Release Notes

We regularly improve Nexus IQ Server products based on customer feedback. We make a lot of enhancements, and here you will find the most recent versioned release notes and summaries of the main features we've completed.

Sonatype encourages using the most current IQ Server release and not trailing behind more than six months. The latest version can be downloaded from IQ Download and Compatibility.

For past releases please see 2018 Release Notes2017 Release Notes2016 Release Notes2015 Release Notes, or 2014 Release Notes.

Recent IQ Server Releases

Coming Soon

Improved JavaScript Reporting

We will be streamlining the display of JavaScript results by significantly reducing the noise. Individual JavaScript files identified as belonging to the same component will be aggregated and presented as a single line item. This will improve the readability and comprehensibility of JavaScript results while retaining all of the discovered vulnerabilities and occurrences. More information on the impact of these changes can be found in our documentation.

1.49 (July 2018)

Security Fixes for HTTP Connector (Jetty)

Updated Jetty to fix several vulnerabilities related to HTTP request parsing.

1.48 (June 2018)

Policy-centric Component Information Panel

The Component Information Panel has been updated to display policy violations instead of security vulnerabilities and license issues.

Fixes for Recording of Component Occurrences

In some cases, the IQ CLI and our CI plugins for Bamboo and Jenkins recorded incomplete pathnames for the components in applications, causing misleading information in the Occurrences tab and issues in detecting proprietary components. We have fixed this in the new versions of those tools but there's a catch: If you previously configured regular expressions for proprietary components that only match exact pathnames, i.e. do not start with .* or similar wildcards, those regular expressions might need updating to account for the fixed pathnames.

Security Fix for JavaMail

Updated JavaMail to fix leaking host and username in message headers (SONATYPE-2017-0492).

Security Fix for Lifecycle XC CLI

Updated a vulnerable dependency of Nexus IQ CLI to fix a Zip Slip vulnerability that was exposed when running in its XC (Expanded Coverage) mode.

Component Labels REST API

Nexus IQ Server now has a Component Labels REST API for adding and removing component labels for an application.

1.47 (April 2018)

Component Versions REST API

Nexus IQ Server now has a Component Versions REST API for returning a list of versions for a component.

Improvements to Getting Started Page

The "Getting Started" page now indicates if there are any connectivity issues with Sonatype Data Services.

Persistent Warning to Change Default Password

A persistent warning is displayed if the default password for the built-in 'admin' account is not changed.

Automatic Application Creation for Nexus IQ for Jenkins

Nexus IQ for Jenkins 3.0.20180425-130011.728733c now supports automatic application creation.

1.46 (April 2018)

Automatic Application Creation for Sonatype CLM for Maven

Sonatype CLM for Maven 2.8.1-01 now supports automatic application creation. As part of these changes, anonymous access is no longer supported and credentials must be provided in order to communicate with Nexus IQ Server.

Automatic Application Creation for Nexus IQ for Bamboo

Nexus IQ for Bamboo 1.8.0 now supports automatic application creation.

RubyGems Data Available in Nexus Firewall

RubyGems packages are now supported in Nexus Firewall. Available data includes: identification, licenses, and security vulnerabilities.

Getting Started Page

Nexus IQ Server has added a "Getting Started" page to facilitate onboarding administrative users. For non-administrative users a list of helpful "Learning Topics" are provided.

Performance Fix

A performance issue was found in 1.45 with certain access patterns to violation data.  This has been fixed in 1.46.  All users of 1.45 are advised to upgrade.

1.45 (March 2018)

Improved Database Format for Reduced Disk Space Consumption

This version of Nexus IQ Server uses a revised format to store the policy violation data to reduce its disk space consumption. Especially installations that have applications with a long history of policy evaluations or with a high frequency of policy evaluations will benefit from this upgrade.

Depending on the size of your existing installation and the hardware running your IQ Server, upgrading to this new version can take notable time. Be sure to read the instructions for Upgrading the IQ Server to Version 1.45 to prepare yourself appropriately.

Automatic Application Creation

Nexus IQ Server now allows automatic creation of applications. Users with permission to manage automatic application creation can enable this feature and specify the parent organization for any automatically-created applications. When enabled, if a policy evaluation is performed for an application ID that does not exist, a new application with that ID will be created automatically instead of failing. Only the Nexus IQ CLI has been updated to take advantage of this new feature as of this release.

Anonymous Access Removed in Nexus IQ CLI

Nexus IQ CLI no longer supports anonymous access. With this change we begin the process of phasing out support for anonymous access from Nexus IQ clients.

1.44 (February 2018)

Login Modal Styling Improvements

The Nexus IQ Server login window has been updated with styling that matches the other forms within the application.

Automatic Import of Reference Policies

Upon first start, the Nexus IQ Server will now automatically download and import the current Reference Policy Set. This removes the need for an administrator to manually find, download, and import policies when getting started with IQ for the first time. The manual import capability is still provided.

1.43 (January 2018)

Configuration Changes due to Upgraded Server Infrastructure

The Nexus IQ Server infrastructure has been upgraded, bringing with it many benefits including a more powerful configuration format for its networking and logging.

(warning) If you wish to use a configuration file from a prior version, then you must update it. Please refer to our configuration update guide for more information.

Product License Page Improvements

The Product License page has been enhanced to display additional important information including company name, primary contact name and e-mail address, license type(s), licensed users, expiration date, and days remaining. Additionally, we have provided more guidance for license installations.

Sandbox Organization and Application for Fresh Installs

Fresh installations starting with this version will, by default, create a "Sandbox Organization" with a child "Sandbox Application". This is to help facilitate the training of new users by providing a premade and safe sandbox for them to learn within. Please refer to the sample data configuration for more information.

Notable IQ Server Updates

The Sonatype Integrations team is happy to announce the release of Docker image evaluations in Nexus IQ Server tooling. Docker image tars can be scanned using the latest versions of Nexus IQ tools. Please check the Release Notes to see requirements for Docker evaluations.  Older versions of Nexus IQ tools will scan Docker images but create incorrect results without notification. Additional information can be found in both CLI Evaluating an Application and IQ for Jenkins Docker Images.
We are excited to announce the availability of the Nexus IQ Server plugin for Microsoft Visual Studio users. Developers who use Visual Studio now have access to the precise component intelligence available in Nexus Lifecycle. They can easily identify which components meet corporate guidelines and which ones do not as soon as the component is selected. Having this intelligence directly within the IDE enables developers to choose components that are free from security vulnerabilities,…
The IQ Server team is pleased to announce the availability of Success Metrics charts. These charts demonstrate the value of IQ Server, showing the progress your organization is making by presenting changes in metrics over time. You can access Success Metrics through the IQ Server toolbar. For more information, see the Success Metrics topic.