Release Notes

Security Fix

A critical security vulnerability has been found in 3.26.1 and earlier. For details, please see CVE-2020-13933.

Sonatype recommends that administrators upgrade to 3.27.0 or newer immediately.

Nexus Repository Manager 3.30.0


See the complete release notes for all resolved issues.

New and Noteworthy

Azure Blob Store Support

PRO Nexus Repository Manager now includes the ability to create blobstores backed by Microsoft's Azure Blob storage.

Namespace Confusion

Users of Sonatype's Nexus Firewall can indicate which repositories include proprietary content which when combined with a new policy condition in Nexus IQ can help prevent namespace attacks by quarantining external packages using the same name as internal components. For more details checkout our demo video.

GPG for Yum Repositories

Yum repositories can be configured with GPG support for binary signing.

Logjam Attack Prevention

To protect against the logjam attacks Nexus Repository Manager now enforces a minimum of 2048-bit keys for more information see NEXUS-25909

Bug Fixes

NEXUS-26606 - Upgraded Jetty to 9.4.38.v20210224

NEXUS-23750 - Added support for Github's NPM repositories

NEXUS-12022 - Allow configuring HTTPS Maven proxy repositories with pre-emptive authentication

Nexus Repository Manager 3.29.2


Users of 3.29.1

If you installed 3.29.1 and modified or created a cleanup policy the following is critical.

A bug in the implementation of the new user interface for Cleanup Policies resulted in a value displayed as days being interpreted as seconds. If you created or modified a cleanup policy while using 3.29.1 after updating you must confirm that these fields have the intended values.

Bug Fix

NEXUS-26251 - Interface for Cleanup Policies erroneously interprets and persists values as seconds instead of days