Skip to main content

Sonatype Nexus Repository 3.70.0 - 3.70.1 Release Notes

3.70.1 Released July 10, 2024

3.70.0 Released July 9, 2024

Highlights in This Release

UI issues with custom context path in Nexus Repository 3.70.0

Sonatype Nexus Repository 3.70.1 fixes an issue that broke UI functionality in instances using a custom context path. This issue only impacted the UI and did not impact other functionality (e.g., requests for components).

For customers using a custom context path, we recommend upgrading to the point release.

Upgraded H2 Database to Version 2.2.244

This release upgrades the H2 database from version 1.4.200 to version 2.2.244.

Tip

Required Action Before Upgrading

If you are using an H2 database, you must use the Admin - Export SQL database to script task (released in 3.69.0) to create a SQL script export of your H2 database before upgrading to Nexus Repository 3.70.0. This means you must upgrade to 3.69.0 before upgrading to 3.70.0.

New REST APIs and API Endpoints

This release introduces a new REST API to create and manage Cleanup Policies as well as new endpoints for our Tasks and IQ: Audit and Quarantine APIs.

OrientDB, Java 8, and Java 11 Entering Extended Maintenance

Release 3.70.0 is the final release that will include OrientDB alongside H2 and PostgreSQL. Starting in August 2024, OrientDB, Java 8, and Java 11 will all enter extended maintenance as defined in our Sunsetting documentation. Release 3.71.0+ will require either an H2 or PostgreSQL database and Java 17.

Note

Note that both H2 and PostgreSQL are currently only available to Pro customers. We expect to announce a new database option for OSS customers and will provide detailed migration paths in our August 2024 release.

What’s New in 3.70.1?

Sonatype Nexus Repository 3.70.1 fixes an issue that broke UI functionality in instances using a custom context path. This issue only impacted the UI and did not impact other functionality (e.g., requests for components). Sonatype Nexus Repository deployments should upgrade to 3.70.1 when possible.

  • downgraded axios to 0.27.2 to address the issue

What’s New in 3.70.0?

Here's what's new in Nexus Repository 3.70.0.

H2 Database Upgraded to Version 2.2.244

Tip

Required Action Before Upgrading

If you are using an H2 database, you must use the Admin - Export SQL database to script task (released in 3.69.0) to create a SQL script export of your H2 database before upgrading to Nexus Repository 3.70.0. This means you must upgrade to 3.69.0 before upgrading to 3.70.0.

In release 3.70.0, we have upgraded Sonatype Nexus Repository’s embedded H2 database to use version 2.2.244. As there are considerable changes between version 1.4.200 and 2.2.244, those using an H2 database will need to take some additional steps to upgrade to Nexus Repository 3.70.0.

In release 3.69.0, we added an Admin - Export SQL database to script task you can use to create a SQL script export of your H2 database. If you are using an H2 database, you will need to run this task and follow our H2 upgrade instructions in order to upgrade to release 3.70.0. This means that you must upgrade to version 3.69.0 before upgrading to 3.70.0.

You can learn more about the differences between the H2 1.x and 2.x version lines in the H2 documentation.

If you are unsure what database your deployment is using, follow the help documentation for determining your current database.

Create and Manage Cleanup Policies via New REST API (Pro Only)

Administrators can now create and manage cleanup policies using the REST API, making it easier to enhance automation in your DevOps workflows and take advantage of a powerful Nexus Repository feature without having to access the user interface.

The new API allows you to retrieve, create, update, and delete cleanup policies. Learn more in our Cleanup Policies API documentation.

This feature was made possible through your feedback in the Sonatype Ideas portal.

Create and Manage Tasks via API (Pro Only)

Administrators who prefer to work via API instead of the user interface can now create, update, and delete tasks through new endpoints in the Tasks REST API. Learn more in our updated Tasks API documentation.

This feature was made possible through your feedback in the Sonatype Ideas portal.

Retrieve and Set IQ Audit and Quarantine Statuses via API (Pro Only)

Sonatype Nexus Repository deployments that are also using Repository Firewall can now leverage Nexus Repository’s IQ REST API to retrieve and set audit and quarantine statuses for repositories. This allows administrators to configure further automation of CI/CD pipelines. Learn more in our updated IQ API documentation.

This feature was made possible through your feedback in the Sonatype Ideas portal.

New Database Migrator Flow

We have changed our Database Migrator flow to improve performance and reliability. Check out our help documentation for the new steps for migrating your database. If you need to use an older version of the Database Migrator, you can still read our legacy database migrator documentation.

OrientDB, Java 8, and Java 11 Enter Extended Maintenance

Release 3.70.0 marks a turning point for Sonatype Nexus Repository as it is the final release that will include OrientDB alongside H2 and PostgreSQL. Starting in August 2024, OrientDB, Java 8, and Java 11 will all enter extended maintenance as defined in our Sunsetting documentation. Release 3.71.0+ will require either an H2 or PostgreSQL database and Java 17.

Note

Note that both H2 and PostgreSQL are currently only available to Pro customers. We expect to announce a new database option for OSS customers and will provide detailed migration paths in our August 2024 release.

Sonatype is invested in continually improving our solutions to take advantage of newer, more advanced technologies. As such, we are strategically moving away from legacy technologies like OrientDB, Java 8, and Java 11 and investing in supporting newer database options and Java versions. Moreover, Sonatype has observed data integrity problems in some deployments using OrientDB.

As migrating to H2 or PostgreSQL can take some time and planning, Sonatype will continue to provide security patches and critical bug fixes to release 3.70.0 while it is in extended maintenance. We encourage Sonatype Nexus Repository Pro customers using an OrientDB database to follow our documentation for migrating to H2 or PostgreSQL. We expect to announce the availability of a different database for OSS customers in August’s 3.71.0 release.

Dependency Updates in 3.70.0

  • commons-io upgraded to 2.15.0

  • org.apache.commons: commons-compress upgraded to 1.26.1

  • com.h2database : h2 upgraded to 2.2.224

  • axios upgraded to 1.6.4 (Note: this update was reverted in Nexus Repository 3.70.1)

Bug Fixes

Bug fixes in Nexus Repository 3.70.0.

Issue ID

Description

NEXUS-43523

(Release 3.70.1) Fixed an issue that broke UI functionality in instances using a custom context path. This issue only impacted the UI and did not impact other functionality (e.g., requests for components).

NEXUS-43307

Updated documentation to accurately state that access to SAML UI and API requires nx-all privileges.

NEXUS-43004

Errors will no longer be seen in HA mode.

NEXUS-42854

The npm view command works as expected for scoped packages.

NEXUS-42336

Database records that cause exceptions during database migration are appropriately logged.

NEXUS-39818

Running npm audit should no longer result in unexpected exceptions.

NEXUS-39799

In Yum repositories, all pathnames in the filelist.xml.gz file are properly escaped.

NEXUS-39462

If an asset’s format is incorrect, the Database Migrator will continue with migration and skip corrupted records.

NEXUS-22888

Added componentId validation when trying to view an asset that does not have a component. If the componentId is an empty string, string of blank spaces, null, or undefined, then the LifeCycle Component panel is not displayed.