Nexus Repository 3.36.0 Release Notes

Highlights in This Release 

Common Vulnerabilities and Exposures (CVE) Fix

This release includes a security fix for an incorrect access control. See the CVE-2021-42568 for full details.

Common Vulnerabilities and Exposures (CVE) Fix

This release includes a security fix for a server side request forgery vulnerability. See CVE-2021-43293 for full details.

Improvements to Database Migration to H2 or PostgreSQL PRO

This release includes multiple improvements for those migrating to an H2 or external PostgreSQL database. Improvements include an OrientDB health check and repair parameter for the Database Migrator utility and a Nexus Repository database version check that makes upgrades safer. See more below.

What's New and Noteworthy in Nexus Repository Pro? 


The features in this section are only available in Nexus Repository Pro. Interested in a free trial? Start here.

See the complete release notes for everything included in this release. Ready to download the latest release? Find it on our Downloads page.

Replication Improvement: Use Truststore Certificates for Replication Connection PRO

We continue to invest time and effort in improving our Replication feature, which we introduced in version 3.34.0. In this release, we've added support for the Nexus Truststore. You can now opt to use a certificate connected to the Nexus Truststore when configuring a replication connection. Checking the Use certificate connected to the Nexus Truststore checkbox tells your source Nexus Repository instance to use the Nexus Truststore for certificates when contacting the remote Nexus Repository. See our Replication help documentation for more information on creating Replication connections.

Improvements to Database Migration to H2 or PostgreSQL PRO 

An externalized PostgreSQL database is the cornerstone of improved resilient deployment models and cloud support. We will be continually working to improve in this area. 

Added OrientDB Health Check to Database Migration PRO

If you're ready to migrate from OrientDB to H2 or PostgreSQL, it's important to know that your OrientDB database is in a healthy state in order for migration to be successful. We have added a new optional parameter to allow our Database Migrator utility to check for and report any existing detected OrientDB corruption before attempting to migrate data to the new database. Check out our migration documentation for more information on running the Database Migrator.

Added Nexus Repository Database Version Check PRO

In this version, we've added an automated check that will make upgrades safer. Should you run a H2 or PostgreSQL database version that is newer than your Nexus Repository version, the data or table structure could be changed in such a way that Nexus Repository cannot interpret it. Further, any bad data that the old version of Nexus Repository adds to the database cannot be fixed since migrations can only be done once. To prevent this happening, we've added a check so that Nexus Repository will stop during startup if it determines that the database version is newer than the Nexus Repository version.

Documentation Improvement: New Resiliency Example Using Azure PRO 

We have added a new single-node cloud resilient deployment example using Azure to our help documentation. This resilient deployment example is geared towards those wishing to protect against an Azure Availability Zone, node/server, or Nexus Repository service failure. If you are interested in a resilient Nexus Repository deployment, check out the new example along with our on-premises and AWS examples in our resiliency documentation.


What's New for Everyone? 


See the complete release notes for everything included in this release. Ready to download the latest release? Find it on our Downloads page.

Optimized How Yum Metadata is Rebuilt 

When rebuilding a Yum repository, you may have encountered errors due to how metadata was handled. We have changed things so that stale metadata is temporarily retained after rebuilding Yum metadata in order to support clients with an update metadata operation already in progress.

Faster Migration from Nexus Repository 2 to Nexus Repository 3 

In order to make migration from Nexus Repository 2 to 3 faster, we've removed building search indexes and browse nodes from the upgrade process. Previously, Nexus Repository had to complete these steps before migration itself could finish; now, the Repair - Rebuild repository browse and Repair - Rebuild repository search tasks will run after migration is complete.

See the After the Upgrade section of our Nexus Repository 2 to 3 migration help pages for more information.

Bug Fixes  


Public Ticket Number 

Description
NEXUS-29088

Running the replication backfill blob attributes task will now process all blobs as expected.

NEXUS-29319

This release includes a security fix for an incorrect access control. See the CVE-2021-42568 for full details.
NEXUS-29407This release includes a security fix for a server side request forgery vulnerability. See CVE-2021-43293 for full details.