|Release||Release Date||Major Changes|
|3.62.0||November 7, 2023|
- New Cleanup Preview Experience for Pro Customers Using PostgreSQL
- New Combined Helm Chart for AWS, Azure, or On-Premises High Availability Deployments
- Azure HA Performance Data
- Support Zip Improvements
- Generate zip for all nodes
- Download link persists
- Expanded Audit Logging
- Include records for "Clear Cache" and "Change (server) order" LDAP events.
- Added logging for when you create, update, or delete a routing rule.
|3.61.0||October 4, 2023|
- New OpenShift Operator for PostreSQL and High Availability Deployments
- Change Repository Blobstore Task Supports Proxy Repositories
- Policy-Compliant Component Selection for PyPI
- Sonatype Nexus Repository Usage Metrics
- Reworked our implementation to avoid copy operations while uploading components so as to improve Azure blob store performance
- Bug fixes, including a fix for the known issue in 3.60 and 3.59 impacting deployments using OrientDB with LDAP and SAML users that have the exact same User ID.
|3.60.0||September 7, 2023|
There is a known issue in Sonatype Nexus Repository 3.59.0 & 3.60.0 impacting deployments using OrientDB and configured to have LDAP and SAML users that have the exact same User ID. If you are using OrientDB and have migrated authentication from LDAP to SAML you are advised not to upgrade to Nexus Repo 3.59.0 or 3.60.0.
- Fix for the Repair - Reconcile component database from blob store task issue noted in the 3.59.0 Release Notes
- Improved Performance for Deployments Using Crowd
- Support for Cocoapods Stored on Google Open Source
- Removed Local Authorizing Realm from User Interface and API
|3.59.0||August 15, 2023|
There is a known issue impacting Sonatype Nexus Repository Pro users who meet all of the following criteria:
- Were previously on OrientDB and migrated to PostgreSQL
- Have RubyGems, P2, or NuGet v2 assets that were migrated from OrientDB to PostgreSQL
- Have run the Repair - Reconcile component database from blob store task with the Integrity Check option enabled (this option is enabled by default)
The issue causes the task to soft-delete the blob .properties and .bytes files for NuGet v2 proxy and hosted repositories.
The task also will not restore the desired content for RubyGems, NuGet v2 (proxy or hosted), or P2 repositories; however, there is no soft deletion associated with RubyGems or P2 repositories.
If you have migrated to PostgreSQL and have RubyGems, P2, or NuGet v2 assets, do not run the Repair - Reconcile component database from blob store task against blobstores containing any of the impacted formats.
We will release a fix for this issue in the upcoming 3.60.0 release.
There is a known issue in Sonatype Nexus Repository 3.59.0 impacting deployments using OrientDB and configured to have LDAP and SAML users with the same ID. If you are using OrientDB and have migrated authentication from LDAP to SAML you are advised not to upgrade to Nexus Repo 3.59.0 or 3.60.0.
Common Vulnerabilities and Exposures Fix for Apache Shiro
This release upgrades Apahe shiro from 1.10.0 to 1.12.0 to mitigate CVE-2023-34478.
Common Vulnerabilities and Exposures Fix for SnakeYaml
This release upgrades SnakeYaml from 1.33 to 2.0 to mitigate CVE-2022-1471.
- Added support for password encoders like SHA-256, SHA-384, and SHA-512 for LDAP authentication.
- Added outbound request log.
- Added audit logging for content selectors.
blobCreated date is now preserved when migrating to PostgreSQL.
- Various security fixes for those using user tokens for authentication.
|3.58.0 - 3.58.1|
July 21, 2023 (3.58.1)
July 17, 2023 (3.58.0)
3.58.1 fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall.
- Restore Admin - Change repository blob store task for deployments using PostgreSQL or H2
- Bug fixes
|3.57.0 - 3.57.1|
July 21, 2023 (3.57.1)
July 5, 2023 (3.57.0)
3.57.1 fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall.
- Added an alert to the Roles screen that will inform users if the Default Role capability is enabled and what role is used as the default
- Added a Blob Store column to Manage repositories table
- Added Last Updated column to component search results table
- Modified the policy-compliant component selection checkbox so that it is disabled until and unless both the Firewall - Audit and Quarantine capability is enabled and the Enable Quarantine checkbox that appears within that capability is checked
- Renamed the Component IQ and IQ Application fields in the component browse view to Sonatype Lifecycle Component and Application respectively.
- Bug fixes
- Search API Functionality Change
Made enhancements to the Search APIs to improve the behavior for query parameters on fields that accept empty values. An empty value for most fields is now treated as “specifically empty" instead of the former behavior of treating it like a wildcard. However, note that the repository and format parameters should not be empty as every component is both stored in a repository and has a format.
|3.56.0||June 19, 2023|
- Added a 1-minute timeout for cleanup policy preview
- Search changes for those in HA environments
- Bug fixes
|3.55.0||June 5, 2023|
|3.54.0 - 3.54.1|
May 22, 2023 (3.54.1)
May 18, 2023 (3.54.0)
Sonatype Nexus Repository 3.54.0 was never officially released and was found to contain a bug that we fixed in 3.54.1. Please use 3.54.1 and do not upgrade to 3.54.0. See the bugs section for full details.
- Refreshed outreach page
- Export unused assets
- Renamed some IQ Server- and Firewall-related capabilities
- Hid IQ Server Configuration capability from Capabilities screen; you will still configure this connection via the IQ Server tab
- Bug fixes
|3.53.0 - 3.53.1|
May 12, 2023 (3.53.1)
May 2, 2023 (3.53.0)
There is a known issue in Sonatype Nexus Repository 3.53.0 impacting those using community or custom plugins. These plugins will not load from the typical install directory and, in some cases, this may prevent Sonatype Nexus Repository from starting.
If you are using community or custom plugins and wish to upgrade, remove the plugin before doing so. Otherwise, wait to upgrade until we release a fix for this issue.
If you are not using community or custom plugins, there is no impact.
Sonatype Nexus Repository 3.53.1 includes critical bug fixes impacting those using RubyGems who upgraded to Sonatype Nexus Repository 3.53.0.
- Change in Database Property Evaluation Priority when Using PostgreSQL
- Order of priority reversed
- System Properties and Environment Variables no longer written to file
- All required configurations must be provided through the same mechanism
- Fix for RubyGems dependency API deprecation
- IQ Server configuration in API page becomes Sonatype Repository Firewall configuration; the API URL is not affected and remains the same
- IQ Policy Violation column that appears when browsing repositories becomes Firewall Report
org.apache.karaf.jaas:org.apache.karaf.jaas.modules package from 4.3.6 to 4.3.9
|3.52.0||April 18, 2023|
|3.51.0||April 4, 2023|
- Automatically Rebuild Search Indexes for New High Availability (HA) Deployments
- Various bug fixes
|3.50.0||March 27, 2023|
- High Availability for PostgreSQL deployments
- Conan revisions support for hosted repositories on PostgreSQL and H2 deployments
|3.49.0||March 6, 2023|
|3.48.0||February 27, 2023|
- Content Replication - In this release, we introduce a simpler, more straightforward way to make your artifacts readily available across distributed teams: content replication. With content replication, you can manage what binaries are copied from one instance and pre-emptively pulled via HTTP to other instances.
- Pagination performance improvements for NuGet v2 repositories on deployments using a PostgreSQL database.
Upgrade Impact - If you are using an H2 or PostgreSQL database, after upgrading, you will need to run a task for each existing Apt, Helm, and Yum repository in order to rebuild their metadata:
- Apt - Rebuild Apt metadata for each Apt repository
- Helm - Rebuild Helm metadata for each Helm repository
- Repair - Rebuild Yum rebuild metadata (repodata) for each Yum repository
|3.47.0 - 3.47.1|
February 9, 2023 (3.47.1)
February 7, 2023 (3.47.0)
Release 3.47.1 fixes an issue that was causing missing blob exceptions for those upgrading to 3.47.0. If you have not upgraded to 3.47.0, upgrade to 3.47.1 instead. If you have already upgraded to 3.47.0, upgrade to 3.47.1 as soon as possible.
- Nexus Repository now migrates multiple deletion index files for those migrating to a SQL database
- Bug fixes
January 30, 2023
- Removed Space Remaining Soft Quota Option for Cloud Blob Stores
- Bug fixes