Skip to main content

Sonatype Repository Firewall Quarantine Patch Fix

There was a critical issue with Sonatype Nexus Repository versions 3.57.0 and 3.58.0, which impacted deployments of the Sonatype Repository Firewall.

The identified issue reset the ‘quarantine as of date’ when the Sonatype Nexus Repository is started after the update. As a result, the previously quarantined component will be “un-quarantined” upon server reboot.

You are impacted if:

You are using Sonatype Nexus Repository versions 3.57.0 or 3.58.0 and Sonatype Repository Firewall.
The Repository Firewall quarantine feature is enabled.

Fixing the issue

The fix is to upgrade to the latest release as soon as possible. These versions revert the changes at the root cause of the incident. As part of the upgrade, you will also need to take the following actions:

In your nexus.properties file, add the property: “nexus.firewall.quarantineFix.enabled=true”
After starting Sonatype Nexus Repository 3.57.1 / 3.58.1, a user with the Task administration permissions will need to create a Firewall Quarantine Timestamp Correction task to run manually.

Execute this task to repair the necessary quarantine data. This one task will apply to all repositories with quarantine enabled, is expected to have minimal impact on operational performance, and is completed within minutes regardless of deployment size.

Would you like to provide feedback? Just click here to suggest edits.