Release Notes
Security Fix
A critical security vulnerability has been found in 3.26.1 and earlier. For details, please see CVE-2020-13933.
Sonatype recommends that administrators upgrade to 3.27.0 or newer immediately.
Nexus Repository Manager 3.30.1
Includes a security fix for an Information Disclosure CVE. See the CVE-2021-30635 advisory for details.
Includes a security fix for an XSS vulnerability. See CVE-2021-29159 advisory for details.
Includes a security fix for a Sensitive Information Disclosure CVE. See the CVE-2021-29158 advisory for details.
Sonatype recommends administrators running Nexus Repository Manager 3.30.0 and earlier to upgrade immediately.
2021-04-22
These notes are a compilation of the improvements and significant bug fixes for Nexus Repository Manager 3.30.1.
See the complete release notes for all resolved issues.
General Improvements
- [NEXUS-27384] Upgrade Eclipse Jetty to 9.4.40.v20210413
Bug Fixes
Maven
- [NEXUS-26789] Performance improvement to rebuilding GA maven-metadata.xml
NuGet V3
- [NEXUS-26501] Package content is out of specification when downloading from NuGet hosted
Raw
- [NEXUS-27013] Raw proxy is encoding slashes for outbound requests
- [NEXUS-26855] Non-indexed raw proxy repositories cannot be browsed
Nexus Repository Manager 3.30.0
2021-03-04
See the complete release notes for all resolved issues.
New and Noteworthy
Azure Blob Store Support
PRO Nexus Repository Manager now includes the ability to create blobstores backed by Microsoft's Azure Blob storage.
Protection Against Namespace Confusion
Users of Sonatype's Nexus Firewall can indicate which repositories include proprietary content. When combined with a new policy condition in Nexus IQ this can help prevent namespace attacks by quarantining external packages which use the same name as your proprietary internal components. For more details checkout our demo video.
GPG for Yum Repositories
Yum repositories can be configured with GPG support for binary signing.
Logjam Attack Prevention
To protect against the logjam attacks Nexus Repository Manager now enforces a minimum of 2048-bit keys.
Bug Fixes
NEXUS-26606 - Upgraded Jetty to 9.4.38.v20210224
NEXUS-23750 - Added support for Github's npm repositories
NEXUS-12022 - Allow configuring HTTPS Maven proxy repositories with pre-emptive authentication
Nexus Repository Manager 3.29.2
2021-01-06
Users of 3.29.1
If you installed 3.29.1 and modified or created a cleanup policy the following is critical.
A bug in the implementation of the new user interface for Cleanup Policies resulted in a value displayed as days being interpreted as seconds. If you created or modified a cleanup policy while using 3.29.1 after updating you must confirm that these fields have the intended values.
Bug Fix
NEXUS-26251 - Interface for Cleanup Policies erroneously interprets and persists values as seconds instead of days
Archives
- 2020 Release Notes
- 2019 Release Notes
- 2018 Release Notes
- 2017 Release Notes
- 2016 Release Notes
- Milestone Releases
- Security Advisories