2019 Release Notes

The notes below are a summary of new features, enhancements, and bug fixes per version release. To access new the latest release, see our download page for details.

Repository Manager 2.14.13

Security Fix for discovered XSS vulnerability

An XSS vulnerability has been found and corrected in 2.14.13 Pro.

Sonatype recommends that administrators running NXRM2 Pro versions up to and including 2.14.12 upgrade immediately.

This is a bug fix release and corrects a vulnerability that was discovered in prior versions of Nexus Repository Manager Pro 2.x. We recommend all Pro users upgrade to 2.14.13 or later.

Repository Manager 3.x Upgrade Compatibility

Please see Upgrade Compatibility - Repository Manager 2 to 3 for a complete reference. 

Security

Repository Manager 2.14.12

This is a release with improvements, bug fixes and corrects multiple vulnerabilities that have been discovered in prior versions of Nexus Repository Manager 2.x. We recommend all users to upgrade to 2.14.12 or later.

Repository Manager 3.x Upgrade Compatibility

Please see Upgrade Compatibility - Repository Manager 2 to 3 for a complete reference. 

General Improvements

  • [NEXUS-19019] - Update Docker images to use OpenJDK 8
  • [NEXUS-18919] - Prevent leaking of InputStream on root HTML index page
  • [NEXUS-18271] - Changed our Welcome Outreach capability to use HTTPS instead of HTTP

Upgrade

  • [NEXUS-18705] - repository-changelog requests from Nexus 3 upgrade can trigger Nexus 2 outbound requests even though proxy repository is blocked

Staging

  • [NEXUS-8316] - Prevent failing on file pattern for Profile Target Matcher staging rule

Nuget

  • [NEXUS-8159] - Log RemoteItemNotFoundException for NuGet Proxy at debug level

Security

  • [NEXUS-19314] - Multiple security vulnerabilities addressed