Sonatype Nexus Repository 3.79.0 Release Notes
Released April 1, 2025
What’s New and Noteworthy in This Release?
Monthly Request Metrics Available in Usage Center
Sonatype Nexus Repository's Usage Center now offers enhanced visibility into monthly request patterns, empowering users to better understand their Nexus Repository usage.
![]() |
The Usage Center now includes a Requests Per Month panel that displays both the highest and average monthly request counts for the current calendar month. These statistics update once per day.
This feature provides a clear, data-driven understanding of repository activity, allowing administrators to identify usage trends, anticipate potential bottlenecks, and ensure efficient resource allocation. By tracking these key metrics, users can make informed decisions to maintain optimal performance and responsiveness within their Nexus Repository environment.
For full details, see the Usage Center and Usage Metrics help documentation.
Optimize AWS S3 Storage with Pre-Signed URL Downloads (Pro Only)
Sonatype Nexus Repository Pro now supports pre-signed URL downloads for AWS S3. If you are using AWS S3 blob storage, enabling pre-signed URL downloads is highly recommended to significantly enhance performance. This feature allows binary downloads to occur directly from S3, bypassing the Nexus Repository server and reducing server load.
By configuring this option per blob store, you ensure that large binary artifacts are served with optimal efficiency, resulting in faster download times and a more responsive repository. For details on enabling this feature, see the AWS S3 help documentation.
Note
Pre-signed URLs are most beneficial for Docker, Maven, and Hugging Face workflows involving large or very large profiles (as defined in our system requirements).
Updates to Licensing Page in User Interface
In this release, we’ve made updates to the licensing page that is available through the Sonatype Nexus Repository user interface to further clarify our license terms. For more details, see the licensing help documentation.
New Malware Defense Evaluation REST API
Tip
This feature requires IQ Server version 189+
Sonatype's new Malware Defense Evaluation API enables on-demand malware checks for software artifacts, providing rapid and automated threat detection across development pipelines. This API leverages Sonatype's comprehensive threat intelligence to accurately pinpoint malicious components, including those deeply embedded within dependencies.
The API's response includes detailed information about identified threats, such as the attackVector
and threatTypes
. For example, a malicious component might be flagged with attackVector: "trojan"
and threatTypes: "secrets_exfiltration, backdoor"
, offering a clear understanding of the specific risks involved.
For detailed information, refer to the Malware Defense Evaluation REST API documentation.
New Firewall REST API to Protect Against Namespace Confusion
Tip
This feature requires IQ Server version 189+
Sonatype Repository Firewall now provides a dedicated REST API to mitigate Namespace Confusion attacks, a common vulnerability in dependency management.
This new API allows users to define and manage protected namespaces, preventing the installation of malicious packages that exploit naming conflicts. Using the new endpoint, administrators can add namespaces, including wildcard support, to a dedicated repository that is automatically created if it does not exist. Additionally, the API offers a DELETE
method to remove all protected namespaces for a given format, providing comprehensive control over your namespace security.
This functionality empowers users to proactively defend against Namespace Confusion attacks and maintain the integrity of their software supply chain. For full details, see the Namespace Confusion REST API help documentation.
New Firewall for Artifactory Plugin Supporting Latest Artifactory Versions
Earlier this month, Sonatype released version 2.5.0 of the Firewall for Artifactory plug-in to support JFrog Artifactory versions 7.104.5 and later. While the previous version, 2.4.13, remains available for download, it is only compatible with Artifactory versions up to 7.98.15.
Users on newer Artifactory versions must upgrade to 2.5.0 for continued functionality and security. Find the latest plugin on the Download and Compatibility page. Also, see the Firewall for Artifactory compatibility information and our Sonatype Repository Firewall for JFrog Artifactory help documentation for full details about our plugin.
Firewall Classic Sunsetting
Please note that Firewall Classic has been sunset and is considered fully replaced by Sonatype Repository Firewall. For full details, see the Firewall Classic Sunsetting documentation.
Bug Fixes
Issue ID | Description |
---|---|
NEXUS-46461 | Sonatype Nexus Repository correctly loads the license file specified by the |
NEXUS-46408 | Installations set up to use |
NEXUS-46378 | Cargo packages published to Nexus Repository now correctly include |
NEXUS-46377 | Sonatype Nexus Repository's Windows service installation now explicitly uses the embedded JDK, resolving an issue where the service could incorrectly select a system-installed JDK. |
NEXUS-46370 | Sonatype Nexus Repository's Unix distribution archive now preserves the user and group ownership of unpacked files, resolving an issue where files were incorrectly owned by a specific user ID. |
NEXUS-46359 | Sonatype Nexus Repository now respects the |
NEXUS-46354 | Nexus Repository Kubernetes deployments no longer produce repeated "Could not lock User prefs" warnings, ensuring proper handling of user preferences and preventing potential licensing or configuration issues. |
NEXUS-46353 | Nexus Repository Kubernetes deployments now correctly load and persist licenses upon initial installation, resolving a "License is not valid" error that occurred in some deployments. |
NEXUS-46319 | Restored missing Tasks REST API endpoints. |
NEXUS-46310 | Nexus Repository installations on macOS and Unix now correctly recognize and apply the |
NEXUS-46265 | Deleting RAW components via the component API now correctly removes the corresponding browse node from the UI, preventing the display of incorrect folder icons and improving user experience. |
NEXUS-45677 | Browsing R repositories in the Nexus Repository UI no longer results in a database error. |
NEXUS-45549 | The Repositories REST API now consistently returns the |
NEXUS-45520 | The Repository Configurations REST API now validates repository types, preventing the accidental enabling of Firewall features on group repositories and mitigating performance issues caused by unnecessary evaluations. |
NEXUS-45515 | Nexus Repository now properly caches npm component metadata and components from registry.npmjs.org, preventing unnecessary downloads and improving performance by correctly handling identical |
NEXUS-45431 | The Repositories REST API now returns the |
NEXUS-45396 | PyPI group repositories now correctly display waived quarantined components in their index, resolving build failures caused by missing component versions. |
NEXUS-45285 | CocoaPods installations now succeed for pods that previously failed due to 300 (Multiple Choices) errors. |
NEXUS-42128 | The asset blob reference migration task is now managed more effectively, improving the overall efficiency of the process. |
Coming Soon to Sonatype Nexus Repository
We’re excited to share that the following enhancements will be coming soon to Sonatype Nexus Repository:
AWS Multi-Region and Disaster Recovery Enhancements
Make global deployments resilient with multi-region disaster recovery. Bounce back from disaster with enhanced recovery time and self-repair capabilities.
User Interface Enhancements
Experience a more intuitive, modernized Nexus Repository with an enhanced user interface. Navigate effortlessly through a sleek, streamlined design built for efficiency.