Sonatype Nexus Repository 3.71.0 Release Notes

Released August 8, 2024

Highlights in This Release
Note Release 3.71.0 includes multiple breaking changes; 3.71.0 and beyond do not support OrientDB, Java 8, or Java 11. Carefully read both these release notes as well as our help documentation on upgrading to 3.71.0 and beyond before upgrading to this release. H2 Now Available for OSS & is the Default for New Installs OrientDB, Java 8, and Java 11 are all now in Extended Maintenance, and H2 is now the default database for new Nexus Repository installations. This means that H2 is also now available for OSS. Read more below Upgrade High Availability Deployments with Zero Downtime (Rolling Upgrade Support) starting with 3.72.0 High Availability (HA) deployments will be able to upgrade to 3.72.0 with zero downtime; this is an optional feature that you must deliberately enable in version 3.71.0 in order to use it when going to 3.72.0 later. Read more below

Highlights in This Release

Note

Release 3.71.0 includes multiple breaking changes; 3.71.0 and beyond do not support OrientDB, Java 8, or Java 11. Carefully read both these release notes as well as our help documentation on upgrading to 3.71.0 and beyond before upgrading to this release.

H2 Now Available for OSS & is the Default for New Installs

OrientDB, Java 8, and Java 11 are all now in Extended Maintenance, and H2 is now the default database for new Nexus Repository installations. This means that H2 is also now available for OSS. Read more below

Upgrade High Availability Deployments with Zero Downtime (Rolling Upgrade Support) starting with 3.72.0

High Availability (HA) deployments will be able to upgrade to 3.72.0 with zero downtime; this is an optional feature that you must deliberately enable in version 3.71.0 in order to use it when going to 3.72.0 later. Read more below

What’s New and Noteworthy in This Release?

Release 3.71.0 includes multiple breaking changes. Carefully read both these release notes as well as our help documentation on upgrading to 3.71.0 and beyond before upgrading to this release.

H2 Available for OSS and is the Default for New Installs

Sonatype introduced H2 as a Pro-only embedded database option in release 3.31.0; as of 3.71.0, H2 is now the default database for all new installations, including OSS installations. This means that OSS users will now be able to take advantage of newer technologies like Java 17; however, note that migrating to H2 does not give you access to paid Pro features.

As explained in our last release, Java 8/11 and OrientDB are all now in Extended Maintenance as defined in our Sonatype Sunsetting Information; you will need to migrate to an H2 or external PostgreSQL database as well as upgrade to Java 17 in order to upgrade to version 3.71.0 or later. (Note that using a PostgreSQL database requires a paid Pro license.)

As this release introduces multiple breaking changes, we are providing detailed upgrade instructions specifically for upgrading to versions 3.71.0 and beyond. Carefully read through these instructions and requirements before upgrading Nexus Repository.

If you are unable to migrate off of OrientDB, you will need to stay on our 3.70.x release line; we will continue to release critical bug fixes to this line. OrientDB downloads will remain available on our 3.70.x downloads page.

Rolling Upgrade Support for High Availability (HA) Deployments (Pro Only)

Those deploying Nexus Repository in an HA environment will have the option of upgrading without downtime (i.e., rolling upgrades) when moving from 3.71.0 to 3.72.0; we're announcing this feature now as you will need to deliberately enable it in 3.71.0 in order to use it when upgrading to 3.72.0. Rolling upgrades allow Nexus Repository to remain up and active, making it easier to schedule and manage upgrades for critical, enterprise-scale deployments.

Those wishing to take advantage of this feature will need to enable zero-downtime upgrades and carefully consider its requirements. Full details are available in our rolling upgrades help documentation.

This feature was made possible through your feedback in the Sonatype Ideas portal.

OCI Specification Support for Docker

Nexus Repository is now compliant with OCI Distribution Spec 1.0/1.0.1 for both H2 and PostgreSQL databases. Support for the OCI specification helps organizations standardize how they distribute images via registries and runtime tools. Learn more in our Docker help documentation.

Manage HTTP Configuration via New REST API (Pro Only)

Nexus Repository Pro administrators wishing to manage HTTP configuration outside of the user interface can now leverage our new HTTP Configuration API. The API allows you to retrieve, update, and delete (reset to default) HTTP settings. See our HTTP Configuration API documentation for details.

This feature was made possible through your feedback in the Sonatype Ideas portal.

Additional Audit Logging

To improve visibility into user token events, the audit log now contains entries for the following euser token events:

Creating a user token
Resetting a user token
Globally resetting all user tokens
The number of API keys removed after running the Admin - Delete orphaned API keys task
When user token configuration changes regarding repository access and authentication

This release also adds audit logging for system freeze (read-only) events and if a task is blocked.

Bug Fixes

Issue ID	Description
NEXUS-43640	Removed the deprecated WATCH_NAMESPACE environment variable from the HA OpenShift Operator. The Operator now deploys correctly when installed in a specific namespace.
NEXUS-43516	Database Migrator version 3.70.1 - Resolved an issue that was causing some OrientDB to Postres migrations to fail with an error when a Maven2 repository contained npm assets.
NEXUS-43337	Content selectors to browse a specific directory listing now work as expected; content selectors defined as `path =~ ".*/"` work as expected.
NEXUS-43268	Caching works as expected for pypi.org simple index pages.
NEXUS-43080	The search_components table is now excluded from tableNames when the clustering (HA) flag is disabled in PostgreSQL environments. DBAs should no longer unexpectedly see `ERROR: relation "search_components" does not exist` messages.
NEXUS-43037	Directly deleting a tag from OrientDB removes it from the `tags` table as expected, unblocking database migration using the newer migrator method that was implemented in 3.69.0.
NEXUS-42974	Improved HA proxy cooperation to reduce failed requests.
NEXUS-42529	Nexus Repository correctly serves Yum packages containing a colon in the URL path without error.
NEXUS-42059	Policy Compliant Component Selection no longer results in a socket timeout when requesting a PyPi component with many versions.
NEXUS-41935	The removed hyphens from the default values.yaml in the nxrm-ha helm chart to accommodate an undocumented AWS Secret Store CSI Provider Driver limitation.
NEXUS-41552	Nexus Repository appropriately logs exceptions that the Docker - Delete unused manifests and images task might trigger.
NEXUS-40192	When Nexus Repository receives more than one request to create a new tag with the same name, one request will now succeed while the other returns an error response alerting the user that the tag already exists.
NEXUS-39181	Added audit logging for User Token events. See feature description in improvements listed above.
NEXUS-37993	Converting an Azure blob store to a group blob store works as expected without errors.
NEXUS-34715	Publishing components using the Maven REST API while also adding staging tags and then issuing a staging move to another repository works as expected without error.
NEXUS-31283	Attempts to upload components to a non-root Helm repository now result in a graceful error message. Components can only be uploaded to a root Helm repository.