Sonatype Nexus Repository 3.80.0 Release Notes
Released May 6, 2025
What’s New and Noteworthy in This Release?
Nexus Repository Gets a More Modern and Intuitive User Interface
This release introduces a significant enhancement to the Sonatype Nexus Repository user interface, focusing on improved navigation and a more modern experience.
We’ve transitioned the underlying shell to a responsive React-based framework, paving the way for future UI advancements and a more consistent design. This update streamlines how you interact with Nexus Repository, making key functions more easily accessible.
Notably, all of the main navigation is now located in a collapsible left-hand menu for better discoverability and screen utilization. The Administration or Settings panel, previously a top-navigation cog icon, is now a clearly labeled Settings option in the side navigation, retaining all its familiar sub-options.
Similarly, the Browse functionality, formerly a cube icon in the top navigation, is now directly accessible as a clearly labeled Browse option in the left-hand menu.
For more detailed information on the technical changes and specific updates, please refer to our User Interface Overview help documentation.
Hugging Face Support for Repository Firewall (Requires IQ 191)
Sonatype Firewall now extends its comprehensive component analysis to include artifacts from Hugging Face. This enhancement allows users to leverage Firewall's policy engine and vulnerability insights to govern the use of pre-trained models and other assets hosted on the Hugging Face Hub. Note that support for Hugging Face does not yet extend to the Firewall for Artifactory plugin.
By integrating Hugging Face support, organizations can proactively identify and mitigate potential security risks and licensing issues associated with these widely used machine learning resources, ensuring a more secure AI/ML development lifecycle.
Usage Center Support for High Availability (HA) Deployments
Administrators of High Availability (HA) deployments can now access the Nexus Repository Usage Center via the user interface. This enhancement brings visibility into your deployment's scale, helping you proactively review your deployment model to ensure continued performance and stability as usage evolves.
The Usage Center offers insights aligned with Sonatype's verified and tested architecture guidelines for Nexus Repository deployments. For full details, see our Usage Center help documentation.
Historical Usage Table Provides Insights into Month-to-Month Nexus Repository Usage
The Licensing section of the Sonatype Nexus Repository user interface now features a Usage tab under which you will find a new Historical Usage table. This table, available to both single-instance and high availability deployments, provides valuable insights into your instance's resource consumption over time by providing a monthly overview of key metrics to help you understand your Nexus Repository instance’s growth and activity.
The Historical Usage table displays critical data points such as the total number of unique components stored, month-over-month changes in component count, the total number of HTTP interactions with format-specific endpoints, month-over-month changes in requests, and the maximum storage space that your components use. This comprehensive view empowers administrators to monitor trends, plan for future capacity needs, and gain a deeper understanding of their Nexus Repository usage patterns.
For full details, see the License Management help documentation.
New LDAP to SAML User Token Migration Task
Sonatype Nexus Repository now includes a built-in task to facilitate migrating existing user tokens when transitioning from LDAP to SAML. While you can still use the scripts provided in our LDAP to SAML migration help documentation, this new task provides a more straightforward and simple method for carrying out this process.
For detailed instructions, see our LDAP to SAML migration help documentation.
Simplified Cleanup for S3 Blob Stores with Compact Blob Store Task and Retention Property
Sonatype Nexus Repository 3.80.0 introduces a significant change in how you manage cleanup/hard deletion for S3 blob stores.
With this release, we have removed the Expiration Days setting previously found in the S3 blob store configuration. Now, all S3 blob stores require an associated Admin - Compact blob store task to manage the permanent deletion of files. When creating this task, you can configure the new Blob Older Than property to specify a number of days to keep soft deleted files before they are permanently removed.
Note
When you upgrade your Nexus Repository instance to 3.80.0+, Nexus Repository will automatically create Admin - Compact blob store tasks for your existing S3 blob stores.
For full details, see the Hard Deletion section of the Cleanup Policies help documentation.
Improvements to High Availability Configurations for AWS Database Failover
For Sonatype Nexus Repository Pro High Availability (HA) deployments using AWS, we've made important improvements to our help documentation and configuration recommendations. These updates are designed to optimize recovery times for AWS environments. We encourage administrators to review the latest guidance. Please refer to the updated recommended PostgreSQL parameters for failover recovery and updated Java DNS caching in cloud environments documentation for specific configuration suggestions.
Upgrade Impacts for Those With Customized Jetty Configuration
In this release, we have renamed the logging framework module from nexus-pax-logging to nexus-logging. Customers who have customized their Jetty configuration files, particularly those involving logging configurations such as logback.xml, may need to update their references to the old package name. Failure to update these configurations may result in unexpected behavior or broken logging functionality.
Please review your custom logging configurations and update any instances of org.sonatype.nexus.pax.logging to the new org.sonatype.nexus.logging to ensure continued proper logging.
Bug Fixes
Issue ID | Description |
|---|---|
NEXUS-46989 | Improved AWS pre-signed URL help documentation to add information about the default expiry configuration of 5 minutes (300s) for pre-signed URLs and how it can be overridden using |
NEXUS-46748 | Azure blob storage operations no longer fail with "java.lang.IllegalArgumentException: Not blob attribute path" error. |
NEXUS-46691 | Added enhanced logging to provide greater insight into the root cause of any discrepancies between the malware banner count and the malware CSV. |
NEXUS-46594 | You can now tag more than 100 components in HA environments. This fix introduces pagination for associated and unassociated tags, aligning the functionality with non-HA setups. |
NEXUS-46553 | Nexus Repository now checks the |
NEXUS-46435 | Addressed an issue in which “.bytes” files in S3 blob stores were sometimes deleted before S3 “Expiration Days” were reached. See Simplified Cleanup for S3 Blob Stores above for details. |
NEXUS-46256 | We’ve provided improved documentation and configuration recommendations for Sonatype Nexus Repository Pro HA deployments on AWS to improve failover recovery times. Please refer to the updated recommended PostgreSQL parameters for failover recovery and updated Java DNS caching in cloud environments documentation for specific configuration suggestions. |
NEXUS-46183 | The asset search API now gracefully handles empty enum parameters passed in the URL. |
NEXUS-46177 | When searching assets against a group repository, the download URLs now correctly include the group repository in the path. |
NEXUS-46164 | In Nexus Repository HA, searching for a tag now returns only components with an exact match, resolving an issue where substring matches (e.g., searching for "tag-test" incorrectly included components tagged with "tag-test-1"). |
NEXUS-46021 | Maven builds should no longer intermittently fail when putting Maven metadata due to "java.nio.file.NoSuchFileException" exception. |
NEXUS-45319 | When using an Azure blob store, concurrent requests for the same component no longer result in errors. This fix introduces a new |
NEXUS-44535 | The Nexus log file no longer displays |
NEXUS-40741 | Components deleted by Cleanup Policies are now also removed from the IQ Repository Report. This fix ensures that the IQ report accurately reflects the repository's content after cleanup tasks have been executed. |
NEXUS-36198 & NEXUS-21752 | Nexus Repository now sets Content-Security-Policy (CSP) headers for all requests, enhancing security by controlling the resources the browser is allowed to load. For user-submitted HTML/JavaScript content served inline, the "sandbox" value for CSP is applied to prevent stored cross-site scripting (XSS) attacks and restrict access to sensitive information like the repository application session cookie. Additionally, for requests submitted over HTTPS, a Strict-Transport-Security (HSTS) header is now included to enforce secure connections. |
Coming Soon to Sonatype Nexus Repository
We’re excited to share that the following enhancements will be coming soon to Sonatype Nexus Repository:
Upgrade to Jetty 12
Sonatype Nexus Repository is scheduled to upgrade to Jetty 12 in the 3.81.0 release. If your system uses a customized Jetty configuration, serves HTTPS through Nexus Repository, or has a customized request log, you should plan to update your configurations to ensure compatibility.
New Reconcile Task with Improved Performance
A new task will replace the older Repair - Reconcile component database from blob store task, delivering a more reliable and efficient reconciliation process. The new, better performing task syncs the Nexus database and blob stores more quickly and accurately, ensuring data stays in perfect alignment. For added flexibility, users will also be able to customize the reconciliation period to suit their specific needs.