Release Notes

We're continuously improving Nexus IQ Server products and features based on customer feedback. We make a lot of enhancements regularly, and our release notes provide detailed descriptions of each product release with links to additional technical information and support resources.

As a best practice, we recommend that you keep your IQ Server installation up to date so you can benefit from the latest features and advancements in component intelligence. The latest version can be downloaded from the IQ Download and Compatibility page.

If you are upgrading from an earlier version of IQ Server, please see  Upgrading the IQ Server.

Release 62 (March 2019)

Support for Specifying Python Coordinates in Policy Constraints

Users can now specify python (PyPI) component coordinates when configuring constraints in policy management.

Support for Evaluating Java 12 Applications and Components

The application and component evaluation have been updated to support Java 12 bytecode.

Release 61 (February 2019)

Sonatype’s Nexus Firewall Now Protects JFrog Artifactory

Firewall now supports Artifactory repositories.  See more in the press release.

Cleanup of Obsolete Scan Files

To reclaim disk space, this release includes a background task that deletes obsolete files from the sonatype-work/clm-server/scan directory. This task is only run once and scheduled automatically for 11 pm local time after IQ Server was upgraded. Depending on the number of obsolete scan files in your installation, you might see elevated IO activity during that time when the files are removed.

Nexus Firewall Bug Fix

Fixed a bug that resulted in Component IQ not being displayed in Nexus Repository Manager.

Release 60 (February 2019)

Note: Build 1 of this IQ Server release (denoted by 1.60.0-01 in its filename) had a flaw that prevented its startup without a license. If you were quick enough to download this version, please re-download the latest build (1.60.0-02).

Policy Violation Logging

A new policy violation logging feature, which must be explicitly enabled, is now available. It logs its data to a dedicated log file in JSON format. This allows for easy line-by-line parsing for inspection, analysis, and extraction of desired data. It can be enabled/customized in your IQ Server configuration.

Support for Scanning Python Wheel Packages

Python wheel packages are now recognized by the IQ Server, CLI, Jenkins, Bamboo, and Maven plugins as well as the Vulnerability Scanner.

Release 59 (January 2019)

Security-related HTTP Headers

For added security protection against cross-site scripting and other attack vectors, the IQ server now sets the Content-Security-Policy and X-XSS-Protection HTTP headers.

Release 58 (January 2019)

Support for Evaluating Java 10/11 Applications and Components

The application and component evaluation have been updated to support Java 10/11 bytecode.

Audit Logging for Policy Violation Notifications and Webhooks

Audit logging functionality has been extended to include

Python Coordinate-Based Matching for More Clients

Python coordinate detection via the requirements.txt file has been extended from just the IQ Server and CLI to also include the Jenkins, Bamboo, and Maven plugins as well as the Vulnerability Scanner.

Release 57 (January 2019)

Audit Logging for Reporting

Audit logging functionality has been extended to include

Component Category in CIP

The Component Information Panel has been updated to display the component category identified by Sonatype.

Policy Centric App Report Preview

A new look of the Application Report is being added to IQ which will allow the user to interpret the report in a more policy-centric manner.  We call this the Policy Centric App Report, and a preview of this new look is now available alongside the existing reports.


Other Versions

IQ Server release notes are organized by year: