Sonatype Nexus Repository 3.71.0 Release Notes
Released August 8, 2024
Highlights in This Release |
---|
Note Release 3.71.0 includes multiple breaking changes; 3.71.0 and beyond do not support OrientDB, Java 8, or Java 11. Carefully read both these release notes as well as our help documentation on upgrading to 3.71.0 and beyond before upgrading to this release. H2 Now Available for OSS & is the Default for New Installs OrientDB, Java 8, and Java 11 are all now in Extended Maintenance, and H2 is now the default database for new Nexus Repository installations. This means that H2 is also now available for OSS. Read more below Upgrade High Availability Deployments with Zero Downtime (Rolling Upgrade Support) starting with 3.72.0 High Availability (HA) deployments will be able to upgrade to 3.72.0 with zero downtime; this is an optional feature that you must deliberately enable in version 3.71.0 in order to use it when going to 3.72.0 later. Read more below |
What’s New and Noteworthy in This Release?
Release 3.71.0 includes multiple breaking changes. Carefully read both these release notes as well as our help documentation on upgrading to 3.71.0 and beyond before upgrading to this release.
H2 Available for OSS and is the Default for New Installs
Sonatype introduced H2 as a Pro-only embedded database option in release 3.31.0; as of 3.71.0, H2 is now the default database for all new installations, including OSS installations. This means that OSS users will now be able to take advantage of newer technologies like Java 17; however, note that migrating to H2 does not give you access to paid Pro features.
As explained in our last release, Java 8/11 and OrientDB are all now in Extended Maintenance as defined in our Sonatype Sunsetting Information; you will need to migrate to an H2 or external PostgreSQL database as well as upgrade to Java 17 in order to upgrade to version 3.71.0 or later. (Note that using a PostgreSQL database requires a paid Pro license.)
As this release introduces multiple breaking changes, we are providing detailed upgrade instructions specifically for upgrading to versions 3.71.0 and beyond. Carefully read through these instructions and requirements before upgrading Nexus Repository.
If you are unable to migrate off of OrientDB, you will need to stay on our 3.70.x release line; we will continue to release critical bug fixes to this line. OrientDB downloads will remain available on our 3.70.x downloads page.
Rolling Upgrade Support for High Availability (HA) Deployments (Pro Only)
Those deploying Nexus Repository in an HA environment will have the option of upgrading without downtime (i.e., rolling upgrades) when moving from 3.71.0 to 3.72.0; we're announcing this feature now as you will need to deliberately enable it in 3.71.0 in order to use it when upgrading to 3.72.0. Rolling upgrades allow Nexus Repository to remain up and active, making it easier to schedule and manage upgrades for critical, enterprise-scale deployments.
Those wishing to take advantage of this feature will need to enable zero-downtime upgrades and carefully consider its requirements. Full details are available in our rolling upgrades help documentation.
This feature was made possible through your feedback in the Sonatype Ideas portal.
OCI Specification Support for Docker
Nexus Repository is now compliant with OCI Distribution Spec 1.0/1.0.1 for both H2 and PostgreSQL databases. Support for the OCI specification helps organizations standardize how they distribute images via registries and runtime tools. Learn more in our Docker help documentation.
Manage HTTP Configuration via New REST API (Pro Only)
Nexus Repository Pro administrators wishing to manage HTTP configuration outside of the user interface can now leverage our new HTTP Configuration API. The API allows you to retrieve, update, and delete (reset to default) HTTP settings. See our HTTP Configuration API documentation for details.
This feature was made possible through your feedback in the Sonatype Ideas portal.
Additional Audit Logging
To improve visibility into user token events, the audit log now contains entries for the following euser token events:
Creating a user token
Resetting a user token
Globally resetting all user tokens
The number of API keys removed after running the Admin - Delete orphaned API keys task
When user token configuration changes regarding repository access and authentication
This release also adds audit logging for system freeze (read-only) events and if a task is blocked.
Bug Fixes
Issue ID | Description |
---|---|
NEXUS-43640 | Removed the deprecated WATCH_NAMESPACE environment variable from the HA OpenShift Operator. The Operator now deploys correctly when installed in a specific namespace. |
NEXUS-43337 | Content selectors to browse a specific directory listing now work as expected; content selectors defined as |
NEXUS-43268 | Caching works as expected for pypi.org simple index pages. |
NEXUS-43080 | The search_components table is now excluded from tableNames when the clustering (HA) flag is disabled in PostgreSQL environments. DBAs should no longer unexpectedly see |
NEXUS-43037 | Directly deleting a tag from OrientDB removes it from the |
NEXUS-42974 | Improved HA proxy cooperation to reduce failed requests. |
NEXUS-42529 | Nexus Repository correctly serves Yum packages containing a colon in the URL path without error. |
NEXUS-41935 | The removed hyphens from the default values.yaml in the nxrm-ha helm chart to accommodate an undocumented AWS Secret Store CSI Provider Driver limitation. |
NEXUS-41552 | Nexus Repository appropriately logs exceptions that the Docker - Delete unused manifests and images task might trigger. |
NEXUS-40192 | When Nexus Repository receives more than one request to create a new tag with the same name, one request will now succeed while the other returns an error response alerting the user that the tag already exists. |
NEXUS-39181 | Added audit logging for User Token events. See feature description in improvements listed above. |
NEXUS-37993 | Converting an Azure blob store to a group blob store works as expected without errors. |
NEXUS-34715 | Publishing components using the Maven REST API while also adding staging tags and then issuing a staging move to another repository works as expected without error. |
NEXUS-31283 | Attempts to upload components to a non-root Helm repository now result in a graceful error message. Components can only be uploaded to a root Helm repository. |