3.63.0 | December 5, 2023 | Changes to HA Helm Chart Removed version numbers from Kubernetes objects that the Helm chart creates Added custom labels and selectors Added ability to use existing volumes and volume mounts
Additional Audit logging For SAML, we now log user login, logout, and config-changed events For local authentication, LDAP, and Crowd, we now log user login and logout events
Filter Repositories table by blob store name org.apache.santuario updated from version 2.3.0 to 2.3.4 org.json : json : updated to 20231013
|
3.62.0 | November 7, 2023 | New Cleanup Preview Experience for Pro Customers Using PostgreSQL New Combined Helm Chart for AWS, Azure, or On-Premises High Availability Deployments Azure HA Performance Data Support Zip Improvements Expanded Audit Logging Include records for "Clear Cache" and "Change (server) order" LDAP events. Added logging for when you create, update, or delete a routing rule.
Upgraded Jetty from version 9.4.51.v20230217 to version 9.4.53.v20231009 Upgraded goodies from version 2.3.5 to version 2.3.6 Upgraded eclipse-sisu from version 0.3.4 to version 0.3.5 Upgraded guice from version 5.0.1 to version 6.0.0 HA-C Now in Extended Maintenance Resolved an important database migrator issue that could cause components and assets to be migrated in the wrong order. Resolved an important database migrator issue that was causing the Database Migrator to import components and assets in the wrong order.
|
3.61.0 | October 4, 2023 | New OpenShift Operator for PostreSQL and High Availability Deployments Change Repository Blobstore Task Supports Proxy Repositories Policy-Compliant Component Selection for PyPI Sonatype Nexus Repository Usage Metrics Reworked our implementation to avoid copy operations while uploading components so as to improve Azure blob store performance Bug fixes, including a fix for the known issue in 3.60 and 3.59 impacting deployments using OrientDB with LDAP and SAML users that have the exact same User ID.
|
3.60.0 | September 7, 2023 | Warning There is a known issue in Sonatype Nexus Repository 3.59.0 & 3.60.0 impacting deployments using OrientDB and configured to have LDAP and SAML users that have the exact same User ID. If you are using OrientDB and have migrated authentication from LDAP to SAML you are advised not to upgrade to Nexus Repo 3.59.0 or 3.60.0. Fix for the Repair - Reconcile component database from blob store task issue noted in the 3.59.0 Release Notes Improved Performance for Deployments Using Crowd Support for Cocoapods Stored on Google Open Source Removed Local Authorizing Realm from User Interface and API
|
3.59.0 | August 15, 2023 | Warning There is a known issue impacting Sonatype Nexus Repository Pro users who meet all of the following criteria: Were previously on OrientDB and migrated to PostgreSQL Have RubyGems, P2, or NuGet v2 assets that were migrated from OrientDB to PostgreSQL Have run the Repair - Reconcile component database from blob store task with the Integrity Check option enabled (this option is enabled by default)
The issue causes the task tosoft-delete the blob .properties and .bytes files for NuGet v2 proxy and hosted repositories. The task also will not restore the desired content for RubyGems, NuGet v2 (proxy or hosted), or P2 repositories; however, there is no soft deletion associated with RubyGems or P2 repositories. If you have migrated to PostgreSQL and have RubyGems, P2, or NuGet v2 assets, do not run the Repair - Reconcile component database from blob store task against blobstores containing any of the impacted formats. We will release a fix for this issue in the upcoming 3.60.0 release. Warning There is a known issue in Sonatype Nexus Repository 3.59.0 impacting deployments using OrientDB and configured to have LDAP and SAML users with the same ID. If you are using OrientDB and have migrated authentication from LDAP to SAML you are advised not to upgrade to Nexus Repo 3.59.0 or 3.60.0. Note Common Vulnerabilities and Exposures Fix for Apache Shiro This release upgrades Apahe shiro from 1.10.0 to 1.12.0 to mitigate CVE-2023-34478. Note Common Vulnerabilities and Exposures Fix for SnakeYaml This release upgrades SnakeYaml from 1.33 to 2.0 to mitigate CVE-2022-1471. Added support for password encoders like SHA-256, SHA-384, and SHA-512 for LDAP authentication. Added outbound request log. Added audit logging for content selectors. The blobCreated date is now preserved when migrating to PostgreSQL. Various security fixes for those using user tokens for authentication.
|
3.58.0 - 3.58.1 | July 21, 2023 (3.58.1) July 17, 2023 (3.58.0) | Warning 3.58.1 fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall. Note Notable Compatibility Change: Sonatype Nexus Repository 3.58.0+ is only compatible with IQ Server versions 138+. |
3.57.0 - 3.57.1 | July 21, 2023 (3.57.1) July 5, 2023 (3.57.0) | Warning 3.57.1 fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall. Added an alert to the Roles screen that will inform users if the Default Role capability is enabled and what role is used as the default Added a Blob Store column to Manage repositories table Added Last Updated column to component search results table Modified the policy-compliant component selection checkbox so that it is disabled until and unless both the Firewall - Audit and Quarantine capability is enabled and the Enable Quarantine checkbox that appears within that capability is checked Renamed the Component IQ and IQ Application fields in the component browse view to Sonatype Lifecycle Component and Application respectively. Bug fixes Notable Search API Functionality Change Made enhancements to the Search APIs to improve the behavior for query parameters on fields that accept empty values. An empty value for most fields is now treated as “specifically empty" instead of the former behavior of treating it like a wildcard. However, note that the repository and format parameters should not be empty as every component is both stored in a repository and has a format.
|
3.56.0 | June 19, 2023 | |
3.55.0 | June 5, 2023 | |
3.54.0 - 3.54.1 | May 22, 2023 (3.54.1) May 18, 2023 (3.54.0) | Sonatype Nexus Repository 3.54.0 was never officially released and was found to contain a bug that we fixed in 3.54.1. Please use 3.54.1 and do not upgrade to 3.54.0. |
3.53.0 - 3.53.1 | May 12, 2023 (3.53.1) May 2, 2023 (3.53.0) | Warning There is a known issue in Sonatype Nexus Repository 3.53.0 impacting those using community or custom plugins. These plugins will not load from the typical install directory and, in some cases, this may prevent Sonatype Nexus Repository from starting. If you are using community or custom plugins and wish to upgrade, remove the plugin before doing so. Otherwise, wait to upgrade until we release a fix for this issue. If you are not using community or custom plugins, there is no impact. 3.53.1 Sonatype Nexus Repository 3.53.1 includes critical bug fixes impacting those using RubyGems who upgraded to Sonatype Nexus Repository 3.53.0. 3.53.0 Change in Database Property Evaluation Priority when Using PostgreSQL Order of priority reversed System Properties and Environment Variables no longer written to file All required configurations must be provided through the same mechanism
Fix for RubyGems dependency API deprecation IQ Server configuration in API page becomes Sonatype Repository Firewall configuration; the API URL is not affected and remains the same IQ Policy Violation column that appears when browsing repositories becomes Firewall Report Upgraded org.apache.karaf.jaas:org.apache.karaf.jaas.modules package from 4.3.6 to 4.3.9
|
3.52.0 | April 18, 2023 | |
3.51.0 | April 4, 2023 | |
3.50.0 | March 27, 2023 | |
3.49.0 | March 6, 2023 | The Admin - Cleanup unused asset blobs task now uses batch delete by default. This release primarily focuses on improving Sonatype Nexus Repository quality by resolving bugs. Upgrade Impact - If you are using an H2 or PostgreSQL database, after upgrading to version 3.49.0+, you will need to run an Apt - Rebuild Apt metadata task for each existing Apt repository in order to rebuild their metadata.
|
3.48.0 | February 27, 2023 | Content Replication - In this release, we introduce a simpler, more straightforward way to make your artifacts readily available across distributed teams: content replication. With content replication, you can manage what binaries are copied from one instance and pre-emptively pulled via HTTP to other instances. Pagination performance improvements for NuGet v2 repositories on deployments using a PostgreSQL database. Upgrade Impact - If you are using an H2 or PostgreSQL database, after upgrading to version 3.48.0+, you will need to run a task for each existing Helm and Yum repository in order to rebuild their metadata:
|
3.47.0 - 3.47.1 | February 9, 2023 (3.47.1) February 7, 2023 (3.47.0) | Warning Release 3.47.1 fixes an issue that was causing missing blob exceptions for those upgrading to 3.47.0. If you have not upgraded to 3.47.0, upgrade to 3.47.1 instead. If you have already upgraded to 3.47.0, upgrade to 3.47.1 as soon as possible. |
3.46.0 | January 30, 2023 | |