations to avoid a concurrency issue when running staging move and cleanup unused asset tasks at the same time.

NEXUS-43516

Database Migrator version 3.70.1 - Resolved an issue that was causing some OrientDB to Postres migrations to fail with an error when a Maven2 repository contained npm assets.

NEXUS-44337

(Release 3.70.3) Resolved an issue that was preventing the option to retain a select number of previous versions when running cleanup from working as expected.

NEXUS-43935

(Release 3.70.2) Resolved a Database Migrator issue that was causing some users to see duplicate key errors after migrating from OrientDB to H2.

NEXUS-43523

(Release 3.70.1) Fixed an issue that broke UI functionality in instances using a custom context path. This issue only impacted the UI and did not impact other functionality (e.g., requests for components).

NEXUS-43307

Updated documentation to accurately state that access to SAML UI and API requires nx-all privileges.

NEXUS-43004

Errors will no longer be seen in HA mode.

NEXUS-42854

The npm view command works as expected for scoped packages.

NEXUS-42336

Database records that cause exceptions during database migration are appropriately logged.

NEXUS-39818

Running npm audit should no longer result in unexpected exceptions.

NEXUS-39799

In Yum repositories, all pathnames in the filelist.xml.gz file are properly escaped.

NEXUS-39462

If an asset’s format is incorrect, the Database Migrator will continue with migration and skip corrupted records.

NEXUS-22888

Added componentId validation when trying to view an asset that does not have a component. If the componentId is an empty string, string of blank spaces, null, or undefined, then the LifeCycle Component panel is not displayed.