Sonatype Nexus Repository 3.75.0 Release Notes

Released December 3, 2024

What’s New and Noteworthy in This Release?

Support for Proxy PHP/Composer Repositories (Pro Only)

Sonatype Nexus Repository Pro now offers native support for PHP/Composer proxy repositories. This native support lets you store and retrieve Composer components alongside all your other application dependencies. You can also programmatically interact with Composer repositories using our APIs, and Firewall customers can scan Composer components to identify security risks.

Note that if you were using the community plugin, there is not a direct migration path to this new native support.

See our Composer help documentation for full details.

This feature was made possible through your feedback in the Sonatype Ideas Portal.

Support for Cloud Key Management Service Integration with Google Blob Store

Those using Google Cloud Services (GCS) blob stores now have the option of using Google Cloud Key Management Service (KMS) to manage encryption keys for enhanced control and security.

When setting up a new GCS blob store, simply enable KMS-managed encryption and provide your KMS Key ID. Nexus Repository will then automatically encrypt your data using your specified key when uploading to the bucket. This provides an additional layer of security and ensures compliance with your organization's data protection policies.

For detailed instructions and permission management guidance, refer to our documentation on configuring Google Cloud Storage blob stores.

Extracting Key Cargo Attributes from cargo.toml

We've improved how Nexus Repository handles Cargo packages by extracting key attributes (e.g., name, license, authors, vendor, description, version, homepage) from cargo.toml files. You'll now see these details in the Browse user interface when browsing Cargo repositories.

Explicitly Control Cargo Authentication Requirements by Repository

Cargo clients rely on a specific signal in the config.json file to determine authentication requirements, which could previously lead to unexpected behavior when anonymous access was enabled in Nexus Repository but restricted by the individual Cargo repository.

This enhancement introduces a dedicated Restrict repository content to authenticated users checkbox when configuring Cargo proxy and group repositories. When checked, this new field to sets auth-required in /config.json responses and ignores anonymous access configuration. This ensures a smoother and more predictable experience when working with proxy and group Cargo repositories.

Bug Fixes

Issue ID	Description
NEXUS-44963	Resolved an issue in which running a conan search sometimes resulted in 404s in Nexus Repository 3.74.0.
NEXUS-44855	Disabled proxy cooperation by default to improve HA performance and prevent thread backups in distributed locks.
NEXUS-44780	The Number of Versions option now displays as expected in the user interface when creating a Docker cleanup policy.
NEXUS-44710	The repositories API now validates values being passed into `contentDisposition` and returns a 400 error message as expected when attempting to pass an invalid value.
NEXUS-44629	Resolved an issue that was sometimes preventing Nexus Repository from starting when regularly rotating AWS S3 blob store keys.
NEXUS-44549	Fixed the staging move API to honor redeployment settings, prevent duplicate tag associations, and disallow moves to the same repository. This also prevents accidental deletions of components with identical coordinates.
NEXUS-44358	Improved file deletion performance by adding a composite index and reusing an existing query.
NEXUS-44342	Added a case-insensitive check for blob store file existence to prevent NullPointerExceptions during blob store group member removal.
NEXUS-42032	Fixed a NullPointerException that occurred when proxying Docker fat manifests with a missing `mediaType` attribute, preventing 500 errors and ensuring proper handling of such manifests.
NEXUS-40177	Introduced parallel processing for Docker uploads to prevent serialization and performance bottlenecks caused by slow blob storage. This resolves thread backup issues and improves overall repository performance.