Release Notes
We're continuously improving Nexus IQ Server products and features based on customer feedback. We make a lot of enhancements regularly, and our release notes provide detailed descriptions of each product release with links to additional technical information and support resources.
As a best practice, we recommend that you keep your IQ Server installation up to date so you can benefit from the latest features and advancements in component intelligence. The latest version can be downloaded from the IQ Download and Compatibility page.
If you are upgrading from an earlier version of IQ Server, please see Upgrading the IQ Server.
Release 66 (June 2019)
Command to Reset the Admin Account Password and Roles
A new command was added to reestablish the default admin account in a shutdown IQ Server including its default password and roles.
Package-url (purl-spec) Support in Public APIs
We are rolling out package-url based component information access as an alternative to the coordinate based component information retrieval in REST APIs. The following API is extended to support package-url.
Add Optional 'Description' Field to Webhook Configuration
The webhook description is displayed in the UI where webhooks can be selected such as the webhook list or the policy editor.
Add Component Remediation Information to Component Information Panel
Component Remediation Suggestions have been added to the Component Information Panel. For components that have policy violations, it will show the next available version that does not violate any policies for the given application, if such a version exists. This will be shown in the Application Composition Report and the IDE plugins.
Release 65 (May 2019)
Policy-centric Application Composition Report
The policy-centric Application Composition Report is no longer in preview mode and has now replaced the previous version of the report. The previous version is still accessible through the link provided in the new UI.
Application Composition Report API - Policy Violations
A new endpoint was added in order to provide policy violations data for a given report. See "Policy Violations by Report REST API (v2)" in Report-related REST APIs - v2.
Component Remediation API - Next Non-failing Remediation Type
Added new remediation type for the next closest component version which does not fail any policy violations.
Release 64 (April 2019)
Application Reports as Point-in-Time Data
Existing Application Composition Reports are not updated anymore when changes are made in the Component Information Panel. These changes become visible only when the application is re-analyzed (via the re-evaluation button or a new evaluation being triggered from CI, CLI, policy monitoring, etc). This ensures that the reports reflect the state of the application and policy evaluation results at the time the application was analyzed.
Web UI to Configure Data Retention Policy for Success Metrics
This release completes the data retention and purging feature introduced in release 63 by extending the IQ Server UI with the elements needed to inspect and edit the data retention for Success Metrics.
Component Remediation API
In order to facilitate automation and customization of component remediation, IQ Server now supports a Component Remediation API. The first release of the API provides similar data from the component intelligence panel version graph into a machine readable format. The result of the request provides component remediation suggestions of policy violations on a per component basis.
Release 63 (March 2019)
Data Retention Policies for Automatic Purging of Obsolete Application Reports and Success Metrics
To reduce the disk space consumption of IQ Server, you can now specify data retention policies for application reports and Success Metrics. Reports, that according to these retention policies are deemed obsolete, are automatically purged from sonatype-work/clm-server/report. Likewise, policy violation history that is no longer relevant for Success Metrics is purged from sonatype-work/clm-server/data. But note that automatic purging needs to be manually enabled after IQ Server was upgraded to the new version.
Release 62 (March 2019)
Support for Specifying Python Coordinates in Policy Constraints
Users can now specify python (PyPI) component coordinates when configuring constraints in policy management.
Support for Evaluating Java 12 Applications and Components
The application and component evaluation have been updated to support Java 12 bytecode.
Release 61 (February 2019)
Firewall now supports Artifactory repositories. See more in the press release.
Cleanup of Obsolete Scan Files
To reclaim disk space, this release includes a background task that deletes obsolete files from the sonatype-work/clm-server/scan directory. This task is only run once and scheduled automatically for 11 pm local time after IQ Server was upgraded. Depending on the number of obsolete scan files in your installation, you might see elevated IO activity during that time when the files are removed.
Nexus Firewall Bug Fix
Fixed a bug that resulted in Component IQ not being displayed in Nexus Repository Manager.
Release 60 (February 2019)
Note: Build 1 of this IQ Server release (denoted by 1.60.0-01 in its filename) had a flaw that prevented its startup without a license. If you were quick enough to download this version, please re-download the latest build (1.60.0-02).
Policy Violation Logging
A new policy violation logging feature, which must be explicitly enabled, is now available. It logs its data to a dedicated log file in JSON format. This allows for easy line-by-line parsing for inspection, analysis, and extraction of desired data. It can be enabled/customized in your IQ Server configuration.
Support for Scanning Python Wheel Packages
Python wheel packages are now recognized by the IQ Server, CLI, Jenkins, Bamboo, and Maven plugins as well as the Vulnerability Scanner.
Release 59 (January 2019)
Security-related HTTP Headers
For added security protection against cross-site scripting and other attack vectors, the IQ server now sets the Content-Security-Policy and X-XSS-Protection HTTP headers.
Release 58 (January 2019)
Support for Evaluating Java 10/11 Applications and Components
The application and component evaluation have been updated to support Java 10/11 bytecode.
Audit Logging for Policy Violation Notifications and Webhooks
Audit logging functionality has been extended to include
- Sending notifications for policy violations.
- Invoking a webhook.
Python Coordinate-Based Matching for More Clients
Python coordinate detection via the requirements.txt file has been extended from just the IQ Server and CLI to also include the Jenkins, Bamboo, and Maven plugins as well as the Vulnerability Scanner.
Release 57 (January 2019)
Audit Logging for Reporting
Audit logging functionality has been extended to include
- Viewing repository results.
- Viewing component information panel data.
- Accessing and managing success metrics.
- Accessing dashboard table data.
- Exporting policy violations.
- Searching components.
- Evaluating IDE projects.
- Evaluating individual components via the REST API.
Component Category in CIP
The Component Information Panel has been updated to display the component category identified by Sonatype.
Policy Centric App Report Preview
A new look of the Application Report is being added to IQ which will allow the user to interpret the report in a more policy-centric manner. We call this the Policy Centric App Report, and a preview of this new look is now available alongside the existing reports.
Other Versions
IQ Server release notes are organized by year:
- 2019 Release Notes (57 and up)
- 2018 Release Notes (1.43 - 56)
- 2017 Release Notes (1.25 - 1.42)
- 2016 Release Notes (1.19 - 1.24)
- 2015 Release Notes (1.13 - 1.18)
- 2014 Release Notes (1.12)