Skip to main content

Release Notes - Sonatype for GitLab CI

Version 1.171.0-01 (January 2024)

  • Provide the latest features for Nexus Lifecycle 1.171.0-01

Version 1.170.0-01 (December 2023)

  • Provide the latest features for Nexus Lifecycle 1.170.0-01

Version 1.169.0-01 (October 2023)

  • Provide the latest features for Nexus Lifecycle 1.169.0-01

Version 1.168.0-01 (October 2023)

  • Provide the latest features for Nexus Lifecycle 1.168.0-01

Version 1.167.0-01 (September 2023)

  • Provide the latest features for Nexus Lifecycle 1.167.0-01

Version 1.166.0-01 (August 2023)

  • Provide the latest features for Nexus Lifecycle 1.166.0-01

Version 1.165.0-01 (July 2023)

  • Provide the latest features for Nexus Lifecycle 1.165.0-01

Version 1.164.0-01 (June 2023)

  • Provide the latest features for Nexus Lifecycle 1.164.0-01

Version 1.163.0-01 (June 2023)

  • Provide the latest features for Nexus Lifecycle 1.163.0-01

Version 1.162.0-01 (June 2023)

  • Provide the latest features for Nexus Lifecycle 1.162.0-01

Version 1.161.0-01 (May 2023)

  • Provide the latest features for Nexus Lifecycle 1.161.0-01

Version 1.160.0-01 (April 2023)

  • Provide the latest features for Nexus Lifecycle 1.160.0-01

Version 1.159.0-01 (April 2023)

  • Provide the latest features for Nexus Lifecycle 1.159.0-01

Version 1.158.0-01 (March 2023)

  • Updates to Nexus Container Scanning

    • Scanning remote images do not require providing environmental variables if the image is public

  • Provide the latest features for Nexus Lifecycle 1.158.0-01

Version 1.156.0-01 (February 2023)

  • Provide the latest features for Nexus Lifecycle 1.156.0-01

Version 1.155.0-01 (February 2023)

  • Provide the latest features for Nexus Lifecycle 1.155.0-01

Version 1.153.0-01 (January 2023)

  • Provide the latest features for Nexus Lifecycle 1.153.0-01

Version 1.152.0-01 (January 2023)

  • Introduces call flow analysis in Java (or any JVM language) binaries found in the scan targets to find method signatures which trigger a security vulnerability

  • Provide the latest features for Nexus Lifecycle 1.152.0-01

Version 1.151.0-01 (December 2022)

  • Provide the latest features for Nexus Lifecycle 1.151.0-01

Version 1.150.0-01 (November 2022)

  • Evaluations terminate with a non-zero exit code if there are any scanning errors

  • Provide the latest features for Nexus Lifecycle 1.150.0-01

Version 1.149.0-01 (November 2022)

  • Provide the latest features for Nexus Lifecycle 1.149.0-01

Version 1.148.0-01 (October 2022)

  • Provide the latest features for Nexus Lifecycle 1.148.0-01

Version 1.147.0-01 (October 2022)

  • Provide the latest features for Nexus Lifecycle 1.147.0-01

Version 1.146.0-01 (October 2022)

  • Provide the latest features for Nexus Lifecycle 1.146.0-01

Version 1.145.0-01 (October 2022)

  • Notable bug fix

    • Releases 142 and above fix a bug where a manifest scan processed pom.xml files inside a META-INF directory. Files in this directory, in most cases (specifically for uber/shaded archives), do not represent the manifest file for the target application to be scanned. All pom.xml files inside a META-INF directory from release 142 and above are now ignored during a manifest scan.

  • Provide the latest features for Nexus Lifecycle 145

Version 1.144.0-05 (September 2022)

  • Users can now provide an additional parameter organization-id for a specific organization. If the application does not exist, IQ Server will create it under the specified organization, instead of the parent organization that is configured for Automatic Application Creation.

  • Provide the latest features for Nexus Lifecycle 144

Version 1.142.0-02 (July 2022)

  • Provide the latest features for Nexus Lifecycle 142

Version 1.141.0-01 (June 2022)

  • Provide the latest features for Nexus Lifecycle 141

Version 1.139.0-01 (June 2022)

  • Provide the latest features for Nexus Lifecycle 139

Version 1.138.0-01 (May 2022)

  • Provide the latest features for Nexus Lifecycle 138

Version 1.137.0-05 (May 2022)

  • Provide the latest features for Nexus Lifecycle 137

Version 1.135.0-01 (March 2022)

  • Provide the latest features for Nexus Lifecycle 135

Version 1.134.0-02 (March 2022)

  • Provide the latest features for Nexus Lifecycle 134

  • Support for CycloneDX 1.4:

    • The CycloneDX Application Analysis has been extended to support the CycloneDX schema version 1.4 for XML and JSON formats.

Version 1.133.0-02 (March 2022)

  • Provide the latest features for Nexus Lifecycle 133

Version 1.132.0-02 (January 2022)

  • Provide the latest features for Nexus Lifecycle 132

  • Bug Fix for False Positives in Image Scans

Version 1.130.0-01 (December 2021)

  • Update logback Library Version in IQ

    • Nexus IQ Server does not use log4j versions and uses logback instead. It is therefore not at risk from vulnerabilities impacting log4j.

      However, because of a low/moderate vulnerability existing in "logback", we're taking precautionary measures by updating the logback library version used in Nexus IQ products.

  • Cran and Cargo Matching Improvements

  • Conda Matching Improvements

Version 1.125.0-02a (October 2021)

  • An optional environment variable, NEXUS_IQ_REPORT_FORMAT, can be set to control the content of the generated evaluation report

Version 1.125.0-02 (October 2021)

  • Conan Matching Improvements

    • Conan data and matching have been improved for both Lifecycle and Firewall.

  • Dependency Information Improvements for NPM

    • NPM Dependency Information detection has been improved to display more accurate results.

Version 1.123.0-01 (September 2021)

  • Fixed an issue with some NPM scans that was causing IQ Server 122 evaluations to fail when reading dependency information.

Version 1.122.0-01 (September 2021)

  • Dependency Information for NPM

    • NPM project scans with manifests allow displaying dependency information for NPM components (Direct and Transitive).

Version 1.121.0-01 (August 2021)

  • Support for container scanning via Nexus Container

Version 1.119.0-03 (July 2021)

  • SBOM Improvements and Bug Fixes:

    • CycloneDX SBOM scans have been improved to display better results

Version 1.118.0-01 (June 2021)

  • Swift Application Analysis:

    • IQ Server can now be used to evaluate policies against components from the dependency file of a Swift application.

Version 1.117.0-01 (June 2021)

  • Support for CycloneDX 1.3:

    • CycloneDX Application Analysis has been extended to support the schema version CycloneDX 1.3 for XML format.

Version 1.116.0-01 (June 2021)

  • Improvements to Python Application Analysis:

    • IQ Server now supports evaluating policies against Python components defined in poetry.lock files.

Version 1.114.0-01 (May 2021)

  • Support for CycloneDX 1.2:

    • CycloneDX Application Analysis have been extended to support the schema version CycloneDX 1.2 for XML format

Version 1.107.0-01 (March 2021)

  • Java Manifest Application Analysis:

    • IQ Server now supports evaluating policies against Java components in pom.xml and build.gradle files

Version 1.106.0-01 (March 2021)

  • Improvements to manifest analysis:

    • Updated CLI scanner to exclude development dependencies when scanning package-lock.json files.

    • Updated CLI scanner to parse package-lock.json files stored inside an archive.

    • Fixed parsing errors when scanning yarn.lock and *.csproj files.

Version 1.105.0-01 (Feb 2021)

  • Fixed initialization error in NuGet manifest scanning

Version 1.104.0-02 (Jan 2021)

  • Application analysis of components for:

    • NPM, as defined in yarn.lock, pnpm-lock.yaml, package-lock.json, and npm-shrinkwrap.json files.

    • NuGet, as defined in .csproj and packages.config files.

Version 1.103.0-01 (Dec 2020)

  • Added support for analyzing Java 14 and 15 bytecode.

Version 1.101.0-01 (Nov 2020)

  • Nexus IQ CLI no longer supports Lifecycle XC. IQ Server now has native support for all languages that were supported in Lifecycle XC.

Version 1.98.0-01 (Sep 2020)

  • Application analysis of components for:

    • Go components defined in a Gopkg.lock

Version 1.97.0-01 (Aug 2020)

  • Application analysis of components for:

    • C/C++ components defined in a conaninfo.txt file.

    • Go components defined in a go.list file

Version 1.94.0-01 (Jun 2020)

  • Now released in sync with IQ Server releases (which may or may not include updates relevant to this docker image's release)

  • Application analysis of components for:

    • C/C++ conanfile.py Files

    • Yum

    • Alpine

    • Debian

    • Drupal

    • R (CRAN)

    • Rust (Cargo)

Version 1.88.0-02 (Mar 2020)

  • Application analysis of components for:

    • Swift/Objective-C CocoaPods

    • Conda

Version 1.87.0-02 (Mar 2020)

  • Identify components based on SHA-1 value (content hash)

  • Application analysis of components for:

    • C/C++ Conan

    • PHP Composer

    • RubyGems

    • CycloneDX application analysis extended to support submitting component vulnerabilities

Version 1.2 (Sep 2019)

  • pushed environment variables into processes for automated onboarding of applications for Nexus IQ for SCM

Version 1.1 (Apr 2019)

  • expanded coverage option (-xc) fixed

  • application ID added to the report filename

  • policy violation counts added to the HTML report

Version 1.0 (Apr 2019)

  • Known issues:

    • Using the expanded coverage option (-xc) will incorrectly cause the pipeline job to fail

    • Multiple evaluations in the same job will incorrectly append report information to the same policy-eval-report.html file