2017 Release Notes
Repository Manager 3.7.1
12/28/2017
Sonatype is pleased to announce the immediate availability of Nexus Repository 3.7.1. A summary of the highlights in this release is shown below.
For more detail see the complete release notes.
Offline Repositories for Tree/HTML views [NEXUS-15278]
This release fixes an issue where some content may be missing in the tree or html views for offline repositories. We highly recommend users of 3.7.0 upgrade to this patch release.
Repository Manager 3.7.0
12/19/2017
Sonatype is pleased to announce the immediate availability of Nexus Repository 3.7.0. A summary of the highlights in this release is shown below.
For more detail see the complete release notes.
Upgrade to 3.7.1 Recommended
If you upgrade to 3.7.0 from a version that has a repository marked offline, then the new Tree View feature introduced in 3.7.0 may fail to render all repository content. This known issue does not cause builds to fail or the search user interface from working, only tree view is affected. This issue is resolved in 3.7.1 and newer.
Tree and HTML views replace prior Browse features
The browse experience has been upgraded to include a Tree View and HTML View to help you find your assets faster and easier. During this process, we also exhaustively tested for scale and upgrade across all formats. The search experience remains the same as prior versions.
When upgrading, Nexus Repository Manager will automatically begin creating the tree node data. Depending on hardware, this data should take ~30 minutes to process 3 million assets and the storage of the component database should increase by ~30%. While the assets are being processed browse will display a partial tree.
NPM command line Search restored
npm deprecated the /all/ endpoint to their search interface earlier this year. This improvement restores npm search via that interface by enabling the replacement /v1/ endpoint. We took this opportunity to add some scalability and performance tweaks as well.
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.5. See the upgrade compatibility matrix for more information.
General Highlights
Docker
- [NEXUS-13894] - Docker unauthenticated access shows "unknown: unknown" console output
- [NEXUS-12216] - Support pushing Docker Windows Container images and loosen manifest validation to allow for 'foreign-layers'
Migration
- [NEXUS-10162] - migrating NXRM2 to NXRM3 automatically enables legacy content URLs
- [NEXUS-13329] - Maven artifact whose case does not match the version folder they reside in are not migrated
Repository Health Check
- [NEXUS-14960] - healthcheck.properties can contain references to repositories that do not exist causing 3.6.1 upgrade to fail
Repository Manager 3.6.2
11/28/2017
This release is a bug fix release for a critical bug that affects LDAP authentication in HA configurations.
See the complete release notes.
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.5. See the upgrade compatibility matrix for more information.
Repository Manager 3.6.1
11/15/2017
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.6.1.
See the complete release notes for all resolved issues.
New and Noteworthy
This release is a rollup of 70+ bug fixes and general improvements we’ve made over the last couple of months.
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.5. See the upgrade compatibility matrix for more information.
General Improvements
Blobstore
- [NEXUS-14707] - Additional check for blobstore default integrity strategy
Docker
- [NEXUS-14488] - Cannot perform docker pull against some Docker-Hub proxy
- [NEXUS-14512] - add anonymous search for docker repositories
Maven
- [NEXUS-13949] - Remove snapshots from Maven repository remove if released option may progress slowly
NuGet, Raw
- [NEXUS-11962] - add legacy URL support for non-maven repositories
NPM
- [NEXUS-13207] - NPM group search document is not invalidated when member search documents change
Performance
- [NEXUS-14843] - cursor prefetch limit set to high by default for some queries potentially leading to excessive memory usage
REST API
- [NEXUS-14730] - expose REST API developer documentation inside the user interface
- [NEXUS-14603] - REST Asset Search JSON API
Security
- [NEXUS-10896] - record and expose the authenticated user who uploaded a component to a hosted repository
- [NEXUS-14515] - Display the IP address of the user who uploaded a component to a hosted repository
Upgrade
- [NEXUS-12907] - Upgrade from 2.x to 3.x Hangs on Group Repos containing only Staging Repos
YUM
- [NEXUS-14058] - configurable repodata depth for yum proxy repos
- [NEXUS-14484] - Add support for proxying yum repositories that have sha1 checksums
Repository Manager 3.6.0
09/27/17
Sonatype is pleased to announce the immediate availability of Nexus Repository 3.6.0 OSS and Pro. A summary of the highlights in this release is shown below.
Please see JIRA for the complete list of changes.
Docker Anonymous Support
This change makes it possible for anonymous users to be granted read-only (pull) access. It's enabled by a new Docker repository connector option and realm. Anonymous read support can be deactivated by default and must be enabled on each Docker repository individually. Ultimately, this is useful as it allows users to consume and share Docker images with no credentials needed.
Goodbye JEXL, Hello CSEL
We've discovered that Apache JEXL based content selectors aren't fast enough for our upcoming tree view feature, which does many more evaluations than other browsing methods. To address this we’re introducing our own Content Selector Expression Language (CSEL) to support current features, such as Upgrading, and future improvements that rely on optimal performance.
Nexus Repository will automatically upgrade as many of your existing JEXL selectors to CSEL selectors as possible. Any remaining JEXL selectors will continue to function but with this new expression language in place, future releases of the repository manager will be more performant.
Provisioning API and Group Repositories
Groups repositories created through the provisioning API will now preserve the order of their members. Previously, the initial ordering was set correctly, but jumbled on server restart.
For existing repositories affected by this, the workaround is to load the group repository in the UI, reorder the members as desired, and save.
Firewall and IQ Server
Firewall now requires the IQ Server connection capability to be configured and enabled. Previously, it would process transactions (e.g. audit) regardless, but a recent change now requires this capability.
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.5. See the upgrade compatibility matrix for more information.
Repository Manager 3.5.2
09/12/17
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.5.2.
See the complete release notes for all resolved issues.
New and Noteworthy
This is a targeted release to address excessive thread creation associated with task progress logging.
The vast majority of customers will benefit from updating to this release.
General Improvements
Task Logging
- [NEXUS-14227] Bug Thread count increases linearly with scheduled task execution
Repository Manager 3.5.1
08/18/17
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.5.1.
See the complete release notes for all resolved issues.
New and Noteworthy
This is a targetted release for a select set of Pro licensed customers aimed at resolving some critical database concurrency issues.
The vast majority of customers will observe no immediate benefit from updating to this release.
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.5. See the upgrade compatibility matrix for more information.
General Improvements
Database
- [ NEXUS-14087] Improvement upgrade OrientDB dependency to version 2.2.26
Repository Manager 3.5.0
08/03/17
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.5.
See the complete release notes for all resolved issues.
New and Noteworthy
Yum Proxy Repository Support
You can now define Yum proxy repositories. In Nexus Repository 2, Yum support was built on top of maven repositories, this time around, we’re building yum as a first-class format.
Yum hosted and group repository support will be in a yet to be announced future release and this time around we’re building Yum support to be platform independent such that it will not have a dependency on the external createrepo program.
Note that upgrading Nexus 2.x Maven 2 format Yum enabled proxy repositories is not supported - your new Nexus 3.x Yum proxy repository will download remote rpm files and metadata as needed. Give it a try and let us know what you think!
Upgrade Support for Firewall Enabled Repositories
For Firewall customers looking to upgrade their Nexus Repository instances from 2.x to 3.x, we’ve enhanced the upgrade wizard with support for quarantine-enabled repositories. This means that when you upgrade a 2.x instance to 3.x, the audit and quarantine history is upgraded along with it.
Upgrading to Nexus Repository 3.5.0 from 2.x requires the just-released Nexus Repository 2.14.5. IQ Server 1.33 is also a required minimum for upgrading Firewall-enabled repositories.
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.5. See the upgrade compatibility matrix for more information.
Changes to Startup Files
A JVM optimization was making debugging some of your reported issues difficult; we have corrected this by changing the default JVM options. [ NEXUS-13777 ]
Picking up this change will require the following line in file bin/nexus.vmoptions
(now the default):
-XX:-OmitStackTraceInFastThrow
Per-Task Log Files
Scheduled tasks will now output to their own log files allowing for cleaner separation of task log output from regular log output. Task logs are retained up to 30 days and can be found near the existing log files under sonatype-work/nexus3/log/tasks. [NEXUS-13352]
General Improvements
Backup
- [NEXUS-13486] Improvement prevent restoring database backups with mismatched versions
Blobstore
- [NEXUS-12389] Improvement if the component database references a soft-deleted blob then prevent blob store compaction task from hard deleting the blob
Bootstrap
- [NEXUS-13485] Improvement warn in UI when ulimit < 65536 on Linux or OSX
- [NEXUS-11870] Improvement jetty-https.xml obfuscated keystore truststore password values are confusing
CLM,Upgrade
- [NEXUS-13901] Improvement support upgrading Nexus Repository Manager 2 Firewall enabled repositories to Nexus Repository Manager 3
Database
- [NEXUS-13304] Bug 500 responses from Nexus after enabling quarantine on NuGet proxy repository
Docker
- [NEXUS-13363] Bug Conditional GET requests for Docker image layers always download the layer when proxying another Nexus performance
Logging
- [NEXUS-12968] Bug Uninformative log message in ProxyFacetSupport - Content not present for throwing exception
- [NEXUS-13777] Bug JVM optimizations may log exceptions without stack traces by default
Migration,NuGet
- [NEXUS-13554] Bug A NuGet package that is in Nexus 2.x storage but not in its database causes a NullPointerException on migration to Nexus 3
NPM
- [NEXUS-12457] Bug npm proxy receiving connection reset responds to client with status 500 instead of 404
NuGet
- [NEXUS-12339] Bug Faulty result ordering for NuGet searches
- [NEXUS-10144] Improvement improve robustness of NuGet case insensitive package ID matching
Repository
- [NEXUS-10243] Bug Content type exception uploading tar files - identified as application-gtar instead of application/tar
UI
- [NEXUS-9546] Improvement add better validation on task configuration numeric fields
Yum
- [NEXUS-13900] Improvement add YUM proxy repository support
Repository Manager 3.4.0
01/18/17
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.4.
See the complete release notes for all resolved issues.
New and Noteworthy
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.4. See the upgrade compatibility matrix for more information.
Updated System Requirements: Increase Default File Handle limits
On Linux and Mac OSX installs, the default process file handle limits available may be too small and may cause data corruption or other significant problems if not explicitly increased. We recommend all deployments ( even previous versions) raise their available file descriptors to 65536 immediately. How to implement this change is summarized in the system requirements. [ NEXUS-12041 ].
General Performance/Scalability Improvements
All sorts of performance optimizations for existing features are in this release, primarily with scheduled tasks, browse and search. Issues which were causing OutOfMemory errors were also squashed. We continue to schedule fixing any remaining severe issues with extreme prejudice and we are confident this is the best performing 3.x release to date.
General Improvements
Bootstrap
- [NEXUS-13098] Improvement log and prevent startup when the started Nexus version is using a data directory from a newer Nexus version
- [NEXUS-12041] Bug WARN org.elasticsearch.env max file descriptors for elasticsearch process likely too low, consider increasing logged at start
Bower,PyPi
- [NEXUS-13137] Improvement Purge unused components and assets task should support PyPi and Bower proxy repositories
Build
- [NEXUS-12540] Bug Unable to Start Nexus-public
- [NEXUS-12397] Bug nexus-public base template binary fails to start due to DependencyResolver$UnresolvedDependencyException
Crowd
- [NEXUS-12405] Bug Crowd realm is missing 'Clear Cache' option like the LDAP realm has
Database
- [NEXUS-13431] Improvement upgrade OrientDB to version 2.2.21
Docker
- [NEXUS-12711] Bug Nexus docker registry delete REST api partially deletes an image
- [NEXUS-13385] Bug java.util.ConcurrentModificationException possible with Docker UploadManager during POST to blobs/uploads
Documentation
- [NEXUS-13000] Bug clarify file name references in documentation for upgrading from 3.2 to 3.3
LDAP,UI
- [NEXUS-13071] Bug Unfiltered LDAP user search will retrieve all users from an LDAP server, which can result in an OOM
Logging
- [NEXUS-12908] Bug Connection issue to IQ server is only logged at DEBUG level
- [NEXUS-13141] Bug when merging maven-metadata.xml for a group request fails the repository ID containing the bad metadata is not logged
- [NEXUS-13096] Bug com.orientechnologies.common.profiler.OAbstractProfiler$MemoryChecker log spam every 2 minutes
- [NEXUS-13371] Bug BlobAttributes deletedReason is logged as reason: null instead of the actual reason
Maven Repository
- [NEXUS-12844] Improvement Upgrade Apache Tika dependency to 1.14
Maven2
- [NEXUS-13085] Bug IllegalArgumentException Version mismatch may be logged when GA maven-metadata.xml versions are merged in a group repository request
NPM
- [NEXUS-13168] Bug NullPointerException on npm search when invalidating cache
- [NEXUS-11910] Bug npm search against group repository fails with HTTP 500 due to not properly supporting /-/all resource
- [NEXUS-12869] Bug npm publish a large package may cause java.lang.OutOfMemoryError: Java heap space when parsing the JSON payload performance
- [NEXUS-12304] Bug `npm publish` on an already published package version does not update all changed package metadata
- [NEXUS-12716] Bug NullPointerException when running npm search
NuGet
- [NEXUS-12064] Bug JPQLGenerator.toJpqlLiteral NullPointerException for NuGet /Packages() resource as submitted by OctopusDeploy
Proxy Repository
- [NEXUS-13378] Improvement Limit multiple outbound upstream requests for the same proxied asset performance
Repository
- [NEXUS-11215] Bug valid .woff files fail Strict Content Type Validation with 400 response
Repository Health Check
- [NEXUS-13087] Bug caching asset download counts under high unique request volume can lead to OutOfMemoryError and instability performance
- [NEXUS-13432] Bug asset download count feature contributes log noise and heap memory spike every 24 hrs when deleting old download counts performance
- [NEXUS-13026] Bug repository health check column displays 0 total and 0 bad even if repository has content
Repository Health Check,Security
- [NEXUS-12485] Bug add privilege that controls access to health check summary report
RubyGems
- [NEXUS-13178] Bug gem development dependencies are treated as runtime dependencies
- [NEXUS-12373] Bug parsing dates in some gemspec files could fail with IllegalArgumentException: Invalid format
Scheduled Tasks
- [NEXUS-12780] Bug task scheduler threads may deadlock at QuartzTaskJob.mayBlock() when more than 20 blocking tasks are encountered performance
- [NEXUS-13584] Improvement add task that can Restore Asset/Component metadata to component database from Blob Store contents
- [NEXUS-13092] Bug slow performance and metadata rebuild failures when running "Remove snapshots from Maven repository" against large datasets performance
- [NEXUS-13130] Bug Timed out reading query result from queue when running purge unused snapshots task performance
Search
- [NEXUS-13163] Improvement Use bulk API for incremental Elasticsearch updates performance
- [NEXUS-13466] Bug SearchServiceImpl ERROR Elasticsearch index thread pool is overloaded message may appear in nexus.log performance
Transport
- [NEXUS-13136] Bug NullPointerException is thrown when user-agent header value is not present
UI
- [NEXUS-10419] Bug nested webapp context path Nexus 3 breaks the UI
User Token
- [NEXUS-13127] Bug Anonymous access to repositories does not work when "Require user tokens for repository authentication" is set
- [NEXUS-13126] Bug When "Require user tokens for repository authentication" is set nexus does not send an authorization header
Webhooks
- [NEXUS-12855] Bug Only one capability of type 'Webhook: Repository' can be created
Repository Manager 3.3.2
06/19/17
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.3.2.
See the complete release notes for all resolved issues.
New and Noteworthy
Browse Performance
Browsing large repositories especially with a UI text filter added, could take longer than the UI timeout of 60 seconds to complete. We have optimized internal queries to mitigate this effect. [ NEXUS-13095 ]
Search Performance
There have been multiple reports of slow or incomplete asset and component search. Under some circumstances, assets recently published or proxied into a repository would not show up in search results (despite being visible in browse and retrieval by client tooling). This behavior was due to the default indexing configuration which silently ignored over-capacity indexing requests. We’ve switched to a bulk indexing mode, which avoids this.[ NEXUS-12520 ]
NuGet Client Query Performance
Under some circumstances, NuGet ODATA searches could take unacceptably long to complete. Performance has been improved significantly through query optimization. [ NEXUS-12983 ]
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.4 .
General Improvements
Browse Storage
- [NEXUS-13140] Improvement when browsing assets in a group repository the asset summary UI should display the containing member repository name
- [NEXUS-13095] Bug Browse components of large repositories fails with IllegalStateException Timed out reading query result from queue performance
NuGet
- [NEXUS-12983] Bug NuGet FindPackagesById queries may perform slowly possibly leading to general non-responsiveness performance
Search
- [NEXUS-12520] Bug assets visible by browsing are not available when searching due to non-optimized elasticsearch configuration rebuilding indexes
- [NEXUS-12681] Bug search assets or components UI slower to respond than expected with large datasets performance
Repository Manager 3.3.1
06/01/17
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.3.1.
See the complete release notes for all resolved issues.
New and Noteworthy
This is a targeted release to address some key issues with blob store operations.
Refetch Proxy Repository Content When a Blob is Missing
Prior to this release, if the blob (binary content) for proxy repository asset was marked as soft-deleted, an error would be logged return 500 status returned to the calling client. Now, the content will be re-fetched from the remote and if still not available, an appropriate 404 status will be returned. [ NEXUS-12388].
We have also made two internal improvements to blob write operations under concurrent load in order to increase resiliency. [ NEXUS-13030, NEXUS-13032 ]
Record Blob Soft-Deletion Reason
Soft-deleted binary content intentionally remains on disk until the blob store is compacted. In rare cases some blobs were being referenced as soft-deleted unexpectedly. To help diagnose such a situation, the reason a blob is soft-deleted will be recorded in its accompanying .properties file. [ NEXUS-13035]
Upgrading from 2.x
If you’re upgrading from Nexus Repository 2, you must first upgrade your installation to 2.14.4 .
General Improvements
Blob store
- [NEXUS-13030] Improvement automatically retry blob creation when a UUID collision is detected
- [NEXUS-13035] Improvement add a diagnostic reason for soft-deleting a blob to the blob properties file
Logging
- [NEXUS-9872] Improvement misconfigured docker proxy URL should log more details about critical failures at default log levels
- [NEXUS-12793] Bug if java.lang.Error is thrown during request processing it may not be logged at default log levels
Proxy Repository
- [NEXUS-13032] Improvement eliminate soft-deleted blobs and reduce transaction retries for identical proxy repository asset requests performance
- [NEXUS-12388] Improvement attempt to refetch proxy repository content from remote when a referenced local blob is missing
Repository Manager 3.3.0
04/11/17
These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.3.
See the complete release notes for all resolved issues.
New and Noteworthy
Git LFS Support
Nexus Repository is first to market with free support for Git LFS.
Downloading or sharing large binary files, such as videos, images, audio recordings, and database files, can slow down the development process and negatively impact the performance of a DevOps tool chain. By managing these components in Nexus Repository, organizations can save time and benefit from increased availability, ease of file sharing, and the ability to better control access to Git LFS components.
Nexus Repository lets you store all of your software binaries, including Git LFS in a single location. With the introduction of Git LFS support, Nexus Repository now offers free support for eight components formats, including: Java, npm, NuGet, RubyGems, PyPI, Bower, and Docker.
Once you give our Git LFS support a try, we would love to hear how this feature works for you. Let us know at nexus-feedback@sonatype.com.
Repository Health Check Revamped!
We’ve made a significant overhaul to how Repository Health Check (RHC) works. Our goal was to make it easier for repository administrators to not just understand, but to improve the health of their repositories over time.
RHC now shows the top five components in need of remediation, prioritized by the severity and impact of the vulnerability. It also provides download trends to help you understand how the health of your repositories is changing over time.
If you are using Nexus Repository and have not yet turned on the RHC feature, start today. What’s the urgency? Perhaps you have not read the 2016 State of the Software Supply Chain Report that indicated 1 in 16 open source components downloads has a known security vulnerability. It’s time to know what’s in your repo.
Browsing and Proxy Repository Performance Issues Squashed
We continue to squash performance issues as they surface. This release includes some significant fixes that were affecting proxy repository cache throughput and Browse UI rendering. Try this new release - you should notice immediate gains in performance especially in these areas.
We are working some known issues with Search performance and we hope to have these rectified soon.
Upgrade Improvements and Requirements
If you’re upgrading to 3.3 from Nexus Repository 2.x, you must first upgrade your installation to 2.14.4.
We've corrected an issue where the upgrade process could fail if it encountered invalid or corrupt NuGet components in the 2.x repository.
We’ve also tightened the validation of proxy repository configuration to prevent blank or invalid remote repository URLs. Before upgrading to 3.3.0 from 3.2.1 or earlier, please ensure that your proxy repository remote URLs are valid.
General Improvements
Blob store
- [NEXUS-12496] Bug FileBlobStore error handling makes it impossible to see what blob causes a runtime exception
- [NEXUS-12676] Bug BlobStoreException should implement toString() to facilitate better exception messages
- [NEXUS-10540] Bug BlobStoreManagerImpl is not thread-safe
Browse Storage
- [NEXUS-12678] Bug Browse assets or components user interface slow to respond performance
- [NEXUS-12360] Improvement expose blob created and updated dates to avoid confusion with last updated date
Capabilities
- [NEXUS-10621] Bug DefaultCapabilityRegistry is not thread-safe
Configuration,UI
- [NEXUS-12285] Bug Remote Storage URL should be a required for proxy repository configuration
Crowd
- [NEXUS-12404] Bug Crowd cache entries do not expire properly
Database
- [NEXUS-12040] Bug Faulty handling of query timeouts in OrientAsyncHelper.QueueConsumingIterable
- [NEXUS-11972] Bug JobStoreImpl should skip over malformed records to allow nexus to start
Documentation
- [NEXUS-12255] Bug book mentions upgrade options that are not available
git-lfs
- [NEXUS-12644] Improvement add support for git-lfs
LDAP
- [NEXUS-12020] Bug LDAP cache entries do not expire properly
- [NEXUS-10533] Bug EnterpriseLdapManager is not thread-safe
- [NEXUS-12250] Bug "Generic LDAP Server" UI configuration template should not have password attribute set by default
Logging
- [NEXUS-12242] Bug repository requests to paths containing certain characters may fail with status 500 "Illegal character in path at index"
- [NEXUS-12334] Bug Log spam when a user's session expires while viewing the repositories UI
Maven2
- [NEXUS-12355] Bug MavenModels throws an IOException when attempting to parse an empty InputStream
Migration
- [NEXUS-12081] Bug Upgrade never completes if source repository has zero length files in it
NPM,Security
- [ NEXUS-11965] Bug npm install fails with 500 error when user has Group level privileges
Migration,NuGet
- [NEXUS-12483] Bug invalid nexus 2.x NuGet repository files will cause nexus 3.x upgrade to fail with NullPointerException
NuGet
- [NEXUS-12337] Bug NuGet queries against asset attributes can be slow due to non-optimized indexes performance
- [NEXUS-12338] Bug query parameter names for NuGet search requests are not case-insensitive
- [NEXUS-12484] Bug targetFramework attribute in NuGet nuspec file is rendered as Unsupported
Proxy Repository
- [NEXUS-12677] Bug proxy repository default negative cache size is too low to be effective performance
- [NEXUS-10059] Bug 404 response from Nexus 2 proxying Nexus 3 due to auto-routing
Repository,Transport
- [NEXUS-12077] Bug Auto-blocked proxy repository logs gigantic stack trace, doesn't say what was blocked, or why
- [NEXUS-12527] Bug Nexus will not deliver files from the on-disk cache of a proxy repository if their metadata/artifact max age has expired and the remote is not reachable performance
Repository
- [NEXUS-10503] Bug RepositoryManagerImpl is not thread-safe
Repository Health Check
- [NEXUS-12645] Improvement make the Repository Health Check summary useful for discovering vulnerable components
- [NEXUS-12367] Bug UI Danger error message when enabling RHC on a Maven Snapshot Repo.
Scheduled Tasks
- [NEXUS-12481] Bug NullPointerException while rebuilding maven metadata if database operations timeout
Security
- [NEXUS-11238] Bug Repository View - Browse permission grants too much access security
- [NEXUS-12852] Bug certain responses may print absolute file system paths in the response
SSL
- [NEXUS-10477] Bug SSL key/trust store is not thread-safe
Support Tools
- [NEXUS-11190] Bug java.nio.file.NoSuchFileException for inaccessible mounts prevents support zip generation
UI
- [NEXUS-12091] Bug HTTP Proxy host name setting accepts invalid characters such as space which can prevent server start
- [NEXUS-12673] Improvement display given roles in alphabetical order by name instead of arbitrary order compatibility
- [NEXUS-12535] Bug Manage Privileges search dialog loses cursor focus
- [NEXUS-10774] Bug the icon to collapse user interface feature menu can be easily confused for a back navigation button
- [NEXUS-12693] Bug Create wildcard privilege form does not redirect to list view on success
User Token
- [NEXUS-11231] Bug Require User Token setting not enforced security
Repository Manager 3.2.1
02/15/17
These notes are a compilation of improvements and significant bug fixes for Nexus Repository Manager 3.2.1.
See the complete release notes for all resolved issues.
New and Noteworthy
This release is heavily focused on high-priority bug fixes and support reducing upgrade impediments from Nexus Repository 2 to 3.
Known Issues Affecting Upgrades from Nexus Repository Manager 2 to 3
Along with 3.2.1, we released version of Nexus Repository 2.14.3. If you wish to upgrade from Nexus Repository Manager 2 to Nexus Repository Manager 3, you must upgrade to 2.14.3 at a minimum first. See the 2.14.3 release notes for details.
Proxy repositories now afford options to enable circular redirects and store HTTP cookies. For example, you can enable the settings for the Oracle Maven Repository (maven.oracle.com). This achieves parity for upgrading Nexus 2.14.3 to Nexus 3.2.1. [NEXUS-10164]
During an upgrade from Nexus Repository 3 to version 2, HTTP requests contained encoded slashes in the URL denoting the pathname of a downloaded component. These encoded slashes caused issues when version 2 ran behind a reverse proxy. This issue has been resolved. [NEXUS-11909]
General Improvements
Blob store
- [NEXUS-11283] - Bug blob store counts inaccurate
Database
- [NEXUS-12336] - Bug repository formats lacking a groupid concept can suffer from slow db queries due to missing indexes
Docker
- [NEXUS-11947] - Bug deploying docker manifest which has unknown properties causes an entire docker package to become unusable
- [NEXUS-12073] - Bug pulling from Docker group generates error unless read access assigned directly to member
- [NEXUS-12083] - Bug exception while executing "Purge unused docker manifests and images" task
Logging
- [NEXUS-11020] - Bug too much DEBUG logging from
com.orientechnologies.orient.core.storage.impl.local.paginated.OLocalPaginatedStorage
- [NEXUS-11518] - Bug
ProxyServiceException
stack trace logged at WARN when remote responds with HTTP/1.1 401
NPM
- [NEXUS-11988] - Bug npm hosted repository package metadata tarball URLs incorrectly contain generated-on-request placeholder after upgrade
NuGet
[NEXUS-12310] - Bug select from component query for NuGet is missing database index causing it to perform slowly
OSGI
- [NEXUS-10049] - Bug First time starting nexus via Docker has karaf log warn
Repository, Scalability
- [NEXUS-10759] - Bug Deleting a repository of non-trivial sizes lags and floods the log with exceptions
Scheduled Tasks
- [NEXUS-10429] - Bug Task produces WARN if "incorrect" repository is selected
Search, UI, UX
- [NEXUS-10750] - Improvement limit displayed search criteria to the formats of configured searchable repositories
- [NEXUS-11140] - Bug Elasticsearch (JDK) overflow on disks larger than 2^63
Upgrade
- [NEXUS-10164] - Improvement add support proxying maven.oracle.com in nexus 3
- [NEXUS-11909] - Bug content requests to Nexus 2 by migration agent should avoid HTTP 404 Not Found caused by URL encoding
- [NEXUS-12076] - Bug Upgrade wizard checks for hard link capability even though a different ingest method is chosen
- [NEXUS-12099] - Bug gradually slowing upgrade of Nexus 2 site repositories to Nexus 3 raw repositories
- [NEXUS-11995] - Bug Repository migration fails with
com.fasterxml.jackson.databind.JsonMappingException: Invalid type marker byte 0xfa for expected field name (or END_OBJECT marker)
User Token
- [NEXUS-12230] - Bug User token is deleted if external server cannot be reached