Upgrading the IQ Server

The latest version of IQ Server can be downloaded from the IQ Download and Compatibility page.

Before starting any upgrade, make sure you have reviewed all upgrade instructions provided for your current version (see additional sections below), as well as any versions that followed.

To upgrade the IQ Server:

  1. Stop the IQ Server
  2. Perform a backup
  3. Copy the new jar and change the startup scripts to reflect the new jar name
  4. Start the IQ Server

Optionally you can manually merge the changes from the existing config.yml into the new, but this is not required.

If there is any concern, please feel free to contact our support team: support@sonatype.com.

Upgrading from Version 1.44 or Earlier to Version 1.45 or Later

Version 1.45 of IQ Server introduces a more compact format to store the policy violation data of your applications. Upgrading to this version and the new storage format can take notable time. To properly prepare for this upgrade, refer to our detailed instructions on Upgrading the IQ Server to Version 1.45.

Upgrading from Version 1.42 or Earlier to Version 1.43 or Later

IQ Server version 1.43 uses a more powerful configuration format (config.yml).

(warning) If you wish to use a configuration file from a prior version, then you must update it. Please refer to our configuration update guide for more information.

Upgrading to Version 1.42 or Later requires Version 1.16 or Later

IQ Server version 1.42 or later will no longer perform data migrations for versions prior to or including 1.16.

This is in an effort to streamline future data migrations to improve data storage and its scalability. 

Upgrading from Version 1.35 or Earlier to Version 1.36 or Later

IQ Server version 1.36 replaces the Security Vulnerability present policy condition with the Security Vulnerability Severity greater than or equal to 0 policy condition and removes the Security Vulnerability absent policy condition. The upgrade to 1.36 or later will fail if you have any policies relying on the Security Vulnerability absent policy condition. Before attempting to upgrade, we highly recommend that you perform a backup. If the upgrade fails, then you can still start the previous version against this backup. In the meantime, you can contact our support team: support@sonatype.com or your customer success representative directly for assistance in changing any of your policies that rely on the Security Vulnerability absent policy condition.

Upgrading from Version 1.17 or Earlier to Version 1.18 or Later

IQ Server version 1.18 introduces the Root Organization—a new entity at the top of the system hierarchy that allows you to set policy globally across all organizations and applications. After you update the IQ Server to version 1.18, you should configure and create the Root Organization. It’s a one time process, and occurs when the server is restarted. The process makes a permanent change to the system hierarchy that cannot be undone. It is strongly recommended that you backup the IQ Server and read "Introducing the Root Organization" before proceeding.

In IQ Server version 1.21, the Sonatype CLM for Hudson and Jenkins plugin has been updated and rebranded to Nexus IQ for Hudson/Jenkins 1.x. If you have a prior version of the plugin installed, then you must uninstall the older version before installing the newer rebranded one. For installation instructions, see the Nexus IQ for Hudson/Jenkins 1.x chapter.

IQ Server version 1.26 introduces CSRF protection for all available plugins that use reverse proxy authentication. This new protection is enabled by default. If you want to upgrade to IQ Server version 1.26 and use reverse proxy authentication in your plugins, you should upgrade your plugins to their latest versions first.

If you would like to upgrade to IQ Server version 1.26 and use reverse proxy authentication with older plugin versions, you will need to disable CSRF protection for reverse proxy authentication. See the section on Reverse Proxy Authentication for more information.

Both Nexus Repository Manager version 2.14.3 and older and Nexus Repository Manager version 3.2.1 and earlier 3.x versions do not support CSRF protection when using reverse proxy authentication. If you want to use reverse proxy authentication with these Nexus Repository Manager versions and IQ Server 1.26 or later, you will need to disable CSRF protection for reverse proxy authentication. See the section on Reverse Proxy Authentication for more information.

Upgrading from Version 1.15 or Earlier to Version 1.23 or Later

Due to data migrations, you will need to upgrade to version 1.16 first before proceeding to upgrade to version 1.23 or later versions of IQ Server.

Upgrading from Version 1.16 or Earlier

In version 1.17 a rebranding of the Sonatype CLM product took place, and is now known as Nexus IQ. As part of this rebranding two of the binaries also changed during this release:

Server

  • From: sonatype-clm-server
  • To: nexus-iq-server

CLI

  • From: sonatype-clm-scanner
  • To: nexus-iq-cli

If you have any scripts utilizing the previous names, you will want to update these given the change above.

In the example above, only the server name is given. The full binary name would look like nexus-iq-server-1.27.0-01.jar

Upgrading from Versions Earlier than 1.9.x

While Sonatype only supports the previous two releases, we are happy to help direct any upgrade needs you may have. If you are upgrading from a version prior to 1.9.x, please contact our support team directly: support@sonatype.com.