2019 Release Notes

NEXUS-20269

Following security best practices the example configuration file that redirects inbound HTTP requests to HTTPS requests has been removed from the distribution. Startup will fail if your configuration references the file and it cannot be found.

Should it still be needed, instructions for adding it back are available.

NEXUS-19424

In past versions of cleanup, you could clean up by Last Downloaded but components with no download date would be ignored. This new function allows the ability to include in Cleanup items that have never been downloaded. In this case, uploaded date will be checked instead. In addition to the ticket, see Cleanup Policies documentation for more information.

NEXUS-9837

Nexus Repository Manager now provides native support for R repositories. R is a language used for statistical analysis and machine learning.

NEXUS-21311

Since the last NXRM release, CentOS 8 was released and it was found that NXRM did not function correctly with it. Full support is now added.

NEXUS-12456

Added support for "npm login" bearer token authentication to proxied upstream npm private repositories.

NEXUS-13433

Added support for "npm whoami".

NEXUS-21371

Conditional request handling added to npm group repositories to prevent errant 200 status codes from showing as 304s.

NEXUS-20268

Following security best practices HSTS is now enabled by default if Jetty based HTTPS connectors (jetty-https.xml) are used.

An article has been published which describes how to enable it in older versions, where the configuration is to disable it, and how to modify the behavior.

NEXUS-19970

Nexus Repository Manager now provides native support for CocoaPods proxy repositories. Developers using Swift and Objective-C languages will now have easy access to pods and podspecs while gaining several advantages of proxy support.

NEXUS-19866

Nexus Repository Manager now provides native support for Conda proxy repositories. Those using Python, R, Ruby, Lua, Scala, Java, JavaScript, C/C++ and many more languages can now set up proxy repositories for Conda packages.

We are continuously getting feedback from developers and excited to continue the rapid growth of native support for our officialrepository formats.

NEXUS-9862

New abilities for adding and removing "distribution tags" into npm metadata via the npm CLI. As one of our top requested improvements to Nexus Repository Manager, we are excited to continue our support for npm developers.

NEXUS-17797

Higher performance S3 storage ability for Nexus Repository Manager deployments in AWS. This batch of work improves performance with enhanced support for encrypted S3 buckets, use of custom encryption keys, simplified permission testing, and essential improvements to storage space metrics.

NEXUS-19120

Added support for Docker Foreign Layers. Nexus Repository Manager users can now proxy docker images with foreign layers when pulling Microsoft Windows images.

NEXUS-19144, NEXUS-19142, NEXUS-19143, NEXUS-19145, NEXUS-19146, NEXUS-16734

Enhanced REST API endpoints for initial provisioning and maintenance of Nexus Repository Manager. Users will also benefit from new improvements to endpoints for local and external roles and permissions, privileges, and content selectors.

NEXUS-20682

Users who also have access to Nexus Lifecycle can view Go component details in theComponent IQtab. Delivering advanced component information through Nexus Intelligence, details for Go components include information on policy violations, license issues, and security vulnerabilities that are known for a specific component.

NEXUS-19525

NXRM admins can now make use of regular expressions to clean up a given repository by team and/or project. The ability to apply multiple cleanup policies for an individual repository can even be used for longer retention of a certain set of artifacts.

For users with strict security controls we've added a feature we've called Routing Rules which can be used to prevent requests from being sent to external proxy repositories. This can for example allow users to block requests containing codenames from leaking to external repositories.

As part of our widespread format support we've begun to move one of the plugins from our great community members which supports the apt format into the core product. (Limited to single nodes in this release.)

Supporting the burgeoning Go community we've added native support for go repositories. (Limited to single nodes in this release.)

We've continued to add to our REST API with new endpoints to support operations on users, and user tokens. In this release they are flagged as beta, please take a look at our API documentation in the administration part of the user interface and submit feedback.

New instances as well as instances which have not changed anonymous configuration will prompt administrators upon logging in to confirm that anonymous users should be allowed to access the system. Similarly if the admin user is using the default password then upon logging in they will be required to change the password.

The "accesslog" database which tracks recent unique connections has been removed, along with the Recent Connections section of the administration interface. This removal in no way impacts the request.log text file.

NEXUS-19224

Unnecessary logging of missing task listeners has been reduced.

NEXUS-18949

If you are running a cluster, or otherwise monitoring node health, you need a simple check to determine if your node should receive requests. To meet that need, we have added a new REST endpoint, /v1/status/writable. This endpoint returns a 200 status code when the node is ready to process requests. It's perfect for integration with load balancers to remove a node from the active set when it becomes unhealthy and return it after the node has been recovered. See the documentation Status API for more.

NEXUS-18711

Getting all of the necessary support zips can be arduous in a HA-C environment. Administrators no longer have to access each node to generate support zips. Generating support zips will have the option to generate them on all nodes instead, and the pop-up window will have a tab per node.

Previously, gathering support zips was a GUI-driven process. So administrators could not use scripts to automate gathering support zips. The new REST endpoint, /v1/support/supportzip, gives programmatic access to support zips.

HA-C topologies have whole new classes of metrics that are beneficial to gain insight into your cluster. A new log file, nexus_cluster.log, has been added to contain them. This log contains information about the cluster's health, such as internode latency and replication queue depth. Support zips will include this log to make introspection on the history of cluster health easier.

NEXUS-18776, NEXUS-19313, NEXUS-18181

System Status Checks are a great way for components of NXRM to report vital information to administrators. To that end, the checks have been added to the banner. In normal operation, every check is passing and administrators will see a green checkmark. However, if at least one status check is failing then the header will have a red exclamation point.

Three new status checks were added specifically targeting high availability health.

NEXUS-18183

When a node becomes unhealthy, we now have a REST API to control the lifecycle phase of an NXRM node. A lifecycle phase is a step in the start up process used to group similar components and ensure that their dependencies are started before them. The REST API documentation has more information.

NEXUS-18182

The Maintenace API helps NXRM administrators understand their databases' status and recover from some error cases. Each endpoint can optionally take a node Id determining on which node the request is executed. See the REST API documentation for more insights.

NEXUS-14407

REST search now supports sorting results, as well as filtering prerelease components, allowing the search and download endpoint to return the latest version of an asset.

NEXUS-19619

Mac and Windows installers now include the Zulu OpenJDK 8 JRE.

NEXUS-16852

Using Nexus Repository Manager in HA-C with Nexus Firewall could cause the cluster to have numerous concurrent modification exceptions. There were a number of changes made to both reduce the frequency of conflicts and more robustly handle them when they do occur.

In addition to 3.16.0, we have also updated the bower resolver dependancies to the latest and most secure versions. We strongly recommend any users using bower update their bower resolver to the latest.

Some customers may be parsing the /service/metrics/data REST resource or utilizing the info/metrics.json file in support zips. This release updates our metrics library, which has changed the names of timers to include the suffix '.timer'. For example:

Old timer: com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read

New timer: com.sonatype.nexus.plugins.healthcheck.ui.HealthCheckStatusComponent.read.timer

The "version" field of the metrics file reflects this change, reving the version from 3.0.0 to 4.0.0.

NEXUS-18813

The audit database at $data-dir/db/audit is no longer in use and is replaced with audit log files written and archived in $data-dir/log/audit . Administrators may remove the audit database files from disk at their own discretion.

The Nexus Repo REST API moved from beta to release status in the 3.13.10 release. The old /service/rest/beta endpoints were kept for compatibility in the 3.13.0 and 3.14.0 releases, but they have now been removed (NEXUS-18562). Update any scripts that use /service/rest/beta endpoints to use the new /service/rest/v1 endpoints.

For our Professional licensed customers, we added a new level of flexibility for administrators when planning and updating their blob stores. Multiple blob stores can be combined into a Blob Store Group. These groups allow an individual repository to use storage across multiple locations and devices. Member blob stores can be added or removed from a group to ease the burden of migrations. Also added Fill Policies which give administrators more control and insight into how components are being stored.

For all our users (OSS and PRO) we have added Soft Quota which allow you to receive a warning when your blobstore has reached a configured metric.

NEXUS-6300

Users have been reporting OpenJDK has worked fine as the JVM for repository manager 3. As of 3.15.0, we now run our full test suite using a compliant Java SE standard distribution of OpenJDK 8. In light of the Oracle licensing changes to their Oracle JDK distributions, you can now be sure repository manager is fully tested against the standard.

NEXUS-18276

This bug would cause temp files to be left behind when the UI Upload feature was used. This could cause eventual disk space issues that would not be cleaned up by the standard NXRM cleanup tasks. This ticket fixes the issue going forward but does not assume to delete anything from the file system. If you utilize Upload UI frequently, we recommend checking the temp directory to see if you can get some disk space back.

NEXUS-18271

In order to promote security, we changed our Welcome Outreach capability to use HTTPS instead of HTTP.

Due to complications, the Analytics plugin and respective pages within the application have been removed from the system. If it is restored, we will have a new feature release note.