SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nexus3-3.70.2.01-1.el8.1.x86_64.rpm :

* Fri Sep 06 2024 Julio González Gil - 3.70.2.01-1- Update to 3.70.2-01- Fix for a Database Migrator issue that caused some users to see duplicate key errors after migrating from OrientDB to H2- WARNINGS:
* 3.70.2 is the final version supporting OrientDB, Java 8, and Java 11. 3.71.0+ will require either an H2 or PostgreSQL database and Java 17. This means that this is the latest release that will build for CentOS7 or any other clones from third party providers.
* Wed Aug 28 2024 Julio González Gil - 3.70.1.02-1- Update to 3.70.1-02- Fix for UI issues with custom context path in Nexus Repository 3.70.0 This issue only impacted the UI and did not impact other functionality such as for example requests for components.
* Thu Jul 11 2024 Julio González Gil - 3.70.0.03-1- Update to Nexus 3.70.0-03- WARNINGS:
* 3.70.0 is the final version supporting OrientDB, Java 8, and Java 11. 3.71.0+ will require either an H2 or PostgreSQL database and Java 17. This means that this is the latest release that will build for CentOS7 or any other clones from third party providers.
* 3.70.0 upgrades the embedded H2 database to version 2.2.244. As there are considerable changes between version 1.4.200 and 2.2.244, those using an H2 database will need to take some additional steps to upgrade to Nexus Repository 3.70.0 3.69.0, added an \"Admin - Export SQL database to script task\" you can use to create a SQL script export of your H2 database. If you are using an H2 database, you will need to run this task and follow the instructions at https://help.sonatype.com/en/upgrade-h2.html instructions in order to upgrade to release 3.70.0. This means that you must upgrade to version 3.69.0 before upgrading to 3.70.0+ If you are unsure what database your deployment is using, follow the help documentation for determining your current database: https://help.sonatype.com/en/migrating-to-a-new-database.html#determining-current-database-162010- Bugfixing:
* NEXUS-43307: Updated documentation to accurately state that access to SAML UI and API requires nx-all privileges
* NEXUS-42854: The npm view command works as expected for scoped packages
* NEXUS-42336: Database records that cause exceptions during database migration are appropriately logged
* NEXUS-39818: Running npm audit should no longer result in unexpected exceptions
* NEXUS-39799: In Yum repositories, all pathnames in the filelist.xml.gz file are properly escaped
* NEXUS-39462: If an asset’s format is incorrect, the Database Migrator will continue with migration and skip corrupted records
* NEXUS-22888: Added componentId validation when trying to view an asset that does not have a component. If the componentId is an empty string, string of blank spaces, null, or undefined, then the LifeCycle Component panel is not displayed- Improvements:
* Create and Manage Cleanup Policies via New REST API (PRO Only) https://help.sonatype.com/en/cleanup-policies-api.html
* Create and Manage Tasks via API (PRO Only) https://help.sonatype.com/en/tasks-api.html
* Retrieve and Set IQ Audit and Quarantine Statuses via API (PRO Only) https://help.sonatype.com/en/lifecycle-api.html
* New Database Migrator Flow to improve performance and reliability. Check https://help.sonatype.com/en/migrating-to-a-new-database.html for the new steps for migrating your database If you need to use an older version of the Database Migrator, you can still read the legacy database migrator documentation at https://help.sonatype.com/en/legacy-database-migration.html
* Thu Jun 06 2024 Julio González Gil - 3.69.0.02-1- Update to Nexus 3.69.0-02
* NEXUS-42786: Exporting npm assets with application/x-gzip content type now works as expected
* NEXUS-42560: The YumAbsouteUrlRemover no longer recalculates or updates checksums for XML files containing the xml:base attribute; this change greatly improves performance
* NEXUS-42434: Adjusted all places in AuditDTO where ObjectMapper was instantiated to use the injected global mapper. Users should no longer see errors in the logs when uploading assets
* NEXUS-42411: Database Migrator: Reduced log noise by adjusting the ProcessChunkListener to log migration progress in time intervals (e.g., showing how many records were migrated each 10 seconds)
* NEXUS-42409: Firewall works with Conda format as expected
* NEXUS-42276: The System Information page appears as expected with no NullPointerException
* NEXUS-41974: Running the \"Cleanup unused asset blobs\" task and \"Staging move\" in parallel now works as expected
* NEXUS-41862: Nexus Repository logs for deployments using PyPI Policy-Compliant Component Selection now only include filtered versions
* NEXUS-41692: User tokens for Crowd-backed users now use auth caching as expected
* NEXUS-41385: Downloading files through a proxy PyPI repository no longer leaves files in the blob store’s temporary directory
* NEXUS-41374: Nexus Repository no longer logs an ERROR message when a remote PyPI repository does not have a requested package
* NEXUS-41250: The nx-tasks-run privilege details in the Nexus Repository user interface no longer display an error under the Actions section
* NEXUS-41218: Added a property to nexus.properties that users may configure in order to reduce overly verbose audit logging for NuGet v2 on deployments using PostgreSQL. To turn off attributes logging, add the following to: nexus.properties: nexus.audit.attribute.changes.enabled=true
* NEXUS-41403: Reduced excessive Database Migrator logging
* NEXUS-39085: To ensure consistency across the REST API, we updated all asset ID formats to use only the long ID
* NEXUS-37307: The Crowd realm user cache is now used for npm client bearer token-authenticated requests
* NEXUS-36248: As mentioned in the improvements above, we have extended the users API to allow you to include a realm parameter when deleting a user
* NEXUS-31205: Adjusted support zip algorithms to not truncate any support zip files other than log files
* NEXUS-26828: When a remote Docker repository indicates that something is “not found,” the proxy repository no longer logs a WARN message
* NEXUS-23052: As mentioned in the improvements above, Administrators can now delete cached authenticated SAML user records via user administration section in the Sonatype Nexus Repository user interface
* NEXUS-17740: Created a \"Repair - Recalculate blob store storage task\" that can be run if blob store blob count and total size display incorrect information. This is a slow-running task and should be used with careful consideration of available system resources. See the published performance testing for details: https://help.sonatype.com/en/recalculate-blob-store-storage-performance-testing.html- Improvements
* Java 17 Support for Deployments Using H2 or PostgreSQL Databases, but not OrientDB (PRO Only) NOTE: This package is still based in Java 8 for the time being.
* Configure User Token Expiration (PRO Only)
* SAML Integration Improvements: + You can now optionally specify a user realm source when deleting a user via the Users API + Administrators can also now delete cached authenticated SAML user records via user administration section in the Sonatype Nexus Repository user interface
* If a user\'s IdP field mappings change, Nexus Repository now automatically updates the user’s profile to show the new values
* Dependency Updates in 3.69.0: + org.bouncycastle: bcprov-jdk15to18 upgraded from 1.75 to 1.78.1
* Fri May 17 2024 Julio González Gil - 3.68.1.02-1- Update to Nexus 3.68.1-02- Bugfixing:
* CVE-2024-4956: Fix for a critical vulnerability impacting all Sonatype Nexus Repository 3 deployments. This vulnerability can allow a specially crafted URL to return any file as a download, including system files outside of Nexus Repository application scope. See https://support.sonatype.com/hc/en-us/articles/29416509323923 for more details
* Fri May 17 2024 Julio González Gil - 3.68.0.04-1- Update to Nexus 3.68.0-04- Bugfixing:
* NEXUS-42263: SHA256 checksums are now generated for Helm in PostgreSQL environments
* NEXUS-42006: Resolved an API issue related to policy-compliant component selection for PyPI where waived components were mistakenly returned as quarantined
* NEXUS-41997: A DEBUG level logger is no longer required to see a DataAccessException message in the DatabaseDistributedCooperationRegistry
* NEXUS-41903: Made various performance improvements for HA deployments
* NEXUS-41602: Resolved improper realm caching for Conan
* NEXUS-41486: Components REST API works as expected for group repositories in PostgreSQL deployments
* NEXUS-41451: Users are able to reset their user tokens as expected in environments using remote user tokens
* NEXUS-41442: NuGet \"is_latest_version\" and \"is_absolute_latest_version\" attributes update as expected during staging moves
* NEXUS-41403: Database Migrator: Resolved an issue that was causing excessive DB Migrator logging
* NEXUS-41384: Namespace confusion protection works as expected for PyPI and RubyGems repositories in deployments using a Postgres database
* NEXUS-41372: Resolved an issue that was sometimes causing the compact blob store task to cause an out-of-memory error
* NEXUS-41337: Database Migrator: Resolved an issue that was causing database migration to fail and misreport problem records on ERROR: insert or update on table \"_asset\" violates foreign key constraint \"fk__asset_blob.\"
* NEXUS-41334: Nexus Repository now creates a single task rather than multiple tasks when migrating Yum metadata into the database during upgrade
* NEXUS-41285: User tokens work on Yum group repositories as expected when Require User Tokens for Repository Authentication is enabled
* NEXUS-40344: Requests for GA-level metadata that needs to be rebuilt no longer automatically starts a rebuild of the full metadata tree
* NEXUS-39956: Removed \"nexus-hazelcast-plugin\" from the source tree
* NEXUS-39507: Improved error messaging when users attempt to use Import/Export across different Nexus Repository versions; as stated in the Import help documentation (https://help.sonatype.com/en/repository-import.html), Nexus Repository does not support importing files from an older Nexus Repository version
* NEXUS-38651: Uploading to a raw repository with PUT will generate md5, sha1, sha256, and sha512 checksums. This is introduced as a new feature but also recorded in this table for customers who were following this issue ID
* NEXUS-38451: Made adjustments so that Nexus Repository generates fewer browseComponentAssets SQL queries when finding packages by ID in NuGet v2 proxy repositories
* NEXUS-34192: Resolved an issue with SAML authentication related to the NXSESSIONID
* NEXUS-31745: Improved error messaging on Tag API when invalid continuation token is passed in- Improvements:
* Nexus Repository Pro deployments using a PostgreSQL database can now see repository sizes displayed in the repositories listing under \"Administration → Repository → Repositories\" (PRO Only)
* Uploading to Raw Repository with API now also generates SHA256 and SHA512 Checksums
* When creating a new role or modifying the applied privileges and roles for an existing role, administrators can now use an asterisk as a wildcard in the search bar
* Users and administrators can now see more detailed information about the \"Repair - Rebuild repository browse\" task’s progress as it runs. The task management table under \"Administration → Tasks\" now displays the task’s completion percentage to provide more insight into how long the task will take to complete. We will continue to add this functionality in future for additional tasks
* Sunsetting of Legacy High Availability Clustering. HA-C is fully removed from Nexus Repository, and additional features or bug fixes related to legacy HA-C will no longer be provided. Sonatype Support will provide best-effort guidance to help PRO customers adopting one of the newer High Availability deployment solutions. Se also help documentation for: + Migrating to an HA deployment from Legacy HA-C https://help.sonatype.com/en/migrating-to-an-ha-deployment-from-a-legacy-ha-c-or-a-resilient-deployment.html + Migrating from legacy HA-C to a single instance deployment https://help.sonatype.com/en/migrating-from-legacy-ha-c-to-a-single-instance.html Nexus Repository will not start for any deployments that use legacy HA-C, ensure you have migrated off of legacy HA-C before upgrading to version 3.68.0 or beyond
* Dependency Updates in 3.68.0: + Updated axios from 0.21.4 to 0.27.2 + Updated jackson2 from 2.15.3 to 2.17.0
* Thu Apr 11 2024 Julio González Gil - 3.67.1.01-1- Update to Nexus 3.67.1-01- Bugfixing:
* Critical Bug Fixes: Release 3.67.1 fixes two bugs found in the 3.67.0 release: One impacting those who upgraded to 3.67.0 and then modified any previously existing Docker or Maven cleanup policies that were configured to retain select recent versions, and one preventing Docker subdomain routing from functioning- Deprecation notice:
* The legacy HA-C feature (Upcoming High Availability Clustering (HA-C) Sunset) will be sunset on April 17, 2024. The next release will remove the HA-C functionality in our May release. If you are still using HA-C, you should follow https://help.sonatype.com/en/migrating-to-an-ha-deployment-from-a-legacy-ha-c-or-a-resilient-deployment.html
* Wed Apr 10 2024 Julio González Gil - 3.67.0.03-2- No code changes, only two important caution notes from Sonatype. I decided to create 3.67.0.03-2 so users already in 3.67.0.03-1 at least can get this warning on the changelogs. Sonatype decided to just remove Nexus 3.67.0-03 (tagged as 3.67.0.03-1 for the RPM) from their site.- Sonatype is aware of a critical known cleanup policy issue in 3.67.0 impacting those who meet the following criteria:
* You had previously configured a cleanup policy with the ability to retain select latest versions (feature introduced in 3.65.0)
* You recently upgraded to 3.67.0
* You then modified a cleanup policy that had previously included the ability to retain select latest versions This issue prevents cleanup policies from honoring the configured ability to retain select latest versions. Running the \"Admin - Cleanup repositories using their associated policies\" task may soft delete more than intended, which would result in full removal should the \"Admin - Compact blob store\" task then run. CAUTION: If you meet the above criteria, DO NOT RUN the \"Admin - Compact blob store\" task CAUTION: If you have upgraded to 3.67.0 and are using cleanup policies with the ability to retain select latest versions, do not modify your cleanup policies- Sonatype is aware of a known issue preventing our Docker Subdomain Routing feature from functioning in Sonatype Nexus Repository 3.67.0 CAUTION: If you are using Docker Subdomain Routing, do not upgrade to 3.67.0 Sonatype announced they will release a fix for this issue as soon as possible
* Sun Apr 07 2024 Julio González Gil - 3.67.0.03-1- Update to Nexus 3.67.0-03- Bugfixing:
* NEXUS-41832: Database Migrator: Fixed an issue that was causing some migrations to a PostgreSQL or H2 database to fail due to incorrect asset_blob_id values when assets only differed by a version number in their paths
* NEXUS-41312: Resolved an issue that was causing expensive queries from getComponentCount
* NEXUS-41286: Resolved an issue that was causing an internal task to throw an error when running in some large deployments
* NEXUS-41269: Support zips from deployments using PostgreSQL that was configured using system properties now display information as expected
* NEXUS-41263: Added logging for routing rule blocked requests done via group repository
* NEXUS-40997: Added an error message to the UI that displays when a user without the correct privileges attempts to save a content selector
* NEXUS-40952: The security/users///user-token-reset REST API will now provide a 400 error if the realm passed is invalid. The users REST API can accept the following realm names associated with user tokens: LdapRealm, Crowd, SamlRealm, and NexusAuthenticatingRealm.
* NEXUS-36989: Selecting the Analyze Application button in component details now displays the expected form- Improvements:
* Java 11 Support. Nexus 3.67.0 allows running on top of Java 11, but for now the package will remain using Java 1.8 by default until a future update, probably some time after CentOS7 is end of life
* Updated Groovy dependency from 2.4.17 to 3.0.19
* Updated PostgreSQL database driver from 42.6.0 to 42.7.2
* Fri Mar 08 2024 Julio González Gil - 3.66.0.02-1- Update to Nexus 3.66.0-02- Bugfixing:
* NEXUS-41360: Database Migrator: Resolved an issue that was causing some older versions of the Database Migrator to require very high heap
* NEXUS-41096: Added a new script to the help documentation for those on PostgreSQL or H2 migrating from LDAP to SAML user tokens
* NEXUS-41062: The merged metadata summary on the Browse screen now shows the correct information for group Maven repositories
* NEXUS-41068: Resolved an issue where the support zip download was not working as expects in HA environments with a nexus-context-path
* NEXUS-41052: The metadata for hosted npm repositories in PostgreSQL deployments no longer duplicates the \"_id\" property
* NEXUS-40983: NuGet searches with the -PreRelease option now return the expected results
* NEXUS-40900: Fixed an issue with HA nodes upgrading before nodes with older versions have been shut down. Startup will halt with a warning until the older nodes have been gracefully shut down
* NEXUS-40673: Resolved an issue where a 403 error message was displayed on the welcome page for anonymous users
* NEXUS-40612: Disabling the usage metrics flag will also remove the metric aggregation task
* NEXUS-40377: The custom search page will no longer display uncaught type errors when adding new criteria
* NEXUS-39915: The migration of asset timestamp metadata will now be done as expected for raw repositories when moving from Nexus Repository 2 to 3. A fix for Maven and NuGet will be covered in a future release
* NEXUS-39677: The blob store API now returns 404 response codes for non-existent S3 type blob store names
* NEXUS-38842: The export assets task no longer logs WARN messages when running correctly
* NEXUS-35478: The Swagger API UI documentation for repositories will now show that the \"blobStoreName\" parameter is mandatory
* NEXUS-32494: Database Migrator: The database migrator tool will not run for incompatible older versions of Nexus Repository while returning a message to upgrade
* NEXUS-31786: Database Migrator: The database migrator tool now includes more details on assets when logging errors
* NEXUS-28593: The InterruptedException will no longer be logged when recording a successful audit event
* NEXUS-26581: Export will no longer report errors when the directory has not been pre-created- Improvements:
* Usage Alerts for Deployments Using Embedded Databases (PRO Only) To help customers identify when it is time to evaluate their deployment model, Sonatype Nexus Repository OSS and Pro deployments that use an embedded database (OrientDB or H2) will now see in-product warnings when usage levels approach or exceed certain thresholds
* Visual Progress Tracking forRepair - Rebuild repository browseTask When running the \"Repair - Rebuild repository browse\" task, the Status updates to show users how many assets are completed out of the total number of assets that must be processed. This improvement applies to deployments using PostgreSQL and H2 databases only
* User Interface Improvements for Roles User interface is modified to move away from the previous transfer list methodology. Now, administrators will see a single column listing applied privileges and a button to modify the privileges applied to that role. Selecting the button opens a modal where administrators can filter by keyword and select privileges to apply to that role
* Dependency changes: + org.jboss.resteasy: resteasy-multipart-provider: 3.15.3.Final upgraded to 3.15.6.Final + AWS SDK dependencies upgraded from from 1.12.299 to 1.12.658
* Fri Feb 09 2024 Julio González Gil - 3.65.0.02-1- Update to Nexus 3.65.0-02- Bugfixing:
* Many improvements to component search in high availability (HA) environments in this release to make searching and tagging more precise. Due to these changes, the same search query should now return fewer but more precise results Please keep this behavior change in mind when looking at your previously configured search and tagging queries Please also see the HA search differences documentation for full details about how HA search differs from non-HA search: https://help.sonatype.com/en/high-availability-deployment-options.html#search-feature-differences-in-an-ha-environment-161963
* NEXUS-34334: If the rebuild index task triggers an ElasticSearchException, one repository failing will no longer prevent task completion or affect the other repositories. Added an error message to alert the user if a repository does fail
* NEXUS-34968: Attempting to download an asset with a missing blob from a proxy repository in a PostgreSQL or H2 deployment no longer results in an immediate 500 error. Sonatype Nexus Repository automatically attempts to re-fetch the asset from remote as expected
* NEXUS-36807: Made changes to improve cleanup policy preview performance
* NEXUS-39665: Resolved an issue that was preventing some installations of a package from a group repository with a certain private proxy repository member
* NEXUS-39881: The package-specific index page for a Python package requested from a proxy repository now displays the non-truncated package name as expected
* NEXUS-40111: Resolved an issue that was causing some Yum assets to be shown as \"components\" in the Sonatype Nexus Repository UI
* NEXUS-40213: Addressed an issue impacting HA deployments where tokens after a wildcards in component searches were being dropped (e.g. for searches like “nexus
*core”).
* NEXUS-40378: Searching components by exact tag in an HA environment now returns an exact match as expected
* NEXUS-40680: Associating a tag with a component used to operate on a loose match; it now uses an exact match as expected. For example, associating a tag with a .jar with the version \"1.0.0\" used to associate that tag with all components that had \"1.0.0\" in the version number. Now, it will associate with the exact version match only unless you use a wildcard
* NEXUS-40987: Resolved an issue that was causing some PostgreSQL HA deployments to have excessive errors written to logs despite requests working as expected
* NEXUS-40994: In HA environments, performing an exact-match search for components where the group ID or artifact ID contain an underscore now returns exact-match results as expected
* NEXUS-41211: Added clarifying documentation regarding changes in NuGet client compatibility with Sonatype Nexus Repository: Sonatype Nexus Repository release 3.43.0, added compatibility with official NuGet v2 clients. The supported subset of the legacy NuGet v2 protocol is the same as that supported by Microsoft\'s NuGet Gallery, http://nuget.org. Use cases that rely on the deprecated parts of the v2 API are not supported, including many common Chocolatey use cases and some custom OData queries- Improvements:
* Cleanup Policies for Maven and Docker Include Option to Retain Recent Versions (PRO Only) More powerful and flexible cleanup policies for Maven and Docker formats by allowing you to retain a certain number of most recent artifact versions regardless of if they meet other cleanup criteria Learn more about how to use this feature in the cleanup policies help documentation: https://help.sonatype.com/en/cleanup-policies.html
* Significant Cleanup Performance Improvements for Pro Deployments Using a PostgreSQL Database (PRO Only) Running the original cleanup feature often takes significant time. This release has changes to significantly improve cleanup performance for those using a PostgreSQL database. The new cleanup feature takes an average time per component of 10.6 ms versus 17.2 ms for the original cleanup feature With this release, all Sonatype Nexus Repository Pro deployments using a PostgreSQL database will use the new cleanup implementation For more information, check the detailed Cleanup Performance Data: https://help.sonatype.com/en/cleanup-performance-data.html
* Change Repository Blob Store Task Supports Group Repositories (PRO Only) While the \"Admin - Change repository blob store\" task originally supported hosted repositories only, Sonatype added support for using this task on proxy repositories last year. Now, Sonatype Nexus Repository Pro deployments on PostgreSQL databases can use this task on group repositories as well. Note that when you use this task on a group repository, it will only move metadata assets directly related to the group repository content id; it does not move or affect data in the repositories that are group members. Using this task on group repositories also requires a PostgreSQL database. Full details are available in the change repository blob store help documentation: https://help.sonatype.com/en/change-repository-blob-store.html
* Wed Jan 10 2024 Julio González Gil - 3.64.0.03-1- Update to Nexus 3.64.0-03- Bugfixing:
* NEXUS-23410: If previously configured SAML IdP field mapping values change, Sonatype Nexus Repository will update the user\'s profile with the new values as expected
* NEXUS-31215: Fixed an issue that was causing some PyPi assets to be missing from the Browse screen after migrating from OrientDB to PostgreSQL
* NEXUS-32028: Changed the logging level from WARN to DEBUG in the blobstore class that tracks attributes of an asset being accessed in an unexpected soft-deleted state. This will prevent spamming the main nexus.log with messages at a WARN level for operations considered normal when running the compact blob store task
* NEXUS-35207: Fixed an issue that was preventing the GA last-modified date from being updated in the maven-metadata.xml when deploying a new GAV in some instances after migrating from Sonatype Nexus Repository 2 to 3. As part of this fix, the Last Modified date is no longer visible in the Browse UI view; you can still tell when the maven-metadata.xml was last updated by looking at the Blob Updated date in the UI or using the REST API
* NEXUS-35741: Added validation to prevent users from updating an existing task with an invalid cron_expression
* NEXUS-35956: Resolved an issue that was breaking pagination when a given Docker repository is inside of a group
* NEXUS-38856: The NotFoundCache is not populated with paths when a repository is in an auto-blocked or manually blocked state
* NEXUS-39935: There is no longer an error when installing pods (\'OpenSSL-Universal\', \'1.1.1100\') via a Sonatype Nexus Repository 3 Cocoapods proxy repository
* NEXUS-40140, NEXUS-40712: The import and export tasks work as expected on npm assets without unexpectedly skipping any and while correctly preserving attributes
* NEXUS-40345: Resolved an issue that was preventing certain npm packages from being proxied from the official registry. This fix included the following dependency version changes: + upgraded jackson version from 2.15.0 to 2.15.3 + upgraded snakeyaml version from 2.0 to 2.2 + upgraded swagger version from 1.6.2 to 1.6.11
* NEXUS-40495: Increased the browse node sequence limit for H2 and PostgreSQL implementations so that the database schema will not run out of sequence values.
* NEXUS-40514: Any attempt to change the blob store of an existing repository via the REST API will be rejected with an HTTP 400 response
* NEXUS-40610: Resolved an issue that was preventing some users from uploading Jruby gems with \"-java\" in their version names to hosted ruby repositories
* NEXUS-40639: FluentAssets and FluentComponents are now able to retrieve assets in group repository storage
* NEXUS-40771: Using \"%3A\" or a colon for URL encoded strings in raw repositories now works as expected
* NEXUS-40775: Database Migrator: Made filtering change to reduce load on the database migrator, improving database migrator performance
* NEXUS-40808: Database Migrator: The database migrator now gracefully handles characters that PostgreSQL does not support- Improvements:
* Dependency Changes: + logback-classic and logback-core updated to 1.2.13 + upgraded jackson version from 2.15.0 to 2.15.3 + upgraded snakeyaml version from 2.0 to 2.2 + upgraded swagger version from 1.6.2 to 1.6.11
* Wed Dec 06 2023 Julio González Gil - 3.63.0.01-1- Update to Nexus 3.63.0-01- Bugfixing:
* NEXUS-40623: Adjusted regex to handle requests for NuGet v3 versions with double hyphens
* NEXUS-40621: Sonatype Nexus Repository deployments using PostgreSQL will appropriately return a 204 response when a user re-deploys a component with the same tag to hosted repository when re-deploy is allowed
* NEXUS-40491: Resolved an issue where running the \"Repair - Reconcile component database from blob store\" task with the integrity check option enabled did not remove some assets even though their .properties files did not exist
* NEXUS-40421: Resolved an issue with the nexus.azure.server property not being set properly
* NEXUS-40244: The Reconcile component database from blob store task restores only the expected blobs with the created/updated times matching the originals
* NEXUS-40007: Conditional Get (If-Modified-Since) on Yum group repo metadata now appropriately returns a 200 response when expected
* NEXUS-39826: You are now able to proxy RubyGems.org escape gem
* NEXUS-39675: PyPI package versions published using twine before upgrading to 3.41.0 or later are now discoverable as expected. The “Generate Missing SHA256 Checksums” and “Delete Index Asset MD5 Metadata” tasks now run automatically after upgrade
* NEXUS-39567: You are now able to proxy the RubyGems.org abstract gem
* NEXUS-39464: Proxying scoped npm packages with an underscore in the name now works without issue
* NEXUS-39227: Proxying PyPI repositories with policy-compliant component selection enabled is now appropriately incorporated into etag updates
* NEXUS-38587: Searching for Docker images with names containing a \"/\" character now works as expected
* NEXUS-36415: Resolved an issue that was causing cached proxied NuGet package metadata that cannot be parsed to prevent content from being updated from remote- Improvements:
* Enhancements to HA Helm Chart: Removed version numbers from Kubernetes objects that the Helm chart creates. Now it is possible to add custom labels and selectors. If you have existing volumes and volume mounts, you can also use those rather than having the Helm chart create new ones
* Additional Audit Logging: - For SAML, log user login, logout, and config-changed events are now logged - For local authentication, LDAP, and Crowd, user login and logout events are now logged
* Filter by Blob Store Name: The Repositories table filter to was enhanced to ensure you can search by blob store name. Simply type the blob store name into the table’s filter box to filter by blob store name
* Dependency Upgrades: org.apache.santuario updated from version 2.3.0 to 2.3.4 and org.json updated to 20231013
* Wed Nov 08 2023 Julio González Gil - 3.62.0.01-1- Update to Nexus 3.62.0-01- Bugfixing:
* NEXUS-40526: Fixed a display issue that was causing tag associations to be missing from on raw components after migration to PostgreSQL. Note: this was a display issue only and did not result in any missing data
* NEXUS-40425: Fixed an issue that existed in version 3.61.0 that was preventing startup when .bak files existed under restore-from-backup
* NEXUS-40423: Resolved an issue in 3.61.0 where duplicate user tokens were breaking upgrades. Upgrades now succeed and will detect duplicate rows and produce a log warning
* NEXUS-40313: User tokens work as expected with Conan repositories
* NEXUS-40196: Created an advanced option for Sonatype Nexus Repository Pro customers to clean up identical Docker image layers across repositories. See https://support.sonatype.com/hc/en-us/articles/22490107929619 for full details
* NEXUS-40120: Made changes to reduce the number of queries performed when running Nuget V2 FindPackagesById in PostgreSQL environments
* NEXUS-39411: Resolved a database migrator issue that was causing some NuGet downloads to fail after migrating to PostgreSQL
* NEXUS-39150: Resolved a concurrency issue that was ocurring when running Staging move and Cleanup unused assets task at the same time
* NEXUS-38850: The database migrator --healthcheck option now also checks the configuration database for corruptions in config classes
* NEXUS-38257: Repository configuration changes that occur while a search reindex task is running cause a lock exception after waiting for 60 seconds; however, the repository now stays in a stable state. A subsequent try to save the config change now works as expected once the long-running task is complete
* NEXUS-36836: Running the DeadBlobsFinder groovy script against a large database no longer causes out of memory errors
* NEXUS-32009: The last-modified date for hosted yum repositories now matches the metadata rebuild date after migrating from OrientDB to H2
* NEXUS-22262: Made changes to address multiple issues that were causing build failures due to failing to return maven-metadata.xml from a group repository- Improvements:
* New Cleanup Preview Experience for Pro Customers Using PostgreSQL (PRO Only) See https://help.sonatype.com/repomanager3/nexus-repository-administration/repository-management/cleanup-policies
* Azure HA Performance Data (PRO Only) See https://help.sonatype.com/repomanager3/product-information/sonatype-nexus-repository-system-requirements/system-requirements-for-high-availability-deployments/sonatype-nexus-repository-high-availability-performance-data-using-azure
* Support Zip Improvements: HA deployments will now see a button that allows configuring the support zip options once but generate support zips for all nodes The download link for a node\'s latest support zip also remains available even if navigating away from and back to the Support Zip page
* Expanded Audit Logging: The audit log now includes records for \"Clear Cache\" and \"Change (server) order\" LDAP events Added logging for the creation, update or removal of routing rules
* Deployment Pattern Library: New library of deployment patterns specifically designed to address three primary concerns: resiliency, scalability, and distribution https://help.sonatype.com/repomanager3/planning-your-implementation/deployment-pattern-library
* Notable Dependency Changes: Upgraded Jetty from version 9.4.51.v20230217 to version 9.4.53.v20231009 Upgraded goodies from version 2.3.5 to version 2.3.6 Upgraded eclipse-sisu from version 0.3.4 to version 0.3.5 Upgraded guice from version 5.0.1 to version 6.0.0
* High Availability-Clustering (HA-C) is now in extended maintenance and will be officially sunset in April 2024. Full details can are available at https://help.sonatype.com/docs/sonatype-sunsetting-information/sonatype-nexus-repository-3-feature-status and https://help.sonatype.com/docs/sonatype-sunsetting-information
* Thu Oct 12 2023 J. Daniel Schmidt - 3.61.0.02-2- Fix the macro for the service removal so the package builds again for openSUSE Tumbleweed and Factory
* Wed Oct 04 2023 Julio González Gil - 3.61.0.02-1- Update to Nexus 3.61.0-02- Bugfixing:
* NEXUS-40135: Fixed an issue that was causing upgrade errors to 3.59.0 or 3.60.0 when user tokens existed in earlier Sonatype Nexus Repository versions with the exact same user ID but different principals (security realms). Noted as a known issue in 3.59.0 and 3.60.0
* NEXUS-39995: Resolved an issue that was preventing administrator users from generating support zips
* NEXUS-39973: Fixed an issue that was causing Docker proxy or group repositories to return a 404 error even though the remote returned the correct manifest
* NEXUS-39624: The task for migrating the blobRef assets field now handles blob_ref duplicates correctly
* NEXUS-38800: AssetBlobCleanupTask now works as expected; the number of threads eventually stays around the same number as expected
* NEXUS-38530: Blob store metrics now update as expected after HA migration
* NEXUS-38292: Improved repository import task memory efficiency so that imports will not fail with out-of-memory errors even with large import sets
* NEXUS-36697: Made changes to the Admin - Delete blob store temporary files task to prevent it accidentally deleting in-use tmp files
* NEXUS-23185: Made improvements for those using Sonatype Nexus Repository with Sonatype Repository Firewall to prevent overloading IQ Server with asset deletion requests- Improvements:
* New OpenShift Operator for PostreSQL and High Availability Deployments (PRO Only)
* Change Repository Blobstore Task Supports Proxy Repositories (PRO Only)
* Policy-Compliant Component Selection for PyPI (PRO Only)
* Azure Blob Store Performance Improvements (PRO Only)
* Sonatype Nexus Repository Usage Metrics (not currently available for High Availability deployments)
* Improved Security When Specifying Credentials as JVM Arguments. Ensure that sensitive credentials are always masked in any location where they may appear
* Fri Sep 08 2023 Julio González Gil - 3.60.0.02-1- Update to Nexus 3.60.0-02- Bugfixing:
* NEXUS-40141: Fixed the previously reported \"Repair - Reconcile component database from blob store task\" issue. The bug caused the task to soft-delete the blob .properties and .bytes files for NuGet v2 proxy and hosted repositories. It also failed to restore the desired content for RubyGems, NuGet v2 (proxy or hosted), or P2 repositories; however, there was no soft deletion associated with RubyGems or P2 repositories
* NEXUS-39918: Clarified search restrictions in high availability environments to explain that searches cannot begin with a special character followed by a wildcard. Attempts to perform such seareches will now result in appropriate descriptive messaging
* NEXUS-39825: NuGet v3 search now returns the complete list of component versions even when the component name has a dot after a digit
* NEXUS-38670: Improved Apt upload performance and speed
* NEXUS-37537: The lastDownloaded attribute for hosted Helm assets now updates as expected in deployments using PostgreSQL or H2
* NEXUS-37024: The Global Webhook capability with Audit Type now works as expected- Improvements:
* Support for Cocoapods Stored on Google Open Source
* Refactored caching for deployments using Atlassian Crowd to improve performance and avoid calls to Crowd Server every time user information is needed. This refactoring also enables caching and improves performance for formats using bearer token realms (i.e., Conan, Docker, and npm formats). You must enable the Crowd realm for this to take effect (PRO Only)
* Wed Aug 16 2023 Julio González Gil - 3.59.0.01-1- Update to Nexus 3.59.0-01- Bugfixing:
* Apache shiro upgraded from 1.10.0 to 1.12.0 to mitigate CVE-2023-34478
* SnakeYaml upgraded from 1.33 to 2.0 to mitigate CVE-2022-1471
* Sonatype recently became aware of a bug impacting those using user tokens for authentication. To address potential security concerns, user token authentication methods were enhanced to ensure that user tokens are always case-sensitive regardless of security realm or database used
* NEXUS-39797: Resolved an issue that was causing some components to not be indexed for search in HA deployments
* NEXUS-39774 & 39573: Using the Search API to return Maven assets with an empty maven.classifier now works as expected
* NEXUS-39255 The Conan v2 remote list command to retrieve revisions performs as expected without a 500 error
* NEXUS-36486 The blobCreated date is now preserved when migrating to PostgreSQL
* NEXUS-36415 Adjusted handling in cases where invalid content violating metadata format is cached in a proxy repository
* NEXUS-35977 Improved error messaging and documentation related to requesting files from a R format repository. See our updated R repositories documentation for supported file types- Improvements:
* Support for password encoders like SHA-256, SHA-384, and SHA-512 for those using LDAP authentication
* To help facilitate debugging outbound network problems, an outbound request log that generates an outbound-request.log file in the $data-dir/log directory is now provided. The outbound request log rotates daily, maintains 90 days of log files by default, and compresses old logs. The log includes information such as date/time, authenticated user id, method, url, response status code, bytes sent, bytes received, and response time
* To help troubleshoot content selector issues, the audit log ($data-dir/log/audit/audit.log) is now expanded to log content selector creation, update, or deletion
* Tue Jul 25 2023 Julio González Gil - 3.58.1.01-1- Update to Nexus 3.58.1-01- Bugfixing:
* Critical Fix for 3.57.0 and 3.58.0 deployments Using Sonatype Repository Firewall. This bug could allow for users to unintentionally download quarantined components
* Tue Jul 18 2023 Julio González Gil - 3.58.0.01-1- Update to Nexus 3.58.0-01- Bugfixing:
* NEXUS-39766: Docker Subdomain connectors work with nGrok again as expected
* NEXUS-39415: Added logging for and made \"Rubygems - Generate SHA256 Checksums and Repair - Update attributes for RubyGems\" tasks configurable via the user interface. See the Tasks documentation for details on these tasks- Improvements:
* Restored \"Admin - Change repository blob store\"Task for deployments using PostgreSQL or H2, after it got disabled in 3.45.0, due to multiple issues that could result in data loss (PRO Only)
* Fri Jul 07 2023 Julio González Gil - 3.57.0.01-1- Update to Nexus 3.57.0-01- Bugfixing:
* NEXUS-24088: You can now properly remove an S3 blob store from a group even when it references an S3 bucket that is no longer accessible; such blob stores no longer cause UI errors
* NEXUS-24726: You can now search for components with an empty group or npm.scope
* NEXUS-27710: Fixed errors that were sporadically preventing startup in some cases due to a corrupted org.apache.karaf.features.cfg file
* NEXUS-29638: Downloading a pom.xml that uses unicode characters no longer fails due to calling getBytes without using UTF8
* NEXUS-31461: Searching for Maven versions now returns versions in alpha-numeric order as expected
* NEXUS-31492: Raw proxy URL no longer encodes special characters for outbound requests
* NEXUS-35917: The Repair - Reconcile component database from blob store task with only Integrity Check option selected now removes stale objects from S3 blob stores as expected
* NEXUS-36599: Browse privileges are no longer required to execute a NuGet search; only Read is needed
* NEXUS-38662: Deleting large repositories is no longer impeded by errors where Sonatype Nexus Repository looks for repository_blobstore in the component database
* NEXUS-38791: Running a search for Maven assets in an HA environment now returns the versions in descending order
* NEXUS-38851: npm exports no longer skip assets with an application/x-tgz content type
* NEXUS-39169: The permissions required for the search API are now consistent between HA and non-HA environments. Searching a group repository from the API only requires the user to have read permissions for the group- Improvements:
* Added a Default Role alert to inform administrators when the Default Role capability is enabled and what role is configured as the default role granted to all authenticated users
* Multiple UX enhancements, including a new Blob Store column in the Repositories table and a sortable Last Updated column to Search results
* Improvements in Support of Sonatype Repository Firewall to ensure HA Sonatype Nexus Repository deployments can support the new Sonatype Repository Firewall SaaS offering. Added validation to ensure that Sonatype Nexus Repository and Firewall only exchange information when Firewall configuration is enabled to avoid data becoming out of syn Renamed the Component IQ and IQ Application fields in the component browse view to Sonatype Lifecycle Component and Application respectively Modified the policy-compliant component selection checkbox so that it is disabled until and unless both the Firewall - Audit and Quarantine capability is enabled and the Enable Quarantine checkbox that appears within that capability is checked. This is to prevent Sonatype Nexus Repository from getting into an inconsistent state with the Firewall server
* Mon Jul 03 2023 Julio González Gil - 3.56.0.01-1- Update to Nexus 3.56.0-01- Bugfixing:
* The Repair - Rebuild npm metadata task now rebuilds npm package metadata as expected
* When migrating from Sonatype Nexus Repository 2 to 3, broken NuGet assets will no longer prevent completing migration. Sonatype Nexus Repository will provide an error message and log an exception for broken NuGet assets. Migration will continue and Sonatype Nexus Repository 3 will migrate valid NuGet assets as expected
* Enabling the IQ: Audit and Quarantine capability in Sonatype Nexus Repository 2 will no longer cause migration to Sonatype Nexus Repository 3 to hang
* PyPI simple index is rebuilt as expected after a staging move
* Repositories already using a blobstore that is then promoted to a group blobstore will continue to function as expected
* Performing \"conan search zlib/
*\" on a hosted repository in a high availability environment works as expected
* Calling \"info/rater_pdf\" only returns versions of the rater_pdf gem as expected- Improvements:
* Search Improvement for High Availability (HA) Enviornments (PRO Only) To ensure you receive the most accurate and usable information, a small aspect of component search was changed for those using one of our HA deployment options. You will now see the latest modification date from among all asset blobs assigned to a component in the Last Updated column. Previously, the component\'s creation date appeared in this column
* In order to prevent unreasonable wait times, a 1-minute timeout was added to the Cleanup Policy preview featureAWs me-central-1 region now appears as an option when creating an S3 blobstore.
* Sun Jul 02 2023 Julio González Gil - 3.55.0.01-1- Update to Nexus 3.55.0-01- Bugfixing:
* The Standard request timeout and Extended request timeout fields in the UI:Settings capability are now properly updated when upgrading from older versions
* Sonatype Nexus Repository now supports Yum repositories using the caret (^) character in RPM names
* Staging move respects the Allow redeploy only on \'latest\' tag setting as expected
* Subdomain routing now reflects the nexus-context-path
* NuGet v3 search in non-HA environments now return components that have a dot after a digit. Note that search works differently in HA, and we are still investigating a fix for HA environments- Improvements:
* Fluentbit, External DNS, and the Docker Ingress and service are now all optional in the Helm chart for a resilient Sonatype Nexus Repository deployment in AWS (PRO Only)
* /v2/users/authenticate Conan endpoint for hosted Conan repositories on Sonatype Nexus Repository deployments using H2 or PostgreSQL databases (PRO Only)
* Streamlined Experience for Those Using Sonatype Repository Firewall
* Quick Actions on Welcome Page, list of quick actions depends on the permissions for each user
* Sun Jul 02 2023 Julio González Gil - 3.54.1.01-1- Update to Nexus 3.54.1-01- Bugfixing:
* Added recently provided patch fixing the GroovyCastException that was occurring when installing the nexus gem
* Fixed the known issue from 3.53.0 for those using community or custom plugins. These plugins now load as expected.
* Added validation so that users can only add valid content selector privileges
* NEXUS-37518: Fixed an issue that was causing errors when running the \"Docker - Delete unused manifests and images\" task
* NEXUS-38740: Fixed an issue that was preventing NuGet v3 search from returning components with \".\" in the component name under some search conditions
* Plugins bundled as .kar files that are installed via $install-dir/deploy now start as expected
* Updated documentation to better explain how metadata is impacted during repository import- Improvements:
* Refreshed Outreach Page
* Export Unused Assets (PRO Only)
* The IQ Audit and Quarantine capability was renamed to Firewall Audit and Quarantine and hidden the IQ Server Configuration capability from the Capabilities screen. Functionality is not impacted, and you will still configure your connection to IQ Server via the IQ Server tab in the user interface
* Sat May 13 2023 Julio González Gil - 3.53.1.02-1- Update to Nexus 3.53.1-02- Bugfixing:
* NEXUS-39091: Concurrent event handling and asynchronous processing works as expected for RubyGems
* Fixed an issue that was causing the RubyGems Info API to work with incorrect groups
* Fixed a paging issue on OrientDB for RubyGems upgrade tasks
* Fixed a GroovyCastException that was occurring when installing the nexus gem
* Resolved an issue for those using OrientDB where, if a package was uploaded while a rebuild was in progress, it may result in missing a package until the next upload
* Fixed an issue that was causing an exception when running the \"Repair - Rebuild Rubygems versions file\" task- It is possible that you may still encounter issues related to the RubyGems Dependencies API deprecation even after upgrading to 3.53.1 Sonatype observed packaging inconsistencies in the RubyGems ecosystem that leave required fields missing or with values that are non-conforming to spec In these scenarios, Sonatype Nexus Repository is unable to properly store the gem or complete normal operations In 3.53.0 and earlier, this error would occur with a 500 error and not enough data being provided in the log file to identify the specific gem In 3.53.1, gems that have this gap will be reported in the \"nexus.log\" file with a log line like the following: 2023-05-12 12:20:32,043-0500 WARN [quartz-11-thread-2]
*SYSTEM org.sonatype.nexus.repository.rubygems.orient.internal.hosted.OrientGemInfoHostedFacet - Could not parse version 0.2.2 from gem gems/nexus-0.2.2.gem Please report such problems to Sonatype so they can properly address non-conforming gems in future releases
* Thu May 11 2023 Julio González Gil - 3.53.0.01-2- There is a known issue in Sonatype Nexus Repository 3.53.0 impacting those using community or custom plugins. These plugins will not load from the typical install directory and, in some cases, this may prevent Sonatype Nexus Repository from starting. If you are using community or custom plugins and wish to upgrade, remove the plugin before doing so. Otherwise, wait to upgrade until a fix is released this issue. If you are not using community or custom plugins, upgrading is safe
* Sat May 06 2023 Julio González Gil - 3.53.0.01-1- Update to Nexus 3.53.0-01- Bugfixing:
* NEXUS-17626: rubygems /versions endpoint not implemented resulting in performance issues installing gems
* NEXUS-20429: incomplete gem metadata returned sometimes from /api/v1/dependencies
* NEXUS-25408: Using 0 in \"Authenticated user status interval\" disables buttons after logging in
* NEXUS-31023: npm metadata request fails with \"Missing blob and no handler set to recover\"
* NEXUS-31286: nexus.datastore system properties do not overwrite values in nexus-store.properties file
* NEXUS-31635: Repository REST API allows invalid version policy value for Maven repo
* NEXUS-35728: New Nexus Repository Manager 3 image breaks \"kubectl cp\" and \"oc cp\" commands
* NEXUS-37958: Blob store health check fails reporting group blobstores as not writable
* NEXUS-38452: RubyGems.org /api/v1/dependencies API removal may cause empty 200 status responses from groups which can then fail builds
* NEXUS-38579: Expensive search done for deleted assets after repository is removed
* NEXUS-38585: Conan hosted repo search does not return all deployed components when conan attributes contain special characters and using elasticsearch indexing
* Upgraded org.apache.karaf.jaas:org.apache.karaf.jaas.modules package from 4.3.6 to 4.3.9 due to a vulnerability. There are no known exploits of this vulnerability, so the this upgrade happens out of an abundance of caution- Improvements:
* NEXUS-31225: Add support for rubygems compact_index /info/ endpoint
* Change in Database Property Evaluation Priority when Using PostgreSQL (PRO Only) To help you more easily change database connection details, there are changes in the way and order in which Sonatype Nexus Repository evaluates the mechanism for evaluating this information. You will also need to provide all required fields through the same mechanism
* Fix for RubyGems Dependency API Deprecation: RubyGems will deprecate its dependency API as of May 10, 2023. Those using RubyGems will need to upgrade to Sonatype Nexus Repository 3.53.0 by May 10 to avoid encountering errors caused by this deprecation
* New Name (Sonatype Nexus Repository) & UI Changes. Functionality is not impacted
* Wed Apr 19 2023 Julio González Gil - 3.52.0.01-1- Update to Nexus 3.52.0-01- Bugfixing:
* NEXUS-24266: Trim SAML UI Input Fields
* NEXUS-27453: The user ID field in \"security --> anonymous\" allows trailing spaces
* NEXUS-33918: Deleting tag via REST API UI returns \"error: no content\"
* NEXUS-34185: Nexus UI does not show \'Last downloaded\' with full time and timezone details
* NEXUS-34566: Deleting an image tag deletes all tags with the same digest from other images
* NEXUS-34611: user-token-reset API execution in Nexus Swagger UI returns \'Error: No Content\'
* NEXUS-35509: Improve search performance with large Roles and Privileges: OrientDB
* NEXUS-36480: Improve robustness and logging for Null Pointer handling in Docker.GC task
* NEXUS-37491: Pypi proxy always does expensive rewrite of simple index pages
* NEXUS-38412: Resetting the nexus loggers to default levels causes \"IllegalArgumentException: The level of the root logger cannot be set to null\" with New HA deployments
* Thu Apr 06 2023 Julio González Gil - 3.51.0.01-1- Update to Nexus 3.51.0-01- Bugfixing:
* NEXUS-31948: Attempting to create Azure blob store with an existing name causes 500 server error
* NEXUS-34077: scheduled tasks race condition during DB migration can leave tasks without proper schedule
* NEXUS-34599: Status API execution via Nexus Swagger UI returns Undocumented Error: OK
* NEXUS-35229: Reconcile task with last X days option checks all properties files
* NEXUS-35728: kubectl cp and oc cp commands work as expected.
* NEXUS-36296: Placing proxy repo in offline mode releases quarantined components
* NEXUS-36416: MissingBlobException for Nuget asset prevents instance from starting
* NEXUS-36817: Increase default size limit for helm yaml files
* NEXUS-37005: Blob store UI will not load if s3 blob store host can\'t be reached
* NEXUS-37639: Docker manifest upload to a docker hosted repository causes missing \"Docker-Content-Digest\" in the response when Nexus running with PostgreSQL db- Improvements:
* Automatically Rebuild Search Indexes for New High Availability (HA) Deployments (PRO Only)
* UI/UX: Better error messaging when configuring Content (PRO only)
* UI/UX: Increasing the size of the routing rule preview field on the routing rule form so that you can see the full path that you enter
* UI/UX: Continued conversion of parts of our UI to use React components See https://help.sonatype.com/repomanager3/product-information/release-notes/2023-release-notes/nexus-repository-3.46.0-release-notes for more information on this effort
* Tue Mar 28 2023 Julio González Gil - 3.50.0.01-1- Update to Nexus 3.50.0-01- Bugfixing:
* NEXUS-22721: UI sign out/logout does not redirect to the default page
* NEXUS-25037: UNAVAILABLE repository status creates confusing user experiencie
* NEXUS-27530: proxying nested repodata/repomd.xml from remote YUM repositories causes automatic download attempt of primary.xml.gz at wrong remote path
* NEXUS-30939: New user token created every time a user clicks the Access token button
* NEXUS-33794: LogbackLogManager ERROR and WARN messages about missing log files lack context and log at the wrong level
* NEXUS-34022: Unable to unassign Routing Rules to a repository via Nexus UI
* NEXUS-35497: Staging move fails if some image layers are contained in a proxy repository
* NEXUS-36365: Blob store names can contain arbitrary characters and lack full validation leading to blobstores which cannot be used, deleted or accessed using REST API
* NEXUS-36590: Choco installs a different package when using Nuget V2 with PostgreSQL
* NEXUS-36955: Checksum and size not updated in repomd.xml which can fail yum install due to checksum doesn\'t match
* NEXUS-37182: Conan search with hosted repo only works for the _ channel
* NEXUS-37315: conan search for hosted repository does not work when package has dependencies defined via \'requires\'
* NEXUS-37454: group blobstore UI Transferred Items title lacks context
* NEXUS-37512: Format specific UI search returns results from different formats
* NEXUS-37563: conan hosted repo does not allow redeploying different configurations of the same package with disable redeploy option
* NEXUS-37895: Data Store UI shows required fields with possibly empty values that cannot be edited- Improvements:
* High availability deployment options with Amazon Web Services, Azure, Kubernetes, or manual setup (PRO Only)
* Supports for Conan revisions for hosted repositories when using an H2 or PostgreSQL database (revisions are not supported on OrientDB) (PRO Only)
* Tue Mar 07 2023 Julio González Gil - 3.49.0.02-1- Update to Nexus 3.49.0-02- Bugfixes:
* NEXUS-30166: Error responses from roles REST API are not in consistent format
* NEXUS-30811: Staging move failing for multi-arch docker image due to NPE
* NEXUS-34600: Unable to add old privileges to role after migrating to postgresql
* NEXUS-36028: enable async batch deletes by default for Admin Cleanup unused asset blob tasks
* NEXUS-36244: Security Users view in the UI queries the database for all user role mappings in the entire database
* NEXUS-36296: Placing proxy repo in offline mode releases quarantined components
* NEXUS-36555: Component links in Browse UI delimit GAV paths with \'%2F\' instead of \'/\'
* NEXUS-36784: Regression: Download asset from UI, the filename contains group id with underscores and then the artifact name
* NEXUS-37385: db-migrator fails if the blob store name contains a colon
* NEXUS-37490: unable to download files when blobstore name contains colon after upgrading to 3.47- Improvements:
* Batch delete is now the default for the \"Admin - Cleanup unused asset blobs\" task (PRO Only)
* Tue Feb 28 2023 Julio González Gil - 3.48.0.01-1- Update to Nexus 3.48.0-01- Bugfixes:
* NEXUS-36573: create a repository of any format triggers a complete Helm index rebuild
* NEXUS-36998: dotnet add command against nuget v2 group repo is very slow on newDB
* NEXUS-37617: loading welcome page can make frequent calls to database which may lead to ui latency in some circumstances
* NEXUS-37810: strict content validation may fail on exe application/x-sharedlib protobuf protoc- Improvements:
* NEXUS-37535: Removed Legacy SQL Maven Metadata Builder
* Improved NuGet v2 Performance on PostgreSQL (PRO Only)
* New and improved Content Replication (PRO Only) While help documentation for legacy replication remains available, it will be unavailable for general use, and will be eventually removed. Reach out to your CSE if you are still using legacy replication and would like to continue using it- Notes: After upgrading to 3.48.0, those using an H2 or PostgreSQL database will need to run a task for each existing Apt, Helm, and Yum repository in order to rebuild their metadata:
* Apt: Rebuild Apt metadata for each Apt repository
* Helm: Rebuild Helm metadata for each Helm repository
* Repair: Rebuild Yum rebuild metadata (repodata) for each Yum repository
* Fri Feb 10 2023 Julio González Gil - 3.47.1.01-1- Update to Nexus 3.47.1-01- Bugfixes:
* NEXUS-37325: MissingBlobException and slow downloads after upgrading to 3.47.0
* Fri Feb 10 2023 Julio González Gil - 3.47.0.01-1- Update to Nexus 3.47.0-01- Bugfixes:
* NEXUS-36506: NonResolvableTarballNameException returned for npm group requests if member proxy is unavailable
* NEXUS-36617: PyPi index not update or generated when importing repository
* NEXUS-36667: logged execution time of database upgrade steps report as seconds when they are actually milliseconds- Improvements:
* NEXUS-34236: Migrate all deletions.indexes, not just the indexes named with the node ID of the instance being migrated to SQL database (PRO only)
* Continued UI Improvements: updated HTTPS Settings and SSL Certificates pages visible to all users
* Thu Feb 09 2023 Julio González Gil - 3.46.0.01-1- Update to Nexus 3.46.0-01- Bugfixes:
* NEXUS-36655: REST API search does not respect maven.extension parameter
* NEXUS-36782: Slow merging of yum group metadata- Improvements:
* Removed Space Remaining Soft Quota for Azure and S3 Blob Stores
* Wed Jan 18 2023 Julio González Gil - 3.45.1.01-1- Update to Nexus 3.45.1-01- Bugfixes:
* NEXUS-36400: Npm package dist-tags are not preserved during repository export/import
* Fri Dec 30 2022 Julio González Gil - 3.45.0.01-1- Update to Nexus 3.45.0-01- Please note new PostgreSQL database user permission requirements introduced as of 3.44.0 that impact your upgrade to 3.45.0. The PostgreSQL user must have CREATE priveleges on the current database due to schema changes made during the upgrade process that have new dependencies- Bugfixes:
* NEXUS-36046: roles ui call to backend is not sending x-nexus-ui request header
* NEXUS-36239: Multiple known issues can lead to data loss, so \"Admin - Change repository blob store\" is now disabled for your protection. All pre-existing tasks of this type will no longer run, and you will not be able to create new ones through either the user interface or API. Sonatype highly discourage you from using this task in earlier Nexus Repository releases where it is not disabled
* Thu Dec 15 2022 Julio González Gil - 3.44.0.01-1- Update to Nexus 3.44.0-01- Bugfixes:
* NEXUS-31363: Remove Quarantined Versions does not update asset attributes.content.etag
* NEXUS-31796: transitive repo group content privileges are not transparently applied to search results causing possible 403 errors in the UI
* NEXUS-33553: Search API returns null for \"lastDownloaded\" field
* NEXUS-34508: Update Stream Filtering on BlobStoreGroupMemberRemovalTask
* NEXUS-34875: docker-nexus3: removal of chef dropped support for NEXUS_CONTEXT
* NEXUS-34950: PyPI package versions published using twine before upgrading to 3.41.0 or later are missing from /simple index preventing discovery by clients
* NEXUS-34969: \"DatastoreFileBlobDeletionIndex - Processing blobstore\" takes long time and block the startup
* NEXUS-35486: Unable to Upload npm package with long buildnumber
* NEXUS-35623: helm proxy fails with large index.yaml (bitnami)
* NEXUS-35867: Group Yum metadata merging failing with OutOfMemoryError in AbstractStringBuilder.hugeCapacity
* NEXUS-35995: Potentially long running query deleting components with repository.cleanup task due to fk_maven2_browse_node_component constraint
* NEXUS-36085: Task creation no longer works with group blob stores
* NEXUS-36154: database migrator may filter out valid components and assets due to \"no repositoryId\"- Improvements:
* Update the Log4J Visualizer user interface to provide new guidance on integrating Nexus Firewall with Nexus Repository
* NEXUS-36180: add configurable cache buster for rapture web UI resources
* NEXUS-36232: prevent automatic search in the UI
* Tue Nov 08 2022 Julio González Gil - 3.43.0.01-1- Update to Nexus 3.43.0-01- Bugfixes:
* NEXUS-31672: Potentially long running query deleting components with repository.cleanup task
* NEXUS-34608: cleanup policies may cause PostgreSQL database connection pool exhaustion and prevent restarts
* NEXUS-34681: Blobstore Group Round Robin should try next blobstore member if one member if full
* NEXUS-34774: Some dependency packages are not downloaded via Nexus Nuget V3 repository
* NEXUS-34950: pypi package versions published using twine before upgrading to 3.41.0 or later are missing from /simple index preventing discovery by clients
* NEXUS-35259: PyPI INDEX type asset is always created by accessing it via group repo
* NEXUS-35492: INSTALL4J_ADD_VM_PARAMS do not override resiliency helm chart jvm arguments defined in nexus.vmoptions
* NEXUS-35515: Cannot cast DetachingList to ArrayList when retrieving Docker proxy repo configuration via REST API
* NEXUS-35530: Maven REPOSITORY_METADATA type asset is always created by accessing it via group repo
* NEXUS-36027: Admin - Cleanup unused asset blobs task may not be able to keep up with the number of newly created unused blobs- Improvements:
* NEXUS-25231: Nexus Repository Now Mirrors PyPI Yank Attribute (PEP 592)
* NuGet V2 Support for H2 and PostgreSQL Database Users (PRO only)
* Upgraded vulnerable Apache Shiro 1.9.1 to 1.10.0 (no reported exploits so far
* Upgraded Jackson Databind from version 2.13.2.1 to 2.13.4.2
* Ugraded SnakeYAML from version 1.28 to 1.32
* Thu Sep 29 2022 Julio González Gil - 3.42.0.01-1- Update to Nexus 3.42.0-01- Bugfixes:
* NEXUS-31088: Helm proxy does not properly handle upstream UTF-8 characters
* NEXUS-31099: Manually scheduled tasks triggered after migration to Postgres
* NEXUS-31188: Nexus Firewall quarantined component returns 404 status through group repository instead of 403
* NEXUS-31891: Performance issue with \"Download cataloged versions only\" and \"Download policy compliant versions\" options
* NEXUS-32449: blobstore outbound http connection or file handle leak while rebuilding Helm index
* NEXUS-32453: Golang metadata in group repos is cached using component max age
* NEXUS-32529: Nexus upgrade can fail with NullPointerException at OrientBlobReconciliationLogMigrator stage.
* NEXUS-33294: Most of docker layer assets are filtered during postgresql migration
* NEXUS-33540: downloadUrl for assets in /rest/v1/search contain extra forward slash after migrating from OrientDB to PostgreSQL
* NEXUS-33917: NPM group repository does not return correct latest version
* NEXUS-33933: Nuget V3 search does not return the expected version against Hosted repository
* NEXUS-34184: log in audit.log components deleted by Cleanup service task
* NEXUS-34242: Elapsed time logged for scheduled tasks is using a time unit that is not human readable
* NEXUS-35082: Instance ID is not preserved during postgres migration
* NEXUS-35218: docker-nexus3 - memory settings no longer removed from nexus.vmoptions- Improvements:
* NEXUS-34932: Upgraded to Jetty 9.4.48.v20220622
* Improvement to Logs for Remove Quarantined Versions Feature (PRO only)
* Search performance improvements
* Thu Aug 25 2022 Julio González Gil - 3.41.1.01-1- Update to Nexus 3.41.1-01- Bugfixes:
* NEXUS-34642: Fix for a critical bug that can cause cleanup policies to unintentionally delete binaries in Nexus Repository Pro deployments which use H2 or PostgreSQL See https://help.sonatype.com/repomanager3/product-information/critical-cleanup-policy-bug-advisory
* Thu Aug 25 2022 Julio González Gil - 3.41.0.01-1- Update to Nexus 3.41.0-01- Bugfixes:
* NEXUS-24499: PyPI Package with single letter names cause 404 to be returned
* NEXUS-27383: Adding helm charts leaves tmp files behind in tmp dir of blobstore
* NEXUS-31314: REST API for Docker Host repo can\'t GET, POST and PUT Allow redeploy only on \'latest\' tag as UI
* NEXUS-31512: Race condition during maven-metadata.xml deployment can cause invalid blob references and 500 response for subsequent GET requests
* NEXUS-31761: DB migrator allows users to connect to the already opened database
* NEXUS-31970: npm group dist-tags endpoint merges duplicate npm tagged versions using highest semantic version instead of first group member resolved version
* NEXUS-32034: IQ Server Page Allows Password Interception on Save/Verify
* NEXUS-32580: db migrator attempts to drop existing SQL database tables by default and can fail
* NEXUS-32613: Can not install specific versions because of broken index type assets for PyPI hosted repository caused by Reconcile task
* NEXUS-32634: Import of ubuntu:22.04 docker image fails with error
* NEXUS-32658: Using REST API to create the same repository twice causes InvalidStateException
* NEXUS-33290: DB migrator: ClassCastException when attributes.content.last_modified is 0
* NEXUS-33541: Integrity check option of Repair - Reconcile component database from blob store task may delete blobs migrated from OrientDB
* NEXUS-33584: /repository/ is not included in the request.log log line when sub-domain routing feature is used
* NEXUS-33613: Nexus System API UI is broken when context path is used
* NEXUS-33733: Cannot create externally mapped role for SAML
* NEXUS-33795: Add debug logging to remove member from blob store group task
* NEXUS-33919: NullPointerException on \"Purge unused snapshots\" task
* NEXUS-33931: cannot create an Azure Blob Store using REST API and environment variable authentication option
* NEXUS-33949: GA level maven metadata files intermittently lose most versions
* NEXUS-34020: Deleting tag results in disassociation attempt against all components- Improvements:
* NEXUS-24127: PyPI repos should provide SHA256 hashes in /simple web interface
* NEXUS-33413: Migrating large database takes many hours
* New Optional Database Migrator Parameters See https://help.sonatype.com/repomanager3/installation-and-upgrades/migrating-to-a-new-database#MigratingtoaNewDatabase-OptionalParametersOptionalParam
* New Admin - delete blobstore temporary files Task If you find that you have excess tmp files for a blobstore, manually schedule and use this task to easily delete all of the tmp files (.bytes and .properties) in a selected blobstore\'s /tmp folder
* Tue Jun 28 2022 Julio González Gil - 3.40.1.01-1- Update to Nexus 3.40.1-01- Bugfixes:
* NEXUS-33568: Fix a bug that prevented downloading and uploading files for those with an H2 or PostgreSQL database who upgraded from 3.39.0 to 3.40.0
* Wed Jun 22 2022 Julio González Gil - 3.40.0.03-1- Update to Nexus 3.40.0-03- Bugfixes:
* NEXUS-26348: Maven Upload generates wrong xsd url
* NEXUS-26519: Cleanup Policy Notes field should be marked as optional
* NEXUS-26584: \'Security management: privileges\' says id when it means name
* NEXUS-27494: Can\'t push image with oci mediatype
* NEXUS-29558: group repo with version policy RELEASE is selectable for Maven - Delete unused SNAPSHOT repository.maven.purge-unused-snapshots task
* NEXUS-31410: Search API returns null for \"lastModified\" field- Improvements:
* NEXUS-33297: Maven Metadata Rebuild Optimizations for SQL Databases (PRO only) If you must revert to the previous legacy SQL implementation, add the following line to /usr/share/nexus3/etc/nexus.properties: nexus.maven.datastore.legacy.rebuild=true
* Docker Subdomain Connector (PRO only)
* Upgrade Database Migrator to Spring 5.3.18
* Wed Jun 22 2022 Julio González Gil - 3.39.0.01-1- Update to Nexus 3.39.0-01- Bugfixes:
* NEXUS-22810: Content selector creation REST API does not check for duplicates
* NEXUS-26811: Importing npm packages from Nexus Repository 2 to 3 should maintain dist-tags
* NEXUS-26846: \"All format\" cleanup policies disappear from repository assignments after editing
* NEXUS-28107: Repository Export allows to select a group repository, but shouldn\'t
* NEXUS-28910: Staging move operations for Maven rebuilds maven metadata for unrelated components resulting in extremely slow operations
* NEXUS-29421: Docker GC task may delete many layers if network/file system issues happened at the scheduled time
* NEXUS-29484: impossible to delete a specific npm package metadata root in some scenarios
* NEXUS-29502: \'CacheInfo missing for\' / \'assuming stale content\' WARNs written to the log when on PostgreSQL
* NEXUS-29639: \"DataStoreNotFoundException: Data store not found: \'null\'\" from Rebuild repository search task
* NEXUS-29786: Nexus throw exception when id of proxy repository id is prefix of hosted one
* NEXUS-30477: RHC report URL does not include context-path
* NEXUS-30537: Repair - Rebuild repository search task fails with \"java.lang.StringIndexOutOfBoundsException: String index out of range: 0\"
* NEXUS-30840: Log4j Visualizer does not match request paths containing non-default webapp context or legacy repo 2 content paths
* NEXUS-30848: Recalculate vulnerabilities statistics task can trigger NullPointerException when reading log files
* NEXUS-30850: Default realm users that differ only by case break the user administration screen in new DB
* NEXUS-30882: The task \"Statistics - recalculate vulnerabilities statistics\" fails with a formatting exception on IPv6 values
* NEXUS-30997: \"GET /nexus/service/extdirect/poll/rapture_State_get\" takes longer when roles have many permissions
* NEXUS-31000: Possible race condition in reconcile component database from blob store task
* NEXUS-31229: /rest/v1/assets REST API may not find assets when using Postgresql database
* NEXUS-31299: Filter in cleanup policy preview causes \"The filter is invalid so results could not be retrieved\"
* NEXUS-31305: The \"lastDownloaded\" field is missing from component/asset REST API\'s when running under PostgreSQL
* NEXUS-31322: docker tags/list outbound paged request can consume all available outbound connections for the proxy repository
* NEXUS-31385: assets stored with empty path in a proxy repo are treated as auditable by repository healthcheck or firewall audit report
* NEXUS-31391: Migration to Postgres not preserving asset creation, update and download
* NEXUS-31395: Docker uploads serialized, can cause performance bottleneck
* NEXUS-31396: Requesting GA maven-metadata.xml checks all GAVs under the repository
* NEXUS-31501: Unused Content Selectors and duplicate permissions are used for the permission check
* NEXUS-31567: NuGet v3 thread cooperation exceptions on /index.json{}
* NEXUS-31573: Orient->Postgres DB migration does not update ID sequence
* NEXUS-31579: Conan search does not work if package name contains “-“
* NEXUS-31586: Docker - Delete unused manifests and images fails with \"java.lang.IllegalStateException: Unit of work has not been set\"
* NEXUS-31601: repository target patterns are migrated to content selectors with leading slash breaking the intended meaning
* NEXUS-31713: Repository Replication: Deleting an asset stops the replicator with NullPointerException
* NEXUS-31887: escalation: docker gc task query cannot finish even with large timeout on query- Improvements:
* NEXUS-11610: register Eclipse Jetty related JMX mbeans by default in Repo 3
* NEXUS-31071: Database backup tasks will no longer interrupt a long-running \"Repair: Reconcile component database from blob\" storage task
* NEXUS-31198: Improved Resiliency/Disaster Recovery for File Blob Stores
* View Nexus, Audit, Cluster, and Task Logs in User Interface
* Thu Mar 31 2022 Julio González Gil - 3.38.1.01-1- Update to Nexus 3.38.1-01- Bugfixes:
* NEXUS-31030: Cannot save edits to a blobstore with whitespace in the name
* NEXUS-31201: Running the Repair - Reconcile component database from blob store task on H2 or PostgreSQL databases no longer generates duplicate blobs
* Fix ea bug that prevented the Log4j Visualizer from rendering in 3.38.0- Improvements:
* Expanded Log4j Visualizer: Added a Log4j Consumption chart to help you see if your organization\'s vulnerable log4j component consumption is trending in the right direction
* Improvements to Policy-Compliant Component Selection for npm (PRO only)
* Upgraded PostgreSQL Driver from 42.2.25 to 42.3.3 (PRO only)
* Thu Mar 03 2022 Julio González Gil - 3.38.0.01-1- Update to Nexus 3.38.0-01- Bugfixes:
* NEXUS-30443: Fix for CVE-2021-43961 (HTML injection vulnerability). You should upgrade to this release immediately.
* NEXUS-20683: API: Searching requires permissions from role that can view every artifact returned in results (admin)
* NEXUS-24232: npm package metadata does not get updated when a package tarball is deleted
* NEXUS-24787: an anonymous docker pull while anonymous user is configured to use docker bearer token realm will permanently break all future anonymous docker logins
* NEXUS-25925: Cleanup policy criteria error if you enter a decimal rather than validate/disallow
* NEXUS-25927: Switching format errors on save if unapplicable criteria are applied
* NEXUS-26134: Password Validator Message not shown when changing your password
* NEXUS-26406: Cleanup Preview should inform the user results are a sample
* NEXUS-26799: Entering newlines in content selector expression text area
* NEXUS-27035: Cannot delete untouched Routing Rule matchers
* NEXUS-27512: Log spam when processing non-timestamped snapshots during metadata rebuild
* NEXUS-28009: Admin - Remove a member from a blob store group processes docker partial uploads
* NEXUS-28166: Yum metadata not refreshed because of relying on \"metadata_generation_time\"
* NEXUS-28446: Maven proxy repository will return 502 response instead of 404 when manually blocked for content not yet cached
* NEXUS-28555: Upgrade from 2 -> 3 can migrate user email addresses that Nexus Repository 3 considers not valid
* NEXUS-28889: Some Debian Packages fail to upload (control.tar.zst)
* NEXUS-29151: IQ policy violations column displays \"Loading\" for non-admin user
* NEXUS-29227: WARN PoolBase Failed to validate connection org.postgresql.jdbc.PgConnection (This connection has been closed.). Possibly consider using a shorter maxLifetime value
* NEXUS-29408: npm group REST API missing when using Postgres/H2 database
* NEXUS-29410: DB migrator NotEnoughDiskSpaceException does not mention which location
* NEXUS-29417: Nexus DB migrator fails if asset name is not set/empty
* NEXUS-29465: Go-group returns 404 for all existing/proxied components (regression)
* NEXUS-29467: replication performance impacts due to frequent database transactions
* NEXUS-29477: deleting the current \"latest\" tgz version from an NPM hosted repo removes the latest tag instead of replacing it with newest published version
* NEXUS-29738: Maven checksum files should be able to be rebuilt even if repository disables redeploy
* NEXUS-30043: Yum hosted metadata cleanup causes IllegalStateException Missing entity-metadata when there are at least two hosted repositories
* NEXUS-30109: Repair - Reconcile component database from blob store task does not restore blobs created while running a different database type
* NEXUS-30153: Nexus Repository 3 may not be installable / upgradable if it uses PostgreSQL with non \"public\" schema
* NEXUS-30366: Routing rules not taking effect for docker when running with external db
* NEXUS-30448: Rebuilding maven-metadata.xml on slower PostgreSQL could take extremely long time
* NEXUS-30534: Docker Proxy S3 - Exception pulling pulling an image which has the same checksum as an existing image
* NEXUS-30687: Blob storage management screen no longer shows if blob store is in use
* NEXUS-30694: Sorting Maven components with Version returns unpredictable order in some cases
* NEXUS-30807: Nexus Repository fails to create user-token record when using PostgresDB for some users
* NEXUS-30834: Log4j Visualizer: log4j-core-2.16.0 is counted even though it doesn\'t have CVE-2021-44228
* NEXUS-30845: request log scanner for log4j visualizer may discard IO exceptions instead of logging them
* NEXUS-30847: Statistics - Recalculate vulnerabilities statistics task is scheduled to run at midnight which conflicts with log rotation
* NEXUS-30898: System - Repository Health Check task not deleted when the associated repository is deleted
* NEXUS-30911: 401 response from a remote docker registry will cause an already cached docker asset to be reported as 404 not found
* NEXUS-30912: Database upgrade to upgrade replication_connection schema does not trigger
* NEXUS-30934: Setting \"NEXUS_SEARCH_INDEX_REBUILD_ON_STARTUP\" environment variable does not rebuild indexes
* NEXUS-30978: Partial metadata generated for empty yum folder/path
* NEXUS-31035: Database Migrator health check reports \"Cluster consistency error: null\"
* NEXUS-31057: Pypi simple index should be proper HTML5 document to be PEP503 compliant and ready for pip version 22.2 and newer
* NEXUS-31233: Adjustments to Read-Only View- Improvements:
* System Status Check for NuGet Versions (PRO ony)
* Redesign of the replication: The current replication method will not be supported after the new replication is released, later in 2022 (PRO only)
* Added GET Method to Repository Management API
* Expanded Assets API
* Apple M1 Chip Support for building
* NEXUS-28833: \'GitHub Packages\' based npm proxy repos causes the long hashed tgz filename/path generation.
* NEXUS-29730: support for running on apple m1 chip
* NEXUS-30524: Yum cleanup policy support for \"Asset Name Matcher\" criteria
* NEXUS-30575: Expose \'Uploader ID\' in API
* Thu Dec 30 2021 Julio González Gil - 3.37.3.02-1- Update to Nexus 3.37.3-02- Bugfixes:
* Update to the text on the Log4j Visualizer screen
* Thu Dec 30 2021 Julio González Gil - 3.37.2.02-1- Update to Nexus 3.37.2-02- Improvements:
* New Log4j Visualizer: In response to the recently reported vulnerability in Apache\'s \"Log4j2\" logging utility (CVE-2021-44228, also known as \"log4shell\"), Sonatype is providing a Log4j Visualizer for a limited time to all Nexus Repository OSS and Pro users. The Log4j Visualizer will provide insight into Maven log4j component downloads impacted by CVE-2021-44228 in your organization
* Sat Dec 18 2021 Julio González Gil - 3.37.1.01-1- Update to Nexus 3.37.1-01- Bugfixes:
* logback library update to fix a low/moderate vulnerability, as a precautionary measure. No known exploit of Nexus Repository via logback at this time.
* Fri Nov 26 2021 Julio González Gil - 3.37.0.01-1- Update to Nexus 3.37.0-01- Bugfixes:
* NEXUS-17624: YUM repomd.xml not deleted from empty level-1 hosted repository
* NEXUS-19089: large set of dirs/files under directpath/nexus-repository-docker dir
* NEXUS-21878: failing to start one docker connector on startup prevents all other not started docker connectors from starting
* NEXUS-22125: Unable to query image tags via Registry API for proxied gcr.io
* NEXUS-26970: Docker proxy repository returns 502 when remote returns 401
* NEXUS-27033: Deploy of newly tagged multiarch manifest not permitted when redeploy is disabled
* NEXUS-27631: Download of docker manifest via UI fails if there is no history in the manifest
* NEXUS-27674: Unable to download conda component that was released from quarantine
* NEXUS-27788: \"Docker - Delete incomplete uploads\" task blocks all docker uploads
* NEXUS-28717: \"Docker - Delete unused manifests and images\" task attempts to read files from the wrong Blob Store.
* NEXUS-28855: Blob store space used constraint says “in MB” but it stores in bytes
* NEXUS-28918: Search API does not sort alpha-numeric versions correctly
* NEXUS-28921: Browse page is empty after migrating to the New DB because Rebuild repository browse tree task fails to be stored due to long name
* NEXUS-29234: java.lang.NumberFormatException for S3 blob stores on upgrade
* NEXUS-29342: Yum generated temp files are not deleted
* NEXUS-29343: Intermittent MissingBlobExceptions for Concurrent Requests
* NEXUS-29380: NX3: reconcile from blob store task can generate invalid npm version entries in metadata
* NEXUS-29433: fetching identical group npm package metadata concurrently can result in uncooperative threads and increased blobstore and database load- Improvements:
* NEXUS-16580: Migrate nx2 artifact information to nx3 during migration
* NEXUS-27145: Allow rebuild maven metadata task to fix invalid blob references for maven-metadata.xml
* NEXUS-28844: option to rebuild npm package metadata per repo or package
* NEXUS-28896: improve INSERT performance into format specific browse_node tables
* New \"Repair - Rebuild npm metadata\" Task
* The \"Repair - Rebuild Maven repository metadata\" Task Fixes Invalid Blob References for maven-metadata.xml
* Retain Information About Assets Migrated from Nexus Repository Version 2 to Version 3
* Improved S3 Blob Store Performance
* Replication Support for NuGet and PyPI (PRO only)
* Improved Performance for those Migrating to Nexus Repository 3 with an External PostgreSQL Database (PRO only)
* Improved Resilient Deployment Options (PRO only)
* Tue Nov 09 2021 Julio González Gil - 3.36.0.01-1- Update to Nexus 3.36.0-01- Bugfixes:
* NEXUS-29088: Running the replication backfill blob attributes task will now process all blobs as expected.
* NEXUS-29319: This release includes a security fix for an incorrect access control. See the CVE-2021-42568 for full details.
* NEXUS-29407: This release includes a security fix for a server side request forgery vulnerability. See CVE-2021-43293 for full details.
* NEXUS-21814: Repair - Reconcile component database from blobstore may not process PyPI assets correctly
* NEXUS-27629: logging is too verbose when the submitted application id from npm audit is not found in the connected IQ server
* NEXUS-28714: Content validation does not work properly for OCI
* NEXUS-28717: \"Docker - Delete unused manifests and images\" task attempts to read files from the wrong Blob Store.
* NEXUS-28779: Use cases for name and type properties for datastores can be confusing
* NEXUS-29338: Image push after Nexus Repository upgrade not possible- Improvements:
* NEXUS-24332: Optimized How Yum Metadata is Rebuilt
* Faster Migration from Nexus Repository 2 to Nexus Repository 3
* Replication Improvement: Use Truststore Certificates for Replication Connection (PRO only)
* Improvements to Database Migration to H2 or PostgreSQL (PRO only) > Added OrientDB Health Check to Database Migration (PRO only) > NEXUS-28789: Added Nexus Repository Database Version Check PRO (PRO only)
* Documentation Improvement: New Resiliency Example Using Azure (PRO only)
* Thu Oct 14 2021 Julio González Gil - 3.35.0.02-1- Update to Nexus 3.35.0-02- Bugfixes:
* NEXUS-20284: Default content type for raw repositories is now \"text/plain\"
* NEXUS-26313: WWW-AUTHENTICATE header does not include needed scope of token
* NEXUS-26642: A removed docker asset at a remote will cause an already cached docker asset to be removed from a proxy repository when component age expires
* NEXUS-27125: npm proxy repo audit requests may trigger IllegalStateException Missing org.sonatype.nexus.repository.view.matchers.token.TokenMatcher$State while getting cached content
* NEXUS-27318: Maven - Publish Maven Indexer files task leaks inputstream
* NEXUS-27372: Delete of npm package tarball silently fails if the version isn\'t in package root metadata
* NEXUS-27628: Application id is not logged at any level when provided by npm audit command
* NEXUS-28166: Yum metadata not refreshed because of relying on \"metadata_generation_time\"
* NEXUS-28621: Nexus DB Migrator 3.33.0 fails with java.lang.StringIndexOutOfBoundsException error
* NEXUS-28805: Migrator attempts to migrate tagged components before tags have been processed resulting in NullPointerException executing step processComponentStep
* NEXUS-28842: Github npm package registry does not work with Nexus Repo 3
* NEXUS-28898: Contention rebuilding Maven hosted archetype-catalog.xml during repository 2 to 3 migration
* NEXUS-28908: Stuck RUNNABLE postgresql queries on SocketInputStream.socketRead0(Native Method)
* NEXUS-28922: Azure Blobstore creation fails with using Nexus 3.34.0-01 with PostgresDB- Improvements:
* NEXUS-16580: Migrate nx2 artifact information to nx3 during migration
* NEXUS-28686: Provide an option to not migrate repository content for repositories that are selected for migration from repo 2 to repo 3
* NEXUS-28891: Avoid building browse feature information during repository 2 to 3 migration to improve migration performance
* NEXUS-28924: Option to force the migration process to end without abort before all content is migrated
* Firewall Integration Improvement: Policy-Compliant Component Selection for npm
* Faster Imports with Hardlink Support for All Formats
* Improvements to Repository Replication (PRO only): > Replicator Now Supports Docker and npm Formats > Replicator Now Runs Continuously by Default > New Replication Administrator Role
* Updated Database Migrator for Easier Migration Between PostgreSQL and H2 Databases (PRO only)
* Conan Hosted Support for PostgreSQL and H2 Databases (PRO only)
* Sun Sep 26 2021 Julio González Gil - 3.34.1.01-1- Update to Nexus 3.34.1-01- Bugfixes:
* NEXUS-28768: To facilitate migrating from Nexus Repository 2 to Nexus Repository 3, the npm package.json author field can now accept both map and string values
* NEXUS-28815: NullPointerException at com.sonatype.nexus.migration.repository.migrators.datastore.NpmRepositoryMigrator.recordMetadata
* NEXUS-28821: org.sonatype.nexus.datastore.api.DuplicateKeyException in org.sonatype.nexus.repository.content.browse.store.BrowseNodeStore.mergeBrowseNode- Improvements:
* NEXUS-28522: change the default location for storing import task metadata
* NEXUS-28819: log in repo 3 application log the 2 to 3 migration state to make it easy to determine why migration cannot be ended gracefully
* Sun Sep 05 2021 Julio González Gil - 3.34.0.01-1- Update to Nexus 3.34.0-01- Bugfixes:
* NEXUS-27932: \"Manifest invalid\" message when running the Docker GC task.
* NEXUS-28394: Last downloaded field not properly updating when installing or downloading through R proxy
* NEXUS-28458: logged ERROR LastShutdownTimeServiceImpl \'Failed to process file - Assuming no previous start time\' on startup
* NEXUS-28620: Nexus Database Migrator fails when symlink is used for data directory or data directory not in standard location
* NEXUS-28807: Nexus-3-0 Stage-release Violations - 08/27/21 12:19 AM
* NEXUS-28808: Policy violation of com.thoughtworks.xstream : xstream: 1.4.17
* NEXUS-28853: This release includes a security fix for an HTTP header injection. See the CVE-2021-40143 advisory for full details. If you are using an earlier version, you should upgrade to this release immediately- Improvements:
* NEXUS-28266: make S3 Connection Time to Live (TTL) setting configurable to help avoid socket connect timeouts
* Repository Replication (PRO only)
* NEXUS-28780: New Formats Supported for PostgreSQL and H2 Databases (PRO only): > NEXUS-28677: CocoaPods Format support in Postgres (PRO only) > NEXUS-28678: Go Format support in Postgres (PRO only) > NEXUS-28781: Rubygems Format support in Postgres (PRO only)
* Fri Sep 03 2021 Julio González Gil - 3.33.1.01-1- Update to Nexus 3.33.1-01- Bugfixes:
* NEXUS-28081: Nexus 2 migration to Nexus 3 fails due to permissions of unsupported formats on PostgreSQL databases- Improvements:
* Updated Eclipse Jetty Version to 9.4.43.v20210629
* Changes to Cloud Resiliency Architecture Example: remove the dependency on Amazon Elastic File System (EFS). The improved example provides new YAML files to help you set up Fluent Bit and CloudWatch in order to externalize your logs. This will allow you to capture comprehensive logs even if Nexus Repository runs on separate nodes within the same day.
* Thu Aug 05 2021 Julio González Gil - 3.33.0.01-1- Update to Nexus 3.33.0-01- Bugfixes:
* NEXUS-27428: redundant download count attribute for NuGet v3
* NEXUS-28277: Fetching group npm package metadata concurrently can cause OConcurrentModificationException
* NEXUS-28362: slow request processing due to group trying to locate blobs in the wrong blobstore
* NEXUS-28381: Webhook ConnectionPoolTimeoutException: Timeout waiting for connection from pool after sending 20 requests
* NEXUS-28442: XSS injection- Improvements:
* NEXUS-28543: Conda Format support in Postgres (PRO only)
* NEXUS-28544: Git LFS Format support in Postgres (PRO only
* NEXUS-28545: R Format support in Postgres (PRO only
* NEXUS-28561: Conan Format support in Postgres (PRO only
* NEXUS-28562: npm format support in Postgres (PRO only
* Improvements to Resilient Nexus Repository Deployment Architecture
* Fri Jul 09 2021 Julio González Gil - 3.32.0.03-1- Update to Nexus 3.32.0-03- Bugfixes:
* NEXUS-27469: Using AzureBlobStore causes docker image upload failure with \'digest invalid\' error
* NEXUS-27617: Unable to configure SAML on docker image due to bug in included OpenJDK
* NEXUS-27753: The latest package version doesn\'t change in package root after component deleting
* NEXUS-28247: Docker GC Task incorrectly removing manifests and layers- Improvements:
* NEXUS-28203: Replication (Product Preview, PRO only)
* NEXUS-28205: APT Format support in PostgreSQL
* Fri Jun 25 2021 Julio González Gil - 3.31.1.01-1- Update to Nexus 3.31.1-01- Bugfixes:
* CVE-2021-34553: Information disclosure vulnerability fixed. Sonatype Nexus Repository 3 up to 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a crafted GET request) without having been granted access.
* NEXUS-28078: Docker - Delete unused manifests and images task may delete referenced layers if the database query to select components encounters limits
* Thu Jun 17 2021 Julio González Gil - 3.31.0.01-1- Update to Nexus 3.31.0-01- Bugfixes:
* NEXUS-26177: Deleting an npm repository or invalidating the cache breaks npm audit.
* NEXUS-26312: \"Last downloaded\" not updating consistently in NuGet.
* NEXUS-26358: WARN messages from SupportRestorer Can\'t find file to restore data
* NEXUS-27614: PyPI can swallow errors when the simple index is being re-written.
* NEXUS-26683: \"Remove a member from a blob store group\" task can\'t remove a blob store if one bytes file is missing
* NEXUS-26732: Race Condition in Docker format can cause assets to be mistakenly deleted.
* NEXUS-26737: Deleting manifest with Docker API does not delete all tags.
* NEXUS-26829: Copy and config links incorrect for nuget V3 proxy repos
* NEXUS-26845: HTTP error status code not logged on proxy repository automatic blocking
* NEXUS-26938: Use HEAD request to determine whether remote content has changed instead of conditional GET to avoid hitting DockerHub rate limit prematurely.
* NEXUS-26971: Incorrect results can be returned when using npm show with group repositories.
* NEXUS-27014: Cleanup policies and tasks do not fully consider Docker layers can be referenced by manifests in other repositories.
* NEXUS-27015: IllegalArgumentException on Publish Maven Index task.
* NEXUS-27130: GA maven-metadata.xml fails to refresh if a GAV is deleted via Browse\'s \"Delete Folder\" button
* NEXUS-27182: Blob paths traversal
* NEXUS-27427: Blank values for NuGet attributes.
* NEXUS-27436: npm metadata rebuild failing due to NPE.
* NEXUS-27563: S3 connection pool exhaustion when merging repomd.xml in group repositories.
* NEXUS-27564: Yum Group repomd.xml merge connection pool exhaustion causes problems.- Improvements:
* NEXUS-20252: Support Staging with PyPI format.
* NEXUS-23959: Define BlobStoreApiSoftQuota type allowableValues
* NEXUS-24311: Added hardlinks to import/export.
* NEXUS-26617: Upgrade karaf to 4.3.0
* NEXUS-26931: Added UI validation to ensure container name is all lower case alphanumeric.
* NEXUS-27597: Add ability to run `Repair - Reconcile component database from blob store` against a subset by time
* NEXUS-27683: StorageFacetCleanupTaskManager should remove & schedule task.
* NEXUS-27953: Upgrade Eclipse Jetty to 9.4.42.v20210604.
* Fri Apr 23 2021 Julio González Gil - 3.30.1.01-1- Update to Nexus 3.30.1-01- Bugfixes:
* Security fix for CVE-2021-30635 (Information Disclosure). See https://support.sonatype.com/hc/en-us/articles/1500006879561 for details.
* Security fix for CVE-2021-29159 (XSS vulnerability). See https://support.sonatype.com/hc/en-us/articles/1500005031082 for details.
* Security fix for CVE-2021-29158 (Sensitive Information Disclosure). See https://support.sonatype.com/hc/en-us/articles/1500006126462 for details.
* NEXUS-27384: Upgrade Eclipse Jetty to 9.4.40.v20210413
* NEXUS-26789: Performance improvement to rebuilding GA maven-metadata.xml
* NEXUS-26501: Package content is out of specification when downloading from NuGet hosted
* NEXUS-27013: Raw proxy is encoding slashes for outbound requests
* NEXUS-26855: Non-indexed raw proxy repositories cannot be browsed
* Fri Mar 05 2021 Julio González Gil - 3.30.0.01-1- Update to Nexus 3.30.0-01- Bugfixes:
* NEXUS-12022: Allow configuring HTTPS Maven proxy repositories with pre-emptive authentication
* NEXUS-18610: Raw proxy errors on URL encoded space and plus (+) characters
* NEXUS-19181: staging NullPointerException when moving docker assets via DockerComponentDirector.maybeCopyAssets
* NEXUS-23750: Does not support npm GitHub Package Registry
* NEXUS-24485: Docker Manifest generation is incorrect for Redeploy Disabled repositories.
* NEXUS-25148: Incremental yum rebuilds with only COMPS files are ignored
* NEXUS-25501: Logout with anonymous off fires JS error, can malform page
* NEXUS-25626: Docker redeploy on the latest tag fails when more than one tag exists for the image
* NEXUS-25733: NuGet v3 repository index.json generation
* NEXUS-25783: Browse of NuGet packages from visual studio fails if user doesn\'t have browse privileges to all group members
* NEXUS-25784: Browse request to NuGet v3 search URL in group fails completely if one of the group\'s members has DNS lookup failure
* NEXUS-25868: Podman push of new image tag fails when docker cli push succeeds for the same actions
* NEXUS-25904: The \"admin - change repository blob store\" task should not allow selection of a promoted blob store
* NEXUS-25908: nuget restore does not resolve inbound normalized package versions to unnormalized published versions using NuGet v3
* NEXUS-25924: If the remote of a NuGet v3 proxy is not reachable it breaks requests to a NuGet group
* NEXUS-25985: \"Docker - Delete unused manifests and images\" task deletes digest manifests referenced by other manifests
* NEXUS-26003: Helm proxy : difference between helm index file and real artifact url
* NEXUS-26036: wrong issuer displayed for trusted SSL certificates
* NEXUS-26093: Create proxy repository in API UI fails due to password missing from Authentication JSON
* NEXUS-26099: No way to set \"useTrustStore\" in proxy repository REST API
* NEXUS-26118: pip search does not work
*via
* NXRM PyPI proxy to NXRM PyPI repository and authentication is required
* NEXUS-26129: Promoting a nested blob store causes it to be removed entirely
* NEXUS-26132: upgrade of NXRM 2 to NXRM 3 maven assets fails due to IllegalStateException: Missing {attributes:checksum} sha256
* NEXUS-26315: Cleanup Policy List shows Error 500 after Upgrade 3.28.0 to 3.29.2
* NEXUS-26355: sha512 or sha256 hashes are processed by expensive repository content validation
* NEXUS-26379: DockerFacetUtils.findAssetByContentDigest() causes poor performance under load
* NEXUS-26453: saving the s3 blobstore config can break async tmp blob deletes by not restarting the async delete thread pool
* NEXUS-26473: Thread cooperation does not work when recovering from missing blobs in proxy repositories
* NEXUS-26483: Nexus UI causes Uncaught TypeError when the username contains \'api\' string with privilege \'nx-api-reader\'
* NEXUS-26504: Newly created compact blob store task has \"multinode=true\"
* NEXUS-26605: Rebuild metadata fails to rebuild corrupt metadata files
* NEXUS-26611: conda proxy repositories do not support inbound conditional HTTP GET HEAD
* NEXUS-26676: IllegalOperationException: Repair - Rebuild Maven repository metadata- Improvements:
* NEXUS-24446: Add Azure Blob Storage support to NXRM blob store
* NEXUS-25275: improve docker repository human readable error response messages
* NEXUS-25623: Provide a different status than Quarantined for components Pending Quarantine
* NEXUS-25909: Protect inbound HTTPS connections against Weak Diffie-Hellman Keys and Logjam by default
* NEXUS-26196: Allow enabling truststore with Repository Management REST API
* NEXUS-26319: remove reference to sonatype-public-grid from pom files
* NEXUS-26606: Upgrade Eclipse Jetty to 9.4.38.v20210224
* Fri Jan 08 2021 Julio González Gil - 3.29.2.02-1- Update to Nexus 3.29.2-02- Bugfixes:
* NEXUS-26251: Interface for Cleanup Policies erroneously interprets and persists values as seconds instead of days. If you installed 3.29.1 and modified or created a cleanup policy you must confirm that these fields have the intended values.
* Fri Dec 25 2020 Julio González Gil - 3.29.1.01-1- Update to Nexus 3.29.1-01- Bugfixes:
* NEXUS-24391: \'Destination already contains component\' error when using staging API
* NEXUS-25504: Unable to pull images from hosted docker repo after move to new blobstore
* NEXUS-25600: Repository Import Ignores Validation
* NEXUS-25611: Installing via helm proxy errors if not using official remote
* NEXUS-25801: Group repository registration API requests may fail
* NEXUS-25902: Source blob store is not logged in repository move task
* NEXUS-25903: Repository blob store set incorrectly after error in \"admin - change repository blob store\" task
* NEXUS-25936: npm audit fails with 500 response using group and anonymous
* Sat Dec 05 2020 Julio González Gil - 3.29.0.02-1- Update to Nexus 3.29.0-02- Bugfixes:
* NEXUS-16575: Raw repo url returns Error 404
* NEXUS-19840: /service/metrics/healthcheck returns 500 status code if a single healthcheck fails. It is deprecated now and scheduled for removal. It is recommended to use the alternative endpoint /service/rest/v1/status/check which has a near equivalent JSON response, except it does not return 500 status when one or more system status checks fail
* NEXUS-23733: Creating more than one file based blobstore using the same root path is not prevented
* NEXUS-23827: PACKAGES.gz cannot be updated if repository doesn\'t allow redeploy
* NEXUS-24331: deployment of rpm to a single directory causes metadata rebuild for entire repository
* NEXUS-24913: npm audit caching prevents policy updates
* NEXUS-25105: HTTP 500 response when attempting to delete LDAP user via REST API
* NEXUS-25116: Getting Metadata hashes via a Maven group returns 404 Not found
* NEXUS-25147: Rebuild metadata task leaves sha256 and sha512 files untouched for metadata files
* NEXUS-25158: HeaderPatternFilter may reject implicit Host value due to certain combinations of X-Forwarded headers
* NEXUS-25186: possible that requests abruptly terminating will not appear in request.log
* NEXUS-25291: NuGet V3 Proxy can be configured only using a specific remote in UI field
* NEXUS-25292: Bad blob file reference breaks repository export
* NEXUS-25304: Health check details can fail with NPE if IQ server is setup but disabled
* NEXUS-25357: NuGet Proxy does not work with some third-party V3 repositories
* NEXUS-25420: NXRM to NXRM Nuget v3 proxying still results in direct requests to nuget.org
* NEXUS-25464: Blob reference not updated in asset after change repository
* NEXUS-25478: Nuget V3 Group packages incorrectly sorted in page causing some installs to fail
* NEXUS-25502: yum metadata is rebuilt after downloading it which can cause build failures
* NEXUS-25510: Error Response Code 429 (Rate Limiting) does not autoblock
* NEXUS-25521: Encoded proxy URL causes startup failure
* NEXUS-25527: Crowd \"Verify connection\" button deletes all inputted values
* NEXUS-25529: Security management: Users API does not show \"externalRoles\" for Crowd
* NEXUS-25575: Password Validator Message not shown when changing your password.
* NEXUS-25604: Some newly deployed rpm files not showing up in primary.xml.gz, despite logging saying they are being added
* NEXUS-25605: Proxy repositories to github package registry can fail query requests when accessed in a group repository
* NEXUS-25609: Exception processing payloads for a single NuGet group member repository can stop all group member processing
* NEXUS-25628: yum metadata missing provides entries when multiple versions are provided by a package
* NEXUS-25650: Nexus-3-0 Develop Violations - 10/29/20 12:15 AM
* NEXUS-25775: WARN messages WebResourceServiceImpl - Overlapping resources on path /static/img/sonatype-logo-with-hexagon.png
* NEXUS-25829: CVE-2020-29436: Fixes an XXE Vulnerability
* NEXUS-25830: ClassCastException Long cannot be cast to Date for NuGet v3 registrations index
* NEXUS-25928: Nexus-3-0 Develop Violations - 11/19/20 12:14 AM- Improvements:
* NEXUS-14631: Add more attributes to REST resource for asset
* NEXUS-19021: Nothing is logged at default levels when roles are added or removed
* NEXUS-20267: only allow the most secure cipher suites and TLS protocol versions for inbound HTTPS connections by default. See also NEXUS-25786 below.
* NEXUS-25307: Protect against deletion of related blob stores while the Change Repo Blob Store task is executing
* NEXUS-23331: Add the support of helm push plugin
* NEXUS-25423: Add caching of catalog dates for npm component queries to IQ
* NEXUS-25424: Add configuration for Orient\'s \"network.binary.maxLength\"
* NEXUS-25506: change the Remote URL of the default nuget.org-proxy proxy repository to api version 3 compatible https://api.nuget.org/v3/index.json. Applies only to new installations. Upgrading will not modify any existing remote URLs, although users are encouraged to start migrating away from using NuGet V2 API URLs such as the previous default (https://www.nuget.org/api/v2/).
* NEXUS-25774: upgrade Eclipse Jetty to 9.4.33.v20201020
* NEXUS-25786: explicitly disable TLS 1.0 and 1.1 for inbound HTTPS connections by default. Only applies to Eclipse Jetty-based direct inbound HTTPS connections (no reverse proxy). You are encouraged to use the new settings, but if for some reason you still the new TLS versions or cipher suites, check https://support.sonatype.com/hc/en-us/articles/213465098
* Wed Oct 28 2020 Julio González Gil - 3.28.1.01-1- Update to Nexus 3.28.1-01- Bugfixes:
* NEXUS-25507: Fixed an issue that caused the Change repository blob store task to spawn too many threads.
* Fri Oct 02 2020 Julio González Gil - 3.28.0.01-1- Update to Nexus 3.28.0-01- Bugfixes:
* NEXUS-21107: Raw repo folders with special characters created using UI cannot be deleted
* NEXUS-23968: PyPiHostedFacet does not delete TempBlob on getIndex
* NEXUS-23977: Large docker image upload does not work well with slow inbound network
* NEXUS-24227: archetype-catalog.xml is imported by import task to a maven repository
* NEXUS-24682: Helm repositories require the packages to be relative to the index.yaml
* NEXUS-24718: Running \"docker delete unused manifests and images\" task when blob storage is not available deletes all layers
* NEXUS-24830: npm audit error with quarantined components
* NEXUS-24833: After doing \"Export assets\" task then \"Import external files\" does not preserve lastBlobUpdated (last_updated)
* NEXUS-24846: Wrong Timezone used for Apt Release file
* NEXUS-24868: Group does not export semver2 endpoints `RegistrationsBaseUrl/Versioned` when used as NuGet V3
* NEXUS-24916: SAML configuration error root causes are swallowed and not logged at default levels
* NEXUS-24918: npm audit should not fail if package.json contains a dependency that can\'t be found
* NEXUS-24998: Continuation token fails intermittently with 406 response but then eventually works.
* NEXUS-24999: query params for yum related db query not logged
* NEXUS-25036: repositories with version policy of RELEASE should avoid processing any SNAPSHOT related requests
* NEXUS-25039: Download of docker tags from hosted repository can fail with 400 response
* NEXUS-25156: Npm Audit doesn\'t fail fast when no IQ server is configured
* NEXUS-25190: Newly deployed RPM files do not always appear in yum metadata files
* NEXUS-25294: DockerFacetUtils.findAssetByContentDigest NXRM 3.0.0-M7 backwards compatibility code is non-performant under load
* NEXUS-25296: 502 error if a nuget-v3 group contains a proxy with different nuget version
* NEXUS-25340: IllegalArgumentException: Invalid range for Docker Pushes
* NEXUS-25347: org.eclipse.jetty loggers do not log messages if levels are edited
* NEXUS-25378: docker PUT and PATCH requests may write to the same blob causing docker pushes to fail due to InvalidContentException: Content type could not be determined- Improvements:
* NEXUS-24842: Slow performance pushing large images to S3 based blobstore
* NEXUS-12016: Moving repositories between blob stores (PRO only)
* NEXUS-14448: Include IQ link in Maven output when a component blocked by Firewall
* NEXUS-18283: Ability to Add Custom AWS S3 Regions to Blobstore Configuration
* NEXUS-19858: Confirmation when promoting a blob store
* NEXUS-24904: nxrm 3.26.0 introduces new ERROR level log messages from org.eclipse.jetty.util.log.StdErrLog
* NEXUS-25099: Group deployment for NPM (PRO only)
* NEXUS-25117: add configurability to how S3 temporary blobs are deleted
* NEXUS-19572: Go specific search- Other:
* NEXUS-25336: Replace Google (Guava) Supplier with Java Supplier, people consuming or implementing them will need to update those usages to java.util.function.Supplier.
* NEXUS-25209: Use DB-agnostic TempBlob where possible. Any scripts or third party plugins using org.sonatype.nexus.repository.storage.TempBlob will need to change to use of org.sonatype.nexus.repository.view.payloads.TempBlob.
* NEXUS-25162: Consolidate implementations of WritePolicy. org.sonatype.nexus.repository.storage.WritePolicy has been moved to org.sonatype.nexus.repository.config.WritePolicy. This will impact any groovy scripts using the org.sonatype.nexus.script.plugin.RepositoryApi to create repositories.
* Sat Sep 05 2020 Julio González Gil - 3.27.0.03-1- Update to Nexus 3.27.0-03- Bugfixes:
* NEXUS-24298: Yum proxy needs to be more lenient about gzip encoding
* NEXUS-24464: NuGet Signature validation goes out to https://api.nuget.org
* NEXUS-24691: OCI annotations result in errors
* NEXUS-24802: Spurious warnings logged when running reconcile task against group blob store
* NEXUS-24837: Metadata query cache age and Maximum metadata age timeouts are ignored for metadata requests
* NEXUS-24869: Moving away from the Logging page asks \"Unsaved changes\"
* NEXUS-24901: some rpms in a yum hosted repo are not added to a rebuilt hosted repo primary.xml metadata file
* NEXUS-24917: npm audit fails for packages that are not all lowercase
* NEXUS-24925: Unneeded JSESSIONID cookies returned
* NEXUS-24988: Snapshot remover deletes GAV level maven-metadata.xml files, resulting in 404 responses
* NEXUS-25019: CVE-2020-24622: S3 secret key can be exposed by admin user- Improvements:
* NEXUS-10471: Allow deployment to Docker group repositories (PRO only)
* NEXUS-21118: remove reference to deprecated Jetty socket linger time soLingerTime
* NEXUS-25098: REST API for Conda repositories
* Sun Aug 16 2020 Julio González Gil - 3.26.1.02-1- Update to Nexus 3.26.1.04-1- Bugfixes:
* NEXUS-24867: Fix an issue starting server when multiple SSL certificates are present in the configured keystore.
* Tue Aug 11 2020 Julio González Gil - 3.26.0.04-1- WARNING: Eclipse Jetty Version may Require Configuration Change On Upgrade Check https://issues.sonatype.org/browse/NEXUS-24867 for details or update straight to 3.26.1.02-1- Update to Nexus 3.26.0-04- Bugfixes:
* NEXUS-23065: `Docker - Delete incomplete uploads` task will stop if it errors reading a single asset
* NEXUS-23417: During upgrade of PyPI proxy in 3.22, browse nodes are rebuilt too quickly.
* NEXUS-24226: Prometheus metrics endpoint may be using more CPU than expected.
* NEXUS-24317: NuGet v3 proxy: index.json still available after remote changing
* NEXUS-24592: CVE-2020-15868 - Access controls bypass
* NEXUS-24601: Search API sorting doesn\'t work
* NEXUS-24619: Export filenames that are supported in windows (and import those files properly as well)
* NEXUS-24671: Audit log is not recording events even if feature is enabled- Improvements:
* NEXUS-24788: Import and Export for Docker, PyPI, Rubygems and Yum (PRO only)
* NEXUS-23928: Update /beta/repositories REST endpoints updated to /v1. Beta endpoints still work.
* NEXUS-23930: Update v1 REST endpoints for Security API. Beta endpoints still work.
* NEXUS-24416: Yum repodata metadata handles multiple level rebuild better
* NEXUS-24858: Repair - Reconcile component database from blob store task now includes NuGet format
* Fri Jul 31 2020 Julio González Gil - 3.25.1.04-1- Bugfixes:
* NEXUS-24711: Fix UI login when using custom web context paths
* Thu Jul 30 2020 Julio González Gil - 3.25.1.02-1- WARNING: A critical bug has been discovered in version 3.25.1-02, if a custom web context path is being used (e.g. \"/nexus\") UI logins will not work. This is not the case with default installations performed by this package. But if you are using a custom web context wait until NEXUS-24711 is fixed with a new release- Update to Nexus 3.25.1-02- Bugfixes:
* NEXUS-24596: CVE-2020-15871 Remote Code Execution vulnerability (https://support.sonatype.com/hc/en-us/articles/360052192693)- Improvements:
* NEXUS-24488: Avoid excessive database queries in OSSIndex integration
* NEXUS-24489: Batch requests from browse UI for OSSIndex
* NEXUS-24128: REST API delete requests for Maven components can have slow performance
* NEXUS-24112: Staging move of Maven components can be very slow due to metadata rebuilds
* NEXUS-24612: Unable to browse repository - OssIndexVulnerabilityClient Timeout
* Tue Jul 14 2020 Julio González Gil - 3.25.0.03-1- Update to Nexus 3.25.0-03- Bugfixes:
* NEXUS-20640: docker push may fail with blob upload unknown due to race condition
* NEXUS-20829: Correct the upgrade screen to state that multiple upgrades from Nexus 2.x to 3.y is not supported.
* NEXUS-23550: p2 proxy repository does not work with IQ update site
* NEXUS-23759: context missing from MavenRestoreBlobStrategy - Skipping as no maven coordinates found and is not maven metadata
* NEXUS-23830: docker anonymous pull fails with 401 when user tokens are enabled
* NEXUS-23887: LDAP connection UI looks broken, constantly prompts for password
* NEXUS-23895: Save of LDAP user and group settings fails with error.
* NEXUS-24098: Snapshot GAV metadata rebuilt incorrectly if packaging has multiple segments
* NEXUS-24124: OCI - Docker repos should respect accept headers
* NEXUS-24132: Import Attributes fail if an asset has a null componentId
* NEXUS-24194: NuGet V3 Hosted - Search prerelease flag does not work
* NEXUS-24222: Reduce likelihood of OOM when accessing NuGet feed
* NEXUS-24248: NuGet v3 proxy fails to work with HA-C
* NEXUS-24267: download of podspec.json file through proxy repo which does not exist at the remote causes NullPointerException and 500 status code
* NEXUS-24283: Repository export errantly tries to validate delta files for every asset, even in other repositories
* NEXUS-24334: NPM Audit logs error on retrieving package
* NEXUS-24355: Nuget V3 - Impossible to use hosted/group/proxy as remote for proxy
* NEXUS-24457: npm package metadata dist-tags section can be empty when merged from a group repository member group repository- Improvements:
* NEXUS-10886: NuGet v3 JSON format support
* NEXUS-10886: Iport for npm and NuGet formats (PRO only)
* NEXUS-20642: add thread id to audit log entries
* NEXUS-24256: Enforce Password Complexity Requirement
* NEXUS-24568: Cache npm audit results to improve performance
* NEXUS-23923: Email REST API out of beta
* NEXUS-24288: OSS Index Link Integration (OSS Only)
* Sat Jun 13 2020 Julio González Gil - 3.24.0.02-1- Update to Nexus 3.24.0-02- Bugfixes:
* NEXUS-17288: Image broken on logger edit
* NEXUS-19529: viewing the UI repositories list will trigger s3 blobstore metrics retrieval even if that blobstore is not used
* NEXUS-23071: /beta/repositories/{format}/group/{repositoryName} example model is wrong
* NEXUS-23082: Update embedded Java version to latest Java 8
* NEXUS-23418: rest api proxy repository httpClient authentication does not take effect
* NEXUS-23551: Yum Authenticating against RHEL servers in AWS
* NEXUS-23712: items added or removed from yum metadata files when metadata is rebuilt may not be logged
* NEXUS-23761: beta/repositories/{format}/hosted/{repositoryName} has invalid parameters in example
* NEXUS-23800: Race condition in lazy maven metadata rebuild causes build failures, slow builds
* NEXUS-23872: Unable to set repository HTTP client auth via REST
* NEXUS-23903: long running database queries for docker repositories can lead to thread and db connection pool exhaustion
* NEXUS-23980: \'USER_ROLE_MAPPING\' was not found in database \'component\' exceptions seen with docker- Improvements:
* NEXUS-23588: Repository Management API missing yum proxy
* NEXUS-23650: Allow REST API to Enable/Disable Anonymous Access
* NEXUS-23798: REST API to enable User Tokens
* NEXUS-23854: Export for Raw and Maven formats (Pro Only)
* NEXUS-23870: \"Node already has an asset\" for browse tree rebuild should not fail Transactions status check
* NEXUS-23897: Memory settings in docker image are too low
* NEXUS-23970: NuGet v3 Hosted
* NEXUS-24091: REST API for Cocoapods repositories
* NEXUS-24092: REST API for Raw repositories
* NEXUS-24093: REST API for RubyGems repositories
* Wed May 06 2020 Julio González Gil - 3.23.0.03-1- Update to Nexus 3.23.0-03- Bugfixes:
* NEXUS-23360: Docker: Infinite loop for authorization to registry.connect.redhat.com
* NEXUS-23548: Helm Chart Repository API version format incorrect
* NEXUS-20349: NuGet repository returns multiple versions as islatest=true
* NEXUS-23420: NonResolvablePackageException thrown when downloading a package through the PyPI group
* NEXUS-23398: Retrieval of some packages from PyPI fails
* NEXUS-23487: PyPI repository returns 500 error response if remote returns an invalid response.
* NEXUS-23379: Invalid content returned through proxy prevents valid content from being retreived
* NEXUS-23616: Blob Store API allows users to create a blobstore without path- Improvements:
* NEXUS-11468: Import for Raw and Maven formats (requires Pro license)
* NEXUS-16954: Nexus Intelligence via npm audit
* NEXUS-21087: (Docker) Support OCI registry format
* NEXUS-23436: Clearer anonymous panel for upgrade wizard
* Fri Apr 17 2020 Julio González Gil - 3.22.1.02-1- Update to Nexus 3.22.1-02- Bugfixes
* CVE-2020-11753: Improper access controls allowed privileged user to craft requests in such a manner that scripting tasks could be created, updated or executed without use of the user interface or REST API
* NEXUS-23281: Requesting a SNAPSHOT artifact from a RELEASE Repo returns HTTP 400
* NEXUS-23348: SAML - New UI Login SSO Button does not respect the nexus-context-path
* NEXUS-23352: Conan integration in 3.22.0 does not handle Header Only packages
* NEXUS-23359: SAML - NPE thrown if IdP metadata does not contain SingleLogoutService element
* NEXUS-23399: NuGet v3 proxy repository will not serve cached content if remote is blocked
* NEXUS-23441: Already cached NuGet v2 proxy repository content will return 502 if Component Max Age expires and the remote is not available
* NEXUS-23504: Privileged user can create, modify and execute scripting tasks
* NEXUS-23556: CVE-2020-11415: LDAP system credentials can be exposed by admin user- Improvements:
* NEXUS-23396: Admin - Cleanup repositories using their associated policies task should lazily mark maven metadata for rebuild
* Sat Mar 28 2020 Julio González Gil - 3.22.0.02-1- Update to Nexus 3.22.0-02- Bugfixes
* CVE-2020-11444: Improper access controls allowed authenticated users to craft requests in such a manner that configuration for other users in the system could be affected
* NEXUS-16159: \"Require user tokens for repository authentication\" now enforced properly
* NEXUS-19437: a blobstore in any other state than STARTED cannot be removed
* NEXUS-21011: Compact blob store task cannot hard delete blob assets when the blobstore is out of space
* NEXUS-21808: DockerTokenDecoder.dumpToken(String) method may fail to parse docker bearer tokens causing IndexOutOfBoundsException
* NEXUS-22054: \"Repair - reconcile component database from blob store\" task does not remove invalid component db references.
* NEXUS-22245: Cannot Delete NPM Scoped Folder via UI
* NEXUS-22602: Running metadata rebuild task with GA restrictions fails
* NEXUS-22666: concurrent uploads to the same maven GA may result in 500 response due to OConcurrentModificationException
* NEXUS-22669: First staging move to npm hosted repo fails with 500 error.
* NEXUS-22729: Cleanup Policy task results in removal of maven-metadata from non-timestamped snapshots
* NEXUS-22760: POST /service/extdirect/poll/rapture_State_get lists all tasks from the database
* NEXUS-22770: Change in stored Pypi proxy package paths creates duplicate assets and breaks browse node creation
* NEXUS-22802: AnonymousSettings.jsx does not respect nexus-context-path
* NEXUS-22853: Too many tasks scheduled if an upgrade requires rebuilding the browse_node table
* NEXUS-22896: performance regression in search REST API
* NEXUS-23048: Problem proxying NuGet packages hosted by GitHub Packages
* NEXUS-23072: Anonymous Access icon missing
* NEXUS-23104: Offline repositories allow UI upload
* NEXUS-23236: org.sonatype.nexus.quartz.internal.orient.JobStoreImpl is a concurrency bottleneck
* NEXUS-23272: Inability to add
* permission to user on 3.21.2- Improvements
* NEXUS-5716: add a way to configure default privileges for any signed-in users
* NEXUS-20939: SAML integration
* NEXUS-22820: Process search index updates in the background in a non-blocking fashion
* NEXUS-21910: Additional REST provisioning support for npm, NuGet and PyPI repositories
* Tue Mar 24 2020 Julio González Gil - 3.21.2.03-1- Update to Nexus 3.21.2-03- Bugfixes
* NEXUS-23205: Disabled Groovy Scripting By Default. In order to make NXRM more secure, Groovy scripting engine is now disabled by default. This affects Groovy scripts as used through the REST API and through scheduled tasks. Scripts which are present from an upgraded version will continue to be executable but their script source will not editable. For more information (including how to re-enable Groovy scripting), see https://issues.sonatype.org/browse/NEXUS-23205
* Sat Feb 29 2020 Julio Gonzalez Gil - 3.21.1.01-1- Update to Nexus 3.21.1-01- Remove a broken menu entry incorrectly appearing for some users
* Sat Feb 29 2020 Julio Gonzalez Gil - 3.21.0.05-1- Update to Nexus 3.21.0-05- Bugfixes:
* NEXUS-18186: Disabling redeploy for a private Docker repo breaks the \"latest\" tag
* NEXUS-21730: Audit log does not log all attributes for repository change events
* NEXUS-21329: \"Remove a member from a blob store group\" task processes missing files in the source blob store
* NEXUS-18905: Cleanup tasks fail with \"No search context found for id\" error
* NEXUS-13306: Usernames containing non URL safe characters cannot authenticate using the Crowd realm
* NEXUS-16009: Browse tree for NuGet proxy repositories shows packages that are not locally cached
* NEXUS-22051: PyPI group merge is not case sensitive
* NEXUS-22351: R PACKAGES file lost on upgrade to 3.20.x
* NEXUS-17477: Unable to install hosted gem which has multiple version requirements
* NEXUS-22052: Yum Metadata not rebuilt after staging deletion of rpm- Improvements:
* NEXUS-11730: Support for proxying p2 repositories. p2 is a technology for provisioning and managing Eclipse- and Equinox-based applications
* NEXUS-13325: Helm is the first application package manager running atop Kubernetes(k8s). It allows describing the application structure through convenient helm-charts and managing it with simple commands
* NEXUS-10886: NuGet V3 Proxy support gives Nexus Repository Manager users access to the up-to-date V3 API. This is the first part of a wider initiative to bring full V3 support, group and hosted will follow in future releases
* NEXUS-16251: Provide a common facility to allow RPM clients to get GPG keys to verify package signatures in remote repositories.
* NEXUS-13434: Provide npm cli ping support
* Fri Feb 28 2020 Julio Gonzalez Gil - 3.20.1.01-2- Clean up spec and fix to build all distributions at OpenBuildService- Enable building and installation for Amazon Linux >= 2- Enable building and installation for for openSUSE Tumbleweed/Factory
* Mon Jan 27 2020 Julio Gonzalez Gil - 3.20.1.01-1- Update to Nexus 3.20.1-01- Bugfixes:
* NEXUS-22249: An error may occur when starting NXRM Pro due to race condition around the license loading.
* NEXUS-22241: During the upgrade process from older releases (3.19.0 and before), NXRM may throw an exception when updating PyPI database configuration.
* Mon Jan 27 2020 Julio Gonzalez Gil - 3.20.0.04-1- License for Nexus OSS is EPL-2.0 as stated at https://blog.sonatype.com/2012/06/nexus-oss-switched-to-the-eclipse-public-license-a-clarification-and-an-observation/ and it is since 2012. Mistake inherited from the original packages from Jens Braeuer.- Update to Nexus 3.20.0-04- Bugfixes
* NEXUS-21311: Yum and CentOS 8
* NEXUS-21371: npm package metadata does not return correct status code sometimes
* NEXUS-19811: Offline and misconfigured blob store should be noted in UI
* NEXUS-21368: Proxy repository removes get-params from HTTP sources
* NEXUS-22144: Slow performance displaying content selectors in UI
* NEXUS-21306: Cannot proxy Docker repository on Bintray
* NEXUS-21315: Extremely slow processing in \"Docker - Delete unused manifests and images\" task
* NEXUS-21672: Group repo with proxy repo member to remote group repo responds 404 when remote group repo responds \"403 Requested item is quarantined\"
* NEXUS-18117: PyPI ignoring python_requires metadata
* NEXUS-20705: Index can contain absolute URLs which bypass Nexus Repository Manager
* NEXUS-21589: Repository health check can fail if the same asset exists in more than one repository
* NEXUS-14233: Support managing Realms via the REST API
* NEXUS-21138: Snapshot remover leaves maven-metadata.xml files deleted for a long time, breaking builds
* NEXUS-12488: Remote https repository with TLS client certificate loaded in NXRM JVM keystore not trusted
* NEXUS-20140: 500 Server Error shown in Chrome console when accessing Support Status page- Improvements
* NEXUS-20269: jetty-http-redirect-to-https.xml removed and its use discouraged Startup will fail if your configuration references jetty-http-redirect-to-https.xml Check https://support.sonatype.com/hc/en-us/articles/360037845633 if that is the case
* NEXUS-19424 : Ability to Clean Up by \"Never downloaded\"
* NEXUS-9837: R Format Support
* NEXUS-12456: Enhanced npm login for private repository usages
* NEXUS-13433: npm whoami support
* NEXUS-20268: HSTS enabled by default for Inbound Jetty HTTPS connectors See https://support.sonatype.com/hc/en-us/articles/360024943193
* Thu Oct 17 2019 Julio Gonzalez Gil - 3.19.1.01-1- Update to Nexus 3.19.1-01- Bugfixes
* NEXUS-21381: Prevent Docker Proxy Repository throwing null pointer exceptions and blocking some image pulls after upgrade
* Thu Oct 17 2019 Julio Gonzalez Gil - 3.19.0.01-1- Update to Nexus 3.19.0-01- Bugfixes
* NEXUS-10679: NPM repos don\'t handle HEAD requests
* NEXUS-19102: Unable to proxy private Azure (ACR) registry- Improvements
* NEXUS-19970: CocoaPods Format Support
* NEXUS-19866: Conda Format Support
* NEXUS-9862: New abilities for adding and removing \"distribution tags\" into npm metadata via the npm CLI
* NEXUS-17797: S3 peerformance improvements, support for encrypted S3 buckets, use of custom encryption keys, simplified permission testing, and essential improvements to storage space metrics
* NEXUS-19120: Added support for Docker Foreign Layers. Nexus Repository Manager users can now proxy docker images with foreign layers when pulling Microsoft Windows images.
* NEXUS-19144, NEXUS-19142, NEXUS-19143, NEXUS-19145, NEXUS-19146, NEXUS-16734: Enhanced REST API endpoints for initial provisioning and maintenance of Nexus Repository Manager
* NEXUS-20682: Go Format Data Integration
* NEXUS-19525: Multi-policy Cleanup
* Tue Aug 20 2019 Julio Gonzalez Gil - 3.18.1.01-1- Update to Nexus 3.18.1-01- Bugfixes
* NEXUS-20674: Fixed an exception occurring when a user manually logs out of the user interface.
* NEXUS-19235: Propagates the quarantine status code when NXRM proxies another NXRM with Firewall enabled.
* Mon Aug 19 2019 Julio Gonzalez Gil - 3.18.0.01-1- Update to Nexus 3.18.0-01- Bugfixes
* NEXUS-10252: \"Invalid authentication ticket\" error on password change
* NEXUS-14729: Regression: Nexus 3 returns 501, 400 and 204 responses for MKCOL requests
* NEXUS-15878: UI poll requests iterates over all privileges.
* NEXUS-19618: Expensive, error prone check done for content validation of checksums
* NEXUS-20014: browse operations can be slower than expected with many content selectors
* NEXUS-20104: OrientDB database backups default compression level and buffer size are not optimized
* NEXUS-20139: Repair - Rebuild repository search queries are not optimized, potentially impacting other search operations
* NEXUS-20360: request.log is no longer included in support zips
* NEXUS-20453: Browse operations can be very slow when using content selector permissions
* NEXUS-20479: Stored XSS Vulnerabilities (eventually public)- Improvements
* NEXUS-19954: Increase the default maximum heap and direct memory sizes
* NEXUS-20100: allow customizing compression level and buffer size of Orient database checkpoint during upgrade using system properties
* Fri Aug 16 2019 Julio Gonzalez Gil - 3.17.0.01-1- Update to Nexus 3.17.0-01- Password for admin user at new installations is now random and can be found at /var/lib/nexus3/admin.password (https://help.sonatype.com/repomanager3/installation/post-install-checklist for more details)
* Fri Aug 16 2019 Julio Gonzalez Gil - 3.16.2.01-1- Update to Nexus 3.16.2-01
* Fri Apr 26 2019 Julio Gonzalez Gil - 3.16.1.02-1- Update to Nexus 3.16.1-02
* Fri Apr 26 2019 Julio Gonzalez Gil - 3.16.0.01-1- Update to Nexus 3.16.0-01
* Tue Mar 12 2019 Julio Gonzalez Gil 3.15.2.01-1- Update to Nexus 3.15.2-01
* Sat Jan 26 2019 Angelo Verona - 3.15.1.01-1- Update to Nexus 3.15.1-01- Do not replace modified config files
* Mon Jan 14 2019 Angelo Verona - 3.15.0.01-1- Update to Nexus 3.15.0-01
* Mon Oct 29 2018 Wojciech Urbański - 3.14.0.04-1- Update to Nexus 3.14.0-04
* Tue Sep 04 2018 Wojciech Urbański - 3.13.0.01-1- Update to Nexus 3.13.0-01
* Mon Jun 25 2018 Julio Gonzalez - 3.12.1.01-1- Update to Nexus 3.12.1-01
* Sat May 26 2018 Anton Patsev - 3.12.0.01-1- Update to Nexus 3.12.0-01
* Fri May 11 2018 Anton Patsev - 3.11.0.01-1- Update to Nexus 3.11.0-01
* Fri Apr 20 2018 Pavel Zhbanov - 3.10.0.04-1- Update to Nexus 3.10.0-04
* Sat Mar 10 2018 Julio Gonzalez - 3.9.0.01-1- Update to Nexus 3.9.0-01
* Sat Mar 10 2018 Julio Gonzalez - 3.8.0.02-1- Update to Nexus 3.8.0-02
* Tue Jan 02 2018 Julio Gonzalez - 3.7.1.02-1- Update to Nexus 3.7.1-02
* Tue Jan 02 2018 Julio Gonzalez - 3.7.0.04-1- Update to Nexus 3.7.0-04- Warning: 3.7.0-04.1 is affected by issue https://issues.sonatype.org/browse/NEXUS-15278, it is highly recommended you install 3.7.1-02-1 if you have offline repositories
* Sat Dec 30 2017 Anton Patsev - 3.6.2.01-2- Stop requiring sysvinit compatibility for systemd- Add systemd service
* Thu Dec 28 2017 Julio Gonzalez - 3.6.2.01-1- Start using Fedora/RHEL release conventions- Fix problems on RPM removals- Make the package compatible with SUSE and openSUSE
* Sun Dec 24 2017 Julio Gonzalez - 3.6.2-01- Update to Nexus 3.6.2-01
* Sat Dec 02 2017 Anton Patsev - 3.6.0-01- Update to Nexus 3.6.1-02- Fix source- Use package name to configure user to run Nexus- Require Java 1.8.0
* Sat Dec 02 2017 Julio Gonzalez - 3.6.0-02- Update to Nexus 3.6.0-02
* Sat Dec 02 2017 Julio Gonzalez - 3.5.2-01- Update to Nexus 3.5.2-01
* Sat Dec 02 2017 Julio Gonzalez - 3.5.1-02- Update to Nexus 3.5.1-02
* Thu Aug 03 2017 Julio Gonzalez - 3.5.0-02- Update to Nexus 3.5.0-02
* Sat Jul 29 2017 Julio Gonzalez - 3.4.0-02- Update to Nexus 3.4.0-02
* Sat Jul 29 2017 Julio Gonzalez - 3.3.2-02- Update to Nexus 3.3.2-02
* Sat May 20 2017 Julio Gonzalez - 3.3.1-01- Update to Nexus 3.3.1-01
* Sat May 20 2017 Julio Gonzalez - 3.3.0-01- Update to Nexus 3.3.0-01
* Sat May 20 2017 Julio Gonzalez - 3.2.1-01- Update to Nexus 3.2.1-01
* Sat May 20 2017 Julio Gonzalez - 3.2.0-01- Update to Nexus 3.2.0-01
* Sat Nov 12 2016 Julio Gonzalez - 3.1.0-04- Update to Nexus 3.1.0-04
* Fri Apr 08 2016 Julio Gonzalez - 3.0.0-03- Initial packaging for Nexus 3.x
  
ICM