2021 Release Notes

Summary of Major Changes in 2021

The following table lists major changes in 2021 that should be considered when upgrading to a new version. Select a release for more information.

ReleaseMajor Changes
3.37.0
  • Repository replication now supports the NuGet and PyPI formats. PRO
  • Improved SQL INSERT performance into format specific browse_node tables to improve performance for those migrating to Nexus Repository 3 with an external PostgreSQL database. PRO
  • Made the node id persistent in the event of a node failover PRO
  • Modified the Repair - Rebuild repository search task for rebuilding the Elastic Search (ES) index when a Kubernetes node starts up to only rebuild the ES index if it is not present on the node. PRO
  •  New Repair - Rebuild npm metadata task.
  •  Repair - rebuild Maven repository metadata task now recreates hosted metadata files when it encounters one that is an invalid blob reference.
  • When migrating from Nexus Repository version 2 to version 3, Nexus Repository now retains information about when assets from that Nexus Repository 2 instance were created and who created them.

  • We reworked our implementation to avoid copy operations while uploading components so as to improve S3 storage performance.

3.36.0
  • This release includes a security fix for an incorrect access control. See the CVE-2021-42568 for full details.

  • This release includes a security fix for a server side request forgery vulnerability. See CVE-2021-43293 for full details.

  • Replication Improvement: You can now use Truststore certificates for replication connections; See our Replication help documentation.  PRO

  • Added OrientDB health check and repair to database migration; See our migration documentation  PRO
  • Added an automated Nexus Repository database version check for H2 and PostgreSQL databases to prevent using an H2 or PostgreSQL database version that is newer than your Nexus Repository version PRO
  • Added a new single-node cloud resilient deployment example using Azure to our help documentation.  PRO
  • Changed how Yum metadata is handled so that stale metadata is temporarily retained after rebuilding Yum metadata in order to support clients with an update metadata operation already in progress.
  • In order to make migration from Nexus Repository 2 to 3 faster, we've removed building search indexes and browse nodes from the upgrade process.
3.35.0
3.34.0-3.34.1
  • Includes a security fix for an HTTP header injection. See the CVE-2021-40143 advisory for details
  • Repository replication now available for all Pro customers; see the help documentation PRO
  • Added Cocoapods, RubyGems, p2, and Go formats for PostgreSQL database; see a full list of supported formats and features for H2 and PostgreSQL databases PRO
  • Improvements to Nexus Repository 2 to Nexus Repository 3 migration 
  • Changed default location for storing import task metadata
3.33.0-3.33.1
  • Critical fix for those migrating to a PostgreSQL database that prevents moving over privilegs for formats not yet supported in the PostgreSQL solution
  • Upgrade Eclipse Jetty to version 9.4.43.v20210629
  • Changes to Single-Node Cloud Resilient Deployment Example to remove the dependency on Amazon Elastic File System (EFS) PRO
  • Added npm, Conan, Conda, Git LFS, and R formats for PostgreSQL database PRO
  • New pro trial landing page
3.32.0
  • Introduction of repository replication product preview PRO
  • Added APT format for PostgreSQL database
  • Fix for known Docker issue NEXUS-28247
3.31.0-3.31.1
  • Includes a security fix for an Information Disclosure CVE. See the CVE-2021-34553 advisory for details

  • Nexus Repository Pro can now use an externalized PostgreSQL database instead of OrientDB. PRO
    • Formats supported include Maven, Docker, NuGet V3, PyPI, Helm, Raw, and Yum
  •  Upgrade Eclipse Jetty to 9.4.42.v20210604
  • Fix for NEXUS-28078 - Docker - Delete unused manifests and images task may delete referenced layers if the database query to select components encounters limits
3.30.0-3.30.1
  • Includes a security fix for an Information Disclosure CVE. See the CVE-2021-30635 advisory for details
  • Includes a security fix for an XSS vulnerability.  See CVE-2021-29159 advisory for details
  • Includes a security fix for a Sensitive Information Disclosure CVE. See the CVE-2021-29158 advisory for details
  • Known Docker issue in 3.30.0 (See NEXUS-28247); This is fixed in 3.32.0
  • Upgrade Eclipse Jetty to 9.4.40.v20210413
  • Azure blob store support PRO
  • Protection against namespace confusion
  • GPG for Yum repositories
  • Logjam attack prevention
3.29.0-3.29.2
  • Includes Security Fix for XML External Entity CVE. See the CVE-2020-29436 advisory for details.

  • 3.29.2 contains a fix for a Cleanup Policies bug found in 3.29.1
  • Filtering npm package root metadata
  • Deprecated /service/metrics/healthcheck
  • Support for Maven and Gradle SHA256/SHA512 hashing
  • Remote URL of nuget.org-proxy defaults to V3 for new installs
  • More secure direct inbound HTTPS connection ciphers and TLS protocols