Repository Manager 2
Sonatype is sunsetting Nexus Repository 2 on June 30, 2025.
See Upgrade from Nexus Repository 2
The Nexus Repository 2 documentation is no longer available on our help site. Download a PDF copy of the documentation.
Nexus Repository Manager 2 Pro is a distribution with features that are relevant to large enterprises and organizations that require complex procurement and staging workflows in addition to more advanced LDAP integration, Atlassian Crowd support, and other development infrastructure.
Nov 13, 2024
This release includes dependency changes that may require configuration changes before the upgrade. Please read the release notes before upgrading.
Nexus Repository Manager 2 OSS is a repository manager that can be freely used and is distributed under the Eclipse Public License (EPL Version 1).
The Sonatype GPG key for verifying the install binaries can be obtained from 0374CF2E8DD1BDFD
Nexus Repository OSS is distributed with Sencha Ext JS pursuant to a FLOSS Exception agreed upon between Sonatype, Inc. and Sencha Inc. Sencha Ext JS is licensed under GPL v3 and cannot be redistributed as part of a closed source work.
Repository Manager 2.15.2
Nov 13, 2024
Important Vulnerability Fixes
This release fixes a Remote Code Execution vulnerability through which an attacker with privileges to publish content could upload a specially crafted file that would result in Nexus Repository attempting to execute embedded commands upon retrieval. See CVE-2024-5082 for details.
This release also fixes a Stored XSS vulnerability through which an attacker with privileges to publish content could upload a specially crafted file that includes embedded JavaScript. If that file is viewed by an authenticated user, the JavaScript could execute product features available to the authenticated user. See CVE-2024-5083 for details.