2017 Nexus Repository 2 Release Notes

Nexus Repository 2

Repository Manager 2.14.5

Repository Manager 3.x Upgrade Compatibility

Upgrade to the latest 2.x release before upgrading to the latest 3.x version.

Repository Manager 2.14.5 is directly upgrade compatible with following newer 3.x releases, although upgrading to at least 3.7.1 release is recommended:

Upgrading from an older Nexus 2.x version directly to Nexus 3.5.0 or higher is explicitly blocked - upgrade your current Nexus 2.x version to 2.14.5 first.

Nexus Firewall Quarantine Enabled Repositories Upgrade Compatibility

Those installations with Sonatype Repository Firewall Quarantine Enabled repositories can now upgrade to Repository Manager 3.5.0 and your existing audit and quarantine history will be maintained. Using IQ Server version 1.33 or greater is required for this feature.

General Improvements

Logging

[ NEXUS-13228] Bug race condition writing to request.log under high load may cause dead lock, thread pool exhaustion and CPU spike performance

Security

[ NEXUS-13865] Bug protect against potential for logback exploit CVE-2017-5929 security

Repository Manager 2.14.4

These notes are a compilation of new features and significant bug fixes for Repository Manager 2.14.4.

New and Noteworthy

Nexus 3.x Upgrade Compatibility

Nexus 2.14.4 is upgrade compatible with the Nexus 3.3.0 release. Upgrading from a different Nexus 2.x version into Nexus 3.3.0 is explicitly blocked.

Edge-cases for corrupted or invalid npm and NuGet components that may exist in your Nexus 2.x instance will no longer block your upgrade to Nexus 3.x .

npm scoped packages support

By popular demand we have implemented package scope support for deploying and depending on scoped npm packages. Nexus Repository Manager 3.x already has this feature and now 2.x installations can start using scoped packages and be assured their packages will migrate correctly to Nexus Repository Manager 3 when they are ready.

Associating a scope with a registry is possible only by manually editing your ~/.npmrc file. Nexus Repository Manager 2.x does not support the special handling required to automatically add or remove scoped registries using adduser/login or logout commands. If you want this feature, using Nexus Repository Manager 3.x is still required.

Disabling Security Prompts for RUT Authentication

We have added a feature to disable user interface security prompts when using RUT authentication and LDAP realms together.

General Improvements

Upgrade

[ NEXUS-12483] Bug invalid nexus 2.x NuGet repository files will cause nexus 3.x upgrade to fail with NullPointerException
[ NEXUS-12513] Bug invalid nexus 2.x npm packages will fail the upgrade to nexus 3.x with 500 internal server error

NPM

[ NEXUS-6857] Improvement Support for npm scoped packages

Security

[ NEXUS-11888] Bug http request header values should be checked for validity before allowing a request to proceed security

Repository Manager 2.14.3

These notes are a compilation of new features and significant bug fixes for Repository Manager 2.14.3.

New and Noteworthy

Upgrade Compatibility

Nexus 2.14.3 is upgrade compatible with the Nexus Repository Manager 3.2.1 release. Upgrading from a different Nexus Repository Manager 2.x version into Nexus Repository Manager 3.2.1 is explicitly blocked.

nexus-staging-maven-plugin 1.6.8 released

We fixed a problem where the Staging Apache Maven plugin did not authenticate properly with HTTP proxy servers. [NEXUS-10502]

Support Upgrading Proxy Repositories of maven.oracle.com

We have implemented changes that will allow you to upgrade your existing Maven proxy repository of maven.oracle.com into the Nexus Repository Manager 3.2.1 release. Another barrier to upgrading to Nexus Repository Manager 3.x has been eliminated. [NEXUS-10164]

Performance

Analysis of heap dumps from some complex customer setups has helped us identify a way to significantly reduce memory consumption in circumstances where there are large sets of group repository members.[NEXUS-12276]