2022 Release Notes

Summary of Major Changes in 2022

The following table lists major changes in 2022 that should be considered when upgrading to a new version. Select a release for more information.

ReleaseRelease DateMajor Changes
3.45.0 - 3.45.1

January 17, 2023 (3.45.1)

December 28, 2022 (3.45.0)

  • 3.45.1
    • This release fixes an import/export bug for npm dist-tags.

  • 3.45.0

    • Nexus Repository 3 instances using PostgreSQL databases now use the    pg_trgm (trigram) module. This module may not be installed with PostgreSQL by default on all Linux distributions, which will result in an exception when attempting to upgrade. If you find yourself in this situation, you will need to install the postgresql-contrib package available from your Linux distribution.  In order to install it, the PostgreSQL user must have CREATE privileges on the current database.  See our  knowledge base article  for further information.

    • Due to multiple known issues that can lead to data loss, we have disabled the Admin - Change repository blob store   task for your protection. All pre-existing tasks of this type will no longer run, and you will not be able to create new ones through either the user interface or API. We highly discourage you from using this task in earlier Nexus Repository releases where it is not disabled.
3.44.0November 14, 2022
  • Nexus Repository 3 instances using PostgreSQL databases now use the    pg_trgm (trigram) module. This module may not be installed with PostgreSQL by default on all Linux distributions, which will result in an exception when attempting to upgrade. If you find yourself in this situation, you will need to install the postgresql-contrib package available from your Linux distribution.  In order to install it, the PostgreSQL user must have CREATE privileges on the current database.  See our  knowledge base article  for further information.
  • Multiple bug fixes
3.43.0November 7, 2022
  • Nexus Repository versions up to 3.42.0 (inclusive) included a vulnerable version of Apache Shiro. While we do not know of a reported exploit, we’ve upgraded Apache Shiro from 1.9.1 to 1.10.0 out of an abundance of caution. To ensure your safety, you should update to the latest version of Nexus Repository. 
  • NuGet V2 Support for H2 and PostgreSQL Database Users
  • Nexus Repository Now Mirrors PyPI Yank Attribute

  • Upgraded Jackson Databind from version 2.13.2.1 to 2.13.4.2.

  • Upgraded SnakeYAML from version 1.28 to version 1.32.

3.42.0September 26, 2022
  • Upgraded Eclipse Jetty from version 9.4.43.v2021062 to version 9.4.48.v20220622
  • Component search  will not perform a search query until you have specified search criteria
  • Any metadata file changes made by using the Remove Quarantined Versions feature are now logged in $data-dir/log/nexus.log and $data-dir/log/audit.log
3.41.0 - 3.41.1

August 19, 2022 (3.41.1)

July 27, 2022 (3.41.0)

  • 3.41.1

Critical Nexus Repository Pro Cleanup Policy Bug Fix (3.41.1)

This release fixes a critical cleanup policy bug impacting some Nexus Repository Pro deployments. See the official advisory for full details on who is impacted and how to remediate this issue.

  • 3.41.0
    • New Admin - delete blobstore temporary files Task 
    • Upgraded the embedded JDK version from Java 8u252 to  8u332; this only affects Windows and MacOS installers

    • New Optional Database Migrator Parameters

    • As recommended in  PEP 503, hosted PyPI repositories now provide SHA256 hashes instead of MD5 in the /simple web interface's href attributes that link to package files being served
      • Note that this behavior cannot be reverted once you upgrade to 3.41.0
3.40.0 - 3.40.1

June 22, 2022 (3.40.0)

June 24, 2022 (3.40.1)

  • 3.40.1

    • Fixed a bug (NEXUS-33568) that prevented downloading and uploading files for those with an H2 or PostgreSQL database who upgraded from 3.39.0 to 3.40.0. 

  •  3.40.0
    • Docker Subdomain Connector
    • Maven Metadata Rebuild Optimizations for SQL Databases
    • Upgrade Database Migrator to Spring 5.3.18
3.39.0May 23, 2022
  • Improved Resiliency/Disaster Recovery for File Blob Stores 
  • Prevent Blob Store Reconcile Task Interruption 
  • View Audit, Cluster, and Task Logs in User Interface 
3.38.0 - 3.38.1
  • March 2, 2022 (3.38.0)
  • March 29, 2022 (3.38.1)


  • 3.38.1
    • New chart in Log4J Visualizer
    • Improvements to Policy-Compliant Component Selection for npm
      • Nexus Repository 3.38.1 is now the minimum recommended version for using this feature; IQ release 134 is the minimum required IQ version
    • Upgraded the PostgreSQL driver from version 42.2.25 to version 42.3.3
  • 3.38.0

    • This release includes a fix for a server-side request forgery (See the  CVE-2022-27907 advisory  for more information)

    • This release includes a fix for an HTML injection vulnerability (See the CVE-2021-43961 advisory for full details)
    • Repository Health Check for NuGet Versions
    • Added GET Method to Repository Management API
    • Expanded Assets API
    • Asset Name Matcher Criteria Available for Yum Cleanup Policies 
    • Apple M1 Chip Support