Repository Manager 2
Nexus Repository 2 help documentation is no longer available on our help site. However, you can still download a PDF copy of the Nexus Repository 2 Help documentation.
Note
Nexus Repository OSS is distributed with Sencha Ext JS pursuant to a FLOSS Exception agreed upon between Sonatype, Inc. and Sencha Inc. Sencha Ext JS is licensed under GPL v3 and cannot be redistributed as part of a closed source work.
Nexus Repository Manager 2 Pro
Nexus Repository Manager 2 Pro is a distribution with features that are relevant to large enterprises and organizations that require complex procurement and staging workflows in addition to more advanced LDAP integration, Atlassian Crowd support, and other development infrastructure.
Note: If unlicensed, an evaluation license can be requested using the user interface.
Nexus Repository Manager Pro 2.15.2
Nov 13, 2024
Note
This release includes dependency changes that may require configuration changes before the upgrade. Please read the release notes before upgrading.
Nexus Repository Manager 2 OSS
Nexus Repository Manager 2 OSS is a repository manager that can be freely used and is distributed under the Eclipse Public License (EPL Version 1).
Nexus Repository Manager OSS 2.15.2
Nov 13, 2024
Note
This release includes dependency changes that may require configuration changes before the upgrade. Please read the release notes before upgrading.
Note
The Sonatype GPG key for verifying the install binaries can be obtained from 0374CF2E8DD1BDFD
Note
The notes below are a summary of new features, enhancements, and bug fixes per version release. To access the latest release, see our download page for details.
Repository Manager 2.15.2
Nov 13, 2024
Important Vulnerability Fixes
This release fixes a Remote Code Execution vulnerability through which an attacker with privileges to publish content could upload a specially crafted file that would result in Nexus Repository attempting to execute embedded commands upon retrieval. See CVE-2024-5082 for details.
This release also fixes a Stored XSS vulnerability through which an attacker with privileges to publish content could upload a specially crafted file that includes embedded JavaScript. If that file is viewed by an authenticated user, the JavaScript could execute product features available to the authenticated user. See CVE-2024-5083 for details.