2023 Release Notes

Summary of Major Changes in 2023

The following table lists major changes in 2023 that should be considered when upgrading to a new version. Select a release for more information.

ReleaseRelease DateMajor Changes
3.62.0November 7, 2023
  • New Cleanup Preview Experience for Pro Customers Using PostgreSQL
  • New Combined Helm Chart for AWS, Azure, or On-Premises High Availability Deployments
  • Azure HA Performance Data
  • Support Zip Improvements
    • Generate zip for all nodes
    • Download link persists
  • Expanded Audit Logging
    • Include records for "Clear Cache" and "Change (server) order" LDAP events.
    • Added logging for when you create, update, or delete a routing rule.
  • Upgraded Jetty from version 9.4.51.v20230217 to version 9.4.53.v20231009
  • Upgraded goodies from version 2.3.5 to version 2.3.6
  • Upgraded eclipse-sisu from version 0.3.4 to version 0.3.5
  • Upgraded guice from version 5.0.1 to version 6.0.0
  • HA-C Now in Extended Maintenance

  • Resolved an important database migrator issue that could cause components and assets to be migrated in the wrong order.

3.61.0October 4, 2023
  • New OpenShift Operator for PostreSQL and High Availability Deployments
  • Change Repository Blobstore Task Supports Proxy Repositories
  • Policy-Compliant Component Selection for PyPI
  • Sonatype Nexus Repository Usage Metrics
  • Reworked our implementation to avoid copy operations while uploading components so as to improve Azure blob store performance
  • Bug fixes, including a fix for the known issue in 3.60 and 3.59 impacting deployments using OrientDB with LDAP and SAML users that have the exact same User ID.
3.60.0September 7, 2023

There is a known issue in Sonatype Nexus Repository 3.59.0 & 3.60.0 impacting deployments using OrientDB and configured to have LDAP and SAML users that have the exact same User ID.  If you are using OrientDB and have migrated authentication from LDAP to SAML you are advised not to upgrade to Nexus Repo 3.59.0 or 3.60.0.

  • Fix for the Repair - Reconcile component database from blob store task issue noted in the 3.59.0 Release Notes
  • Improved Performance for Deployments Using Crowd
  • Support for Cocoapods Stored on Google Open Source
  • Removed Local Authorizing Realm from User Interface and API
3.59.0August 15, 2023

There is a known issue impacting Sonatype Nexus Repository Pro users who meet all of the following criteria:

  • Were previously on OrientDB and migrated to PostgreSQL
  • Have RubyGems, P2, or NuGet v2 assets that were migrated from OrientDB to PostgreSQL
  • Have run the Repair - Reconcile component database from blob store task with the Integrity Check option enabled (this option is enabled by default)

The issue causes the task to soft-delete the blob .properties and .bytes files for NuGet v2 proxy and hosted repositories.
The task also will not restore the desired content for RubyGems, NuGet v2 (proxy or hosted), or P2 repositories; however, there is no soft deletion associated with RubyGems or P2 repositories.

If you have migrated to PostgreSQL and have RubyGems, P2, or NuGet v2 assets, do not run the Repair - Reconcile component database from blob store task against blobstores containing any of the impacted formats.

We will release a fix for this issue in the upcoming 3.60.0 release.

There is a known issue in Sonatype Nexus Repository 3.59.0 impacting deployments using OrientDB and configured to have LDAP and SAML users with the same ID.  If you are using OrientDB and have migrated authentication from LDAP to SAML you are advised not to upgrade to Nexus Repo 3.59.0 or 3.60.0.

Common Vulnerabilities and Exposures Fix for Apache Shiro

This release upgrades Apahe shiro from 1.10.0 to 1.12.0 to mitigate CVE-2023-34478. 

Common Vulnerabilities and Exposures Fix for SnakeYaml

This release upgrades SnakeYaml from 1.33 to 2.0 to mitigate CVE-2022-1471. 

  • Added support for password encoders like SHA-256, SHA-384, and SHA-512 for LDAP authentication.
  • Added outbound request log.
  • Added audit logging for content selectors.
  • The blobCreated date is now preserved when migrating to PostgreSQL.
  • Various security fixes for those using user tokens for authentication.
3.58.0 - 3.58.1

July 21, 2023 (3.58.1)

July 17, 2023 (3.58.0)

3.58.1 fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall.

  • Restore Admin - Change repository blob store task for deployments using PostgreSQL or H2
  • Bug fixes
3.57.0 - 3.57.1

July 21, 2023 (3.57.1)

July 5, 2023 (3.57.0)

3.57.1 fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall.

  • Added an alert to the Roles screen that will inform users if the Default Role capability is enabled and what role is used as the default
  • Added a Blob Store column to Manage repositories table
  • Added Last Updated column to component search results table
  • Modified the policy-compliant component selection checkbox so that it is disabled until and unless both the Firewall - Audit and Quarantine capability is enabled and the Enable Quarantine checkbox that appears within that capability is checked
  • Renamed the Component IQ and IQ Application fields in the component browse view to Sonatype Lifecycle Component and Application respectively.
  • Bug fixes
    • Notable Search API Functionality Change 

      Made enhancements to the Search APIs to improve the behavior for query parameters on fields that accept empty values. An empty value for most fields is now treated as “specifically empty" instead of the former behavior of treating it like a wildcard. However, note that the repository and format parameters should not be empty as every component is both stored in a repository and has a format.

3.56.0June 19, 2023
  • Added a 1-minute timeout for cleanup policy preview
  • Search changes for those in HA environments
  • Bug fixes
3.55.0June 5, 2023

  • Updated Helm chart for a resilient Sonatype Nexus Repository deployment in AWS to make the following configurations optional:

    • Fluentbit

    • External DNS

    • Docker Ingress and service

  • Implemented the /v2/users/authenticate Conan endpoint for hosted Conan repositories
  • Removed references to Repository Health Check from those instances integrated with Sonatype Repository Firewall
    • This impacts the Health Check column in tables for browsing and managing repositories as well as the Health Check: Configuration capability
  • Bug fixes
3.54.0 - 3.54.1

May 22, 2023 (3.54.1)

May 18, 2023 (3.54.0)

Sonatype Nexus Repository 3.54.0 was never officially released and was found to contain a bug that we fixed in 3.54.1. Please use 3.54.1 and do not upgrade to 3.54.0. See the bugs section for full details.

  • Refreshed outreach page
  • Export unused assets
  • Renamed some IQ Server- and Firewall-related capabilities
  • Hid IQ Server Configuration capability from Capabilities screen; you will still configure this connection via the IQ Server tab
  • Bug fixes 
3.53.0 - 3.53.1

May 12, 2023 (3.53.1)

May 2, 2023 (3.53.0)


There is a known issue in Sonatype Nexus Repository 3.53.0 impacting those using community or custom plugins. These plugins will not load from the typical install directory and, in some cases, this may prevent Sonatype Nexus Repository from starting.

If you are using community or custom plugins and wish to upgrade, remove the plugin before doing so. Otherwise, wait to upgrade until we release a fix for this issue.

If you are not using community or custom plugins, there is no impact.

3.53.1

Sonatype Nexus Repository 3.53.1 includes critical bug fixes impacting those using RubyGems who upgraded to Sonatype Nexus Repository 3.53.0.

3.53.0

  • Change in Database Property Evaluation Priority when Using PostgreSQL
    • Order of priority reversed
    • System Properties and Environment Variables no longer written to file
    • All required configurations must be provided through the same mechanism
  • Fix for RubyGems dependency API deprecation

    • If you are using RubyGems, you must upgrade to Sonatype Nexus Repository 3.53.0 by May 10 to avoid encountering errors caused by the dependency API deprecation

  • IQ Server configuration in API page becomes Sonatype Repository Firewall configuration; the API URL is not affected and remains the same
  • IQ Policy Violation column that appears when browsing repositories becomes Firewall Report
  • Upgraded org.apache.karaf.jaas:org.apache.karaf.jaas.modules package from 4.3.6 to 4.3.9
3.52.0April 18, 2023
  • Various bug fixes
3.51.0April 4, 2023
  • Automatically Rebuild Search Indexes for New High Availability (HA) Deployments
  • Various bug fixes
3.50.0March 27, 2023
  • High Availability for PostgreSQL deployments
  • Conan revisions support for hosted repositories on PostgreSQL and H2 deployments
3.49.0March 6, 2023

  • The Admin - Cleanup unused asset blobs task now uses batch delete by default.

  • This release primarily focuses on improving Sonatype Nexus Repository quality by resolving bugs. 

3.48.0February 27, 2023
  • Content Replication - In this release, we introduce a simpler, more straightforward way to make your artifacts readily available across distributed teams: content replication. With content replication, you can manage what binaries are copied from one instance and pre-emptively pulled via HTTP to other instances.
  • Pagination performance improvements for NuGet v2 repositories on deployments using a PostgreSQL database.

  • Upgrade Impact - If you are using an H2 or PostgreSQL database, after upgrading, you will need to run a task for each existing Apt, Helm, and Yum repository in order to rebuild their metadata:

    • Apt - Rebuild Apt metadata for each Apt repository
    • Helm - Rebuild Helm metadata for each Helm repository
    • Repair - Rebuild Yum rebuild metadata (repodata) for each Yum repository
3.47.0 - 3.47.1

February 9, 2023 (3.47.1)

February 7, 2023 (3.47.0)

Release 3.47.1 fixes an issue that was causing missing blob exceptions for those upgrading to 3.47.0. If you have not upgraded to 3.47.0, upgrade to 3.47.1 instead. If you have already upgraded to 3.47.0, upgrade to 3.47.1 as soon as possible.

  • Nexus Repository now migrates multiple deletion index files for those migrating to a SQL database
  • Bug fixes
3.46.0

January 30, 2023

  • Removed Space Remaining Soft Quota Option for Cloud Blob Stores
  • Bug fixes