A critical security vulnerability has been found in 3.26.1 and earlier. For details, please see CVE-2020-13933.
Sonatype recommends that administrators upgrade to 3.27.0 or newer immediately.
Nexus Repository Manager 3.30.0
See the complete release notes for all resolved issues.
New and Noteworthy
Azure Blob Store Support
PRO Nexus Repository Manager now includes the ability to create blobstores backed by Microsoft's Azure Blob storage.
Users of Sonatype's Nexus Firewall can indicate which repositories include proprietary content which when combined with a new policy condition in Nexus IQ can help prevent namespace attacks by quarantining external packages using the same name as internal components. For more details checkout our demo video.
GPG for Yum Repositories
Yum repositories can be configured with GPG support for binary signing.
Logjam Attack Prevention
To protect against the logjam attacks Nexus Repository Manager now enforces a minimum of 2048-bit keys for more information see NEXUS-25909
NEXUS-26606 - Upgraded Jetty to 9.4.38.v20210224
NEXUS-23750 - Added support for Github's NPM repositories
NEXUS-12022 - Allow configuring HTTPS Maven proxy repositories with pre-emptive authentication
Nexus Repository Manager 3.29.2
Users of 3.29.1
If you installed 3.29.1 and modified or created a cleanup policy the following is critical.
A bug in the implementation of the new user interface for Cleanup Policies resulted in a value displayed as days being interpreted as seconds. If you created or modified a cleanup policy while using 3.29.1 after updating you must confirm that these fields have the intended values.
NEXUS-26251 - Interface for Cleanup Policies erroneously interprets and persists values as seconds instead of days
- 2020 Release Notes
- 2019 Release Notes
- 2018 Release Notes
- 2017 Release Notes
- 2016 Release Notes
- Milestone Releases
- Security Advisories