SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for nexus3-3.70.2.01-1.fc42.14.x86_64.rpm :

* Fri Sep 06 2024 Julio González Gil - 3.70.2.01-1- Update to 3.70.2-01- Fix for a Database Migrator issue that caused some users to see duplicate key errors after migrating from OrientDB to H2- WARNINGS:
* 3.70.2 is the final version supporting OrientDB, Java 8, and Java 11. 3.71.0+ will require either an H2 or PostgreSQL database and Java 17. This means that this is the latest release that will build for CentOS7 or any other clones from third party providers.
* Wed Aug 28 2024 Julio González Gil - 3.70.1.02-1- Update to 3.70.1-02- Fix for UI issues with custom context path in Nexus Repository 3.70.0 This issue only impacted the UI and did not impact other functionality such as for example requests for components.
* Thu Jul 11 2024 Julio González Gil - 3.70.0.03-1- Update to Nexus 3.70.0-03- WARNINGS:
* 3.70.0 is the final version supporting OrientDB, Java 8, and Java 11. 3.71.0+ will require either an H2 or PostgreSQL database and Java 17. This means that this is the latest release that will build for CentOS7 or any other clones from third party providers.
* 3.70.0 upgrades the embedded H2 database to version 2.2.244. As there are considerable changes between version 1.4.200 and 2.2.244, those using an H2 database will need to take some additional steps to upgrade to Nexus Repository 3.70.0 3.69.0, added an \"Admin - Export SQL database to script task\" you can use to create a SQL script export of your H2 database. If you are using an H2 database, you will need to run this task and follow the instructions at https://help.sonatype.com/en/upgrade-h2.html instructions in order to upgrade to release 3.70.0. This means that you must upgrade to version 3.69.0 before upgrading to 3.70.0+ If you are unsure what database your deployment is using, follow the help documentation for determining your current database: https://help.sonatype.com/en/migrating-to-a-new-database.html#determining-current-database-162010- Bugfixing:
* NEXUS-43307: Updated documentation to accurately state that access to SAML UI and API requires nx-all privileges
* NEXUS-42854: The npm view command works as expected for scoped packages
* NEXUS-42336: Database records that cause exceptions during database migration are appropriately logged
* NEXUS-39818: Running npm audit should no longer result in unexpected exceptions
* NEXUS-39799: In Yum repositories, all pathnames in the filelist.xml.gz file are properly escaped
* NEXUS-39462: If an asset’s format is incorrect, the Database Migrator will continue with migration and skip corrupted records
* NEXUS-22888: Added componentId validation when trying to view an asset that does not have a component. If the componentId is an empty string, string of blank spaces, null, or undefined, then the LifeCycle Component panel is not displayed- Improvements:
* Create and Manage Cleanup Policies via New REST API (PRO Only) https://help.sonatype.com/en/cleanup-policies-api.html
* Create and Manage Tasks via API (PRO Only) https://help.sonatype.com/en/tasks-api.html
* Retrieve and Set IQ Audit and Quarantine Statuses via API (PRO Only) https://help.sonatype.com/en/lifecycle-api.html
* New Database Migrator Flow to improve performance and reliability. Check https://help.sonatype.com/en/migrating-to-a-new-database.html for the new steps for migrating your database If you need to use an older version of the Database Migrator, you can still read the legacy database migrator documentation at https://help.sonatype.com/en/legacy-database-migration.html
* Thu Jun 06 2024 Julio González Gil - 3.69.0.02-1- Update to Nexus 3.69.0-02
* NEXUS-42786: Exporting npm assets with application/x-gzip content type now works as expected
* NEXUS-42560: The YumAbsouteUrlRemover no longer recalculates or updates checksums for XML files containing the xml:base attribute; this change greatly improves performance
* NEXUS-42434: Adjusted all places in AuditDTO where ObjectMapper was instantiated to use the injected global mapper. Users should no longer see errors in the logs when uploading assets
* NEXUS-42411: Database Migrator: Reduced log noise by adjusting the ProcessChunkListener to log migration progress in time intervals (e.g., showing how many records were migrated each 10 seconds)
* NEXUS-42409: Firewall works with Conda format as expected
* NEXUS-42276: The System Information page appears as expected with no NullPointerException
* NEXUS-41974: Running the \"Cleanup unused asset blobs\" task and \"Staging move\" in parallel now works as expected
* NEXUS-41862: Nexus Repository logs for deployments using PyPI Policy-Compliant Component Selection now only include filtered versions
* NEXUS-41692: User tokens for Crowd-backed users now use auth caching as expected
* NEXUS-41385: Downloading files through a proxy PyPI repository no longer leaves files in the blob store’s temporary directory
* NEXUS-41374: Nexus Repository no longer logs an ERROR message when a remote PyPI repository does not have a requested package
* NEXUS-41250: The nx-tasks-run privilege details in the Nexus Repository user interface no longer display an error under the Actions section
* NEXUS-41218: Added a property to nexus.properties that users may configure in order to reduce overly verbose audit logging for NuGet v2 on deployments using PostgreSQL. To turn off attributes logging, add the following to: nexus.properties: nexus.audit.attribute.changes.enabled=true
* NEXUS-41403: Reduced excessive Database Migrator logging
* NEXUS-39085: To ensure consistency across the REST API, we updated all asset ID formats to use only the long ID
* NEXUS-37307: The Crowd realm user cache is now used for npm client bearer token-authenticated requests
* NEXUS-36248: As mentioned in the improvements above, we have extended the users API to allow you to include a realm parameter when deleting a user
* NEXUS-31205: Adjusted support zip algorithms to not truncate any support zip files other than log files
* NEXUS-26828: When a remote Docker repository indicates that something is “not found,” the proxy repository no longer logs a WARN message
* NEXUS-23052: As mentioned in the improvements above, Administrators can now delete cached authenticated SAML user records via user administration section in the Sonatype Nexus Repository user interface
* NEXUS-17740: Created a \"Repair - Recalculate blob store storage task\" that can be run if blob store blob count and total size display incorrect information. This is a slow-running task and should be used with careful consideration of available system resources. See the published performance testing for details: https://help.sonatype.com/en/recalculate-blob-store-storage-performance-testing.html- Improvements
* Java 17 Support for Deployments Using H2 or PostgreSQL Databases, but not OrientDB (PRO Only) NOTE: This package is still based in Java 8 for the time being.
* Configure User Token Expiration (PRO Only)
* SAML Integration Improvements: + You can now optionally specify a user realm source when deleting a user via the Users API + Administrators can also now delete cached authenticated SAML user records via user administration section in the Sonatype Nexus Repository user interface
* If a user\'s IdP field mappings change, Nexus Repository now automatically updates the user’s profile to show the new values
* Dependency Updates in 3.69.0: + org.bouncycastle: bcprov-jdk15to18 upgraded from 1.75 to 1.78.1
* Fri May 17 2024 Julio González Gil - 3.68.1.02-1- Update to Nexus 3.68.1-02- Bugfixing:
* CVE-2024-4956: Fix for a critical vulnerability impacting all Sonatype Nexus Repository 3 deployments. This vulnerability can allow a specially crafted URL to return any file as a download, including system files outside of Nexus Repository application scope. See https://support.sonatype.com/hc/en-us/articles/29416509323923 for more details
* Fri May 17 2024 Julio González Gil - 3.68.0.04-1- Update to Nexus 3.68.0-04- Bugfixing:
* NEXUS-42263: SHA256 checksums are now generated for Helm in PostgreSQL environments
* NEXUS-42006: Resolved an API issue related to policy-compliant component selection for PyPI where waived components were mistakenly returned as quarantined
* NEXUS-41997: A DEBUG level logger is no longer required to see a DataAccessException message in the DatabaseDistributedCooperationRegistry
* NEXUS-41903: Made various performance improvements for HA deployments
* NEXUS-41602: Resolved improper realm caching for Conan
* NEXUS-41486: Components REST API works as expected for group repositories in PostgreSQL deployments
* NEXUS-41451: Users are able to reset their user tokens as expected in environments using remote user tokens
* NEXUS-41442: NuGet \"is_latest_version\" and \"is_absolute_latest_version\" attributes update as expected during staging moves
* NEXUS-41403: Database Migrator: Resolved an issue that was causing excessive DB Migrator logging
* NEXUS-41384: Namespace confusion protection works as expected for PyPI and RubyGems repositories in deployments using a Postgres database
* NEXUS-41372: Resolved an issue that was sometimes causing the compact blob store task to cause an out-of-memory error
* NEXUS-41337: Database Migrator: Resolved an issue that was causing database migration to fail and misreport problem records on ERROR: insert or update on table \"_asset\" violates foreign key constraint \"fk__asset_blob.\"
* NEXUS-41334: Nexus Repository now creates a single task rather than multiple tasks when migrating Yum metadata into the database during upgrade
* NEXUS-41285: User tokens work on Yum group repositories as expected when Require User Tokens for Repository Authentication is enabled
* NEXUS-40344: Requests for GA-level metadata that needs to be rebuilt no longer automatically starts a rebuild of the full metadata tree
* NEXUS-39956: Removed \"nexus-hazelcast-plugin\" from the source tree
* NEXUS-39507: Improved error messaging when users attempt to use Import/Export across different Nexus Repository versions; as stated in the Import help documentation (https://help.sonatype.com/en/repository-import.html), Nexus Repository does not support importing files from an older Nexus Repository version
* NEXUS-38651: Uploading to a raw repository with PUT will generate md5, sha1, sha256, and sha512 checksums. This is introduced as a new feature but also recorded in this table for customers who were following this issue ID
* NEXUS-38451: Made adjustments so that Nexus Repository generates fewer browseComponentAssets SQL queries when finding packages by ID in NuGet v2 proxy repositories
* NEXUS-34192: Resolved an issue with SAML authentication related to the NXSESSIONID
* NEXUS-31745: Improved error messaging on Tag API when invalid continuation token is passed in- Improvements:
* Nexus Repository Pro deployments using a PostgreSQL database can now see repository sizes displayed in the repositories listing under \"Administration → Repository → Repositories\" (PRO Only)
* Uploading to Raw Repository with API now also generates SHA256 and SHA512 Checksums
* When creating a new role or modifying the applied privileges and roles for an existing role, administrators can now use an asterisk as a wildcard in the search bar
* Users and administrators can now see more detailed information about the \"Repair - Rebuild repository browse\" task’s progress as it runs. The task management table under \"Administration → Tasks\" now displays the task’s completion percentage to provide more insight into how long the task will take to complete. We will continue to add this functionality in future for additional tasks
* Sunsetting of Legacy High Availability Clustering. HA-C is fully removed from Nexus Repository, and additional features or bug fixes related to legacy HA-C will no longer be provided. Sonatype Support will provide best-effort guidance to help PRO customers adopting one of the newer High Availability deployment solutions. Se also help documentation for: + Migrating to an HA deployment from Legacy HA-C https://help.sonatype.com/en/migrating-to-an-ha-deployment-from-a-legacy-ha-c-or-a-resilient-deployment.html + Migrating from legacy HA-C to a single instance deployment https://help.sonatype.com/en/migrating-from-legacy-ha-c-to-a-single-instance.html Nexus Repository will not start for any deployments that use legacy HA-C, ensure you have migrated off of legacy HA-C before upgrading to version 3.68.0 or beyond
* Dependency Updates in 3.68.0: + Updated axios from 0.21.4 to 0.27.2 + Updated jackson2 from 2.15.3 to 2.17.0
* Thu Apr 11 2024 Julio González Gil - 3.67.1.01-1- Update to Nexus 3.67.1-01- Bugfixing:
* Critical Bug Fixes: Release 3.67.1 fixes two bugs found in the 3.67.0 release: One impacting those who upgraded to 3.67.0 and then modified any previously existing Docker or Maven cleanup policies that were configured to retain select recent versions, and one preventing Docker subdomain routing from functioning- Deprecation notice:
* The legacy HA-C feature (Upcoming High Availability Clustering (HA-C) Sunset) will be sunset on April 17, 2024. The next release will remove the HA-C functionality in our May release. If you are still using HA-C, you should follow https://help.sonatype.com/en/migrating-to-an-ha-deployment-from-a-legacy-ha-c-or-a-resilient-deployment.html
* Wed Apr 10 2024 Julio González Gil - 3.67.0.03-2- No code changes, only two important caution notes from Sonatype. I decided to create 3.67.0.03-2 so users already in 3.67.0.03-1 at least can get this warning on the changelogs. Sonatype decided to just remove Nexus 3.67.0-03 (tagged as 3.67.0.03-1 for the RPM) from their site.- Sonatype is aware of a critical known cleanup policy issue in 3.67.0 impacting those who meet the following criteria:
* You had previously configured a cleanup policy with the ability to retain select latest versions (feature introduced in 3.65.0)
* You recently upgraded to 3.67.0
* You then modified a cleanup policy that had previously included the ability to retain select latest versions This issue prevents cleanup policies from honoring the configured ability to retain select latest versions. Running the \"Admin - Cleanup repositories using their associated policies\" task may soft delete more than intended, which would result in full removal should the \"Admin - Compact blob store\" task then run. CAUTION: If you meet the above criteria, DO NOT RUN the \"Admin - Compact blob store\" task CAUTION: If you have upgraded to 3.67.0 and are using cleanup policies with the ability to retain select latest versions, do not modify your cleanup policies- Sonatype is aware of a known issue preventing our Docker Subdomain Routing feature from functioning in Sonatype Nexus Repository 3.67.0 CAUTION: If you are using Docker Subdomain Routing, do not upgrade to 3.67.0 Sonatype announced they will release a fix for this issue as soon as possible
* Sun Apr 07 2024 Julio González Gil - 3.67.0.03-1- Update to Nexus 3.67.0-03- Bugfixing:
* NEXUS-41832: Database Migrator: Fixed an issue that was causing some migrations to a PostgreSQL or H2 database to fail due to incorrect asset_blob_id values when assets only differed by a version number in their paths
* NEXUS-41312: Resolved an issue that was causing expensive queries from getComponentCount
* NEXUS-41286: Resolved an issue that was causing an internal task to throw an error when running in some large deployments
* NEXUS-41269: Support zips from deployments using PostgreSQL that was configured using system properties now display information as expected
* NEXUS-41263: Added logging for routing rule blocked requests done via group repository
* NEXUS-40997: Added an error message to the UI that displays when a user without the correct privileges attempts to save a content selector
* NEXUS-40952: The security/users///user-token-reset REST API will now provide a 400 error if the realm passed is invalid. The users REST API can accept the following realm names associated with user tokens: LdapRealm, Crowd, SamlRealm, and NexusAuthenticatingRealm.
* NEXUS-36989: Selecting the Analyze Application button in component details now displays the expected form- Improvements:
* Java 11 Support. Nexus 3.67.0 allows running on top of Java 11, but for now the package will remain using Java 1.8 by default until a future update, probably some time after CentOS7 is end of life
* Updated Groovy dependency from 2.4.17 to 3.0.19
* Updated PostgreSQL database driver from 42.6.0 to 42.7.2
* Fri Mar 08 2024 Julio González Gil - 3.66.0.02-1- Update to Nexus 3.66.0-02- Bugfixing:
* NEXUS-41360: Database Migrator: Resolved an issue that was causing some older versions of the Database Migrator to require very high heap
* NEXUS-41096: Added a new script to the help documentation for those on PostgreSQL or H2 migrating from LDAP to SAML user tokens
* NEXUS-41062: The merged metadata summary on the Browse screen now shows the correct information for group Maven repositories
* NEXUS-41068: Resolved an issue where the support zip download was not working as expects in HA environments with a nexus-context-path
* NEXUS-41052: The metadata for hosted npm repositories in PostgreSQL deployments no longer duplicates the \"_id\" property
* NEXUS-40983: NuGet searches with the -PreRelease option now return the expected results
* NEXUS-40900: Fixed an issue with HA nodes upgrading before nodes with older versions have been shut down. Startup will halt with a warning until the older nodes have been gracefully shut down
* NEXUS-40673: Resolved an issue where a 403 error message was displayed on the welcome page for anonymous users
* NEXUS-40612: Disabling the usage metrics flag will also remove the metric aggregation task
* NEXUS-40377: The custom search page will no longer display uncaught type errors when adding new criteria
* NEXUS-39915: The migration of asset timestamp metadata will now be done as expected for raw repositories when moving from Nexus Repository 2 to 3. A fix for Maven and NuGet will be covered in a future release
* NEXUS-39677: The blob store API now returns 404 response codes for non-existent S3 type blob store names
* NEXUS-38842: The export assets task no longer logs WARN messages when running correctly
* NEXUS-35478: The Swagger API UI documentation for repositories will now show that the \"blobStoreName\" parameter is mandatory
* NEXUS-32494: Database Migrator: The database migrator tool will not run for incompatible older versions of Nexus Repository while returning a message to upgrade
* NEXUS-31786: Database Migrator: The database migrator tool now includes more details on assets when logging errors
* NEXUS-28593: The InterruptedException will no longer be logged when recording a successful audit event
* NEXUS-26581: Export will no longer report errors when the directory has not been pre-created- Improvements:
* Usage Alerts for Deployments Using Embedded Databases (PRO Only) To help customers identify when it is time to evaluate their deployment model, Sonatype Nexus Repository OSS and Pro deployments that use an embedded database (OrientDB or H2) will now see in-product warnings when usage levels approach or exceed certain thresholds
* Visual Progress Tracking forRepair - Rebuild repository browseTask When running the \"Repair - Rebuild repository browse\" task, the Status updates to show users how many assets are completed out of the total number of assets that must be processed. This improvement applies to deployments using PostgreSQL and H2 databases only
* User Interface Improvements for Roles User interface is modified to move away from the previous transfer list methodology. Now, administrators will see a single column listing applied privileges and a button to modify the privileges applied to that role. Selecting the button opens a modal where administrators can filter by keyword and select privileges to apply to that role
* Dependency changes: + org.jboss.resteasy: resteasy-multipart-provider: 3.15.3.Final upgraded to 3.15.6.Final + AWS SDK dependencies upgraded from from 1.12.299 to 1.12.658
* Fri Feb 09 2024 Julio González Gil - 3.65.0.02-1- Update to Nexus 3.65.0-02- Bugfixing:
* Many improvements to component search in high availability (HA) environments in this release to make searching and tagging more precise. Due to these changes, the same search query should now return fewer but more precise results Please keep this behavior change in mind when looking at your previously configured search and tagging queries Please also see the HA search differences documentation for full details about how HA search differs from non-HA search: https://help.sonatype.com/en/high-availability-deployment-options.html#search-feature-differences-in-an-ha-environment-161963
* NEXUS-34334: If the rebuild index task triggers an ElasticSearchException, one repository failing will no longer prevent task completion or affect the other repositories. Added an error message to alert the user if a repository does fail
* NEXUS-34968: Attempting to download an asset with a missing blob from a proxy repository in a PostgreSQL or H2 deployment no longer results in an immediate 500 error. Sonatype Nexus Repository automatically attempts to re-fetch the asset from remote as expected
* NEXUS-36807: Made changes to improve cleanup policy preview performance
* NEXUS-39665: Resolved an issue that was preventing some installations of a package from a group repository with a certain private proxy repository member
* NEXUS-39881: The package-specific index page for a Python package requested from a proxy repository now displays the non-truncated package name as expected
* NEXUS-40111: Resolved an issue that was causing some Yum assets to be shown as \"components\" in the Sonatype Nexus Repository UI
* NEXUS-40213: Addressed an issue impacting HA deployments where tokens after a wildcards in component searches were being dropped (e.g. for searches like “nexus
*core”).
* NEXUS-40378: Searching components by exact tag in an HA environment now returns an exact match as expected
* NEXUS-40680: Associating a tag with a component used to operate on a loose match; it now uses an exact match as expected. For example, associating a tag with a .jar with the version \"1.0.0\" used to associate that tag with all components that had \"1.0.0\" in the version number. Now, it will associate with the exact version match only unless you use a wildcard
* NEXUS-40987: Resolved an issue that was causing some PostgreSQL HA deployments to have excessive errors written to logs despite requests working as expected
* NEXUS-40994: In HA environments, performing an exact-match search for components where the group ID or artifact ID contain an underscore now returns exact-match results as expected
* NEXUS-41211: Added clarifying documentation regarding changes in NuGet client compatibility with Sonatype Nexus Repository: Sonatype Nexus Repository release 3.43.0, added compatibility with official NuGet v2 clients. The supported subset of the legacy NuGet v2 protocol is the same as that supported by Microsoft\'s NuGet Gallery, http://nuget.org. Use cases that rely on the deprecated parts of the v2 API are not supported, including many common Chocolatey use cases and some custom OData queries- Improvements:
* Cleanup Policies for Maven and Docker Include Option to Retain Recent Versions (PRO Only) More powerful and flexible cleanup policies for Maven and Docker formats by allowing you to retain a certain number of most recent artifact versions regardless of if they meet other cleanup criteria Learn more about how to use this feature in the cleanup policies help documentation: https://help.sonatype.com/en/cleanup-policies.html
* Significant Cleanup Performance Improvements for Pro Deployments Using a PostgreSQL Database (PRO Only) Running the original cleanup feature often takes significant time. This release has changes to significantly improve cleanup performance for those using a PostgreSQL database. The new cleanup feature takes an average time per component of 10.6 ms versus 17.2 ms for the original cleanup feature With this release, all Sonatype Nexus Repository Pro deployments using a PostgreSQL database will use the new cleanup implementation For more information, check the detailed Cleanup Performance Data: https://help.sonatype.com/en/cleanup-performance-data.html
* Change Repository Blob Store Task Supports Group Repositories (PRO Only) While the \"Admin - Change repository blob store\" task originally supported hosted repositories only, Sonatype added support for using this task on proxy repositories last year. Now, Sonatype Nexus Repository Pro deployments on PostgreSQL databases can use this task on group repositories as well. Note that when you use this task on a group repository, it will only move metadata assets directly related to the group repository content id; it does not move or affect data in the repositories that are group members. Using this task on group repositories also requires a PostgreSQL database. Full details are available in the change repository blob store help documentation: https://help.sonatype.com/en/change-repository-blob-store.html
* Wed Jan 10 2024 Julio González Gil - 3.64.0.03-1- Update to Nexus 3.64.0-03- Bugfixing:
* NEXUS-23410: If previously configured SAML IdP field mapping values change, Sonatype Nexus Repository will update the user\'s profile with the new values as expected
* NEXUS-31215: Fixed an issue that was causing some PyPi assets to be missing from the Browse screen after migrating from OrientDB to PostgreSQL
* NEXUS-32028: Changed the logging level from WARN to DEBUG in the blobstore class that tracks attributes of an asset being accessed in an unexpected soft-deleted state. This will prevent spamming the main nexus.log with messages at a WARN level for operations considered normal when running the compact blob store task
* NEXUS-35207: Fixed an issue that was preventing the GA last-modified date from being updated in the maven-metadata.xml when deploying a new GAV in some instances after migrating from Sonatype Nexus Repository 2 to 3. As part of this fix, the Last Modified date is no longer visible in the Browse UI view; you can still tell when the maven-metadata.xml was last updated by looking at the Blob Updated date in the UI or using the REST API
* NEXUS-35741: Added validation to prevent users from updating an existing task with an invalid cron_expression
* NEXUS-35956: Resolved an issue that was breaking pagination when a given Docker repository is inside of a group
* NEXUS-38856: The NotFoundCache is not populated with paths when a repository is in an auto-blocked or manually blocked state
* NEXUS-39935: There is no longer an error when installing pods (\'OpenSSL-Universal\', \'1.1.1100\') via a Sonatype Nexus Repository 3 Cocoapods proxy repository
* NEXUS-40140, NEXUS-40712: The import and export tasks work as expected on npm assets without unexpectedly skipping any and while correctly preserving attributes
* NEXUS-40345: Resolved an issue that was preventing certain npm packages from being proxied from the official registry. This fix included the following dependency version changes: + upgraded jackson version from 2.15.0 to 2.15.3 + upgraded snakeyaml version from 2.0 to 2.2 + upgraded swagger version from 1.6.2 to 1.6.11
* NEXUS-40495: Increased the browse node sequence limit for H2 and PostgreSQL implementations so that the database schema will not run out of sequence values.
* NEXUS-40514: Any attempt to change the blob store of an existing repository via the REST API will be rejected with an HTTP 400 response
* NEXUS-40610: Resolved an issue that was preventing some users from uploading Jruby gems with \"-java\" in their version names to hosted ruby repositories
* NEXUS-40639: FluentAssets and FluentComponents are now able to retrieve assets in group repository storage
* NEXUS-40771: Using \"%3A\" or a colon for URL encoded strings in raw repositories now works as expected
* NEXUS-40775: Database Migrator: Made filtering change to reduce load on the database migrator, improving database migrator performance
* NEXUS-40808: Database Migrator: The database migrator now gracefully handles characters that PostgreSQL does not support- Improvements:
* Dependency Changes: + logback-classic and logback-core updated to 1.2.13 + upgraded jackson version from 2.15.0 to 2.15.3 + upgraded snakeyaml version from 2.0 to 2.2 + upgraded swagger version from 1.6.2 to 1.6.11
* Wed Dec 06 2023 Julio González Gil - 3.63.0.01-1- Update to Nexus 3.63.0-01- Bugfixing:
* NEXUS-40623: Adjusted regex to handle requests for NuGet v3 versions with double hyphens
* NEXUS-40621: Sonatype Nexus Repository deployments using PostgreSQL will appropriately return a 204 response when a user re-deploys a component with the same tag to hosted repository when re-deploy is allowed
* NEXUS-40491: Resolved an issue where running the \"Repair - Reconcile component database from blob store\" task with the integrity check option enabled did not remove some assets even though their .properties files did not exist
* NEXUS-40421: Resolved an issue with the nexus.azure.server property not being set properly
* NEXUS-40244: The Reconcile component database from blob store task restores only the expected blobs with the created/updated times matching the originals
* NEXUS-40007: Conditional Get (If-Modified-Since) on Yum group repo metadata now appropriately returns a 200 response when expected
* NEXUS-39826: You are now able to proxy RubyGems.org escape gem
* NEXUS-39675: PyPI package versions published using twine before upgrading to 3.41.0 or later are now discoverable as expected. The “Generate Missing SHA256 Checksums” and “Delete Index Asset MD5 Metadata” tasks now run automatically after upgrade
* NEXUS-39567: You are now able to proxy the RubyGems.org abstract gem
* NEXUS-39464: Proxying scoped npm packages with an underscore in the name now works without issue
* NEXUS-39227: Proxying PyPI repositories with policy-compliant component selection enabled is now appropriately incorporated into etag updates
* NEXUS-38587: Searching for Docker images with names containing a \"/\" character now works as expected
* NEXUS-36415: Resolved an issue that was causing cached proxied NuGet package metadata that cannot be parsed to prevent content from being updated from remote- Improvements:
* Enhancements to HA Helm Chart: Removed version numbers from Kubernetes objects that the Helm chart creates. Now it is possible to add custom labels and selectors. If you have existing volumes and volume mounts, you can also use those rather than having the Helm chart create new ones
* Additional Audit Logging: - For SAML, log user login, logout, and config-changed events are now logged - For local authentication, LDAP, and Crowd, user login and logout events are now logged
* Filter by Blob Store Name: The Repositories table filter to was enhanced to ensure you can search by blob store name. Simply type the blob store name into the table’s filter box to filter by blob store name
* Dependency Upgrades: org.apache.santuario updated from version 2.3.0 to 2.3.4 and org.json updated to 20231013
* Wed Nov 08 2023 Julio González Gil - 3.62.0.01-1- Update to Nexus 3.62.0-01- Bugfixing:
* NEXUS-40526: Fixed a display issue that was causing tag associations to be missing from on raw components after migration to PostgreSQL. Note: this was a display issue only and did not result in any missing data
* NEXUS-40425: Fixed an issue that existed in version 3.61.0 that was preventing startup when .bak files existed under restore-from-backup
* NEXUS-40423: Resolved an issue in 3.61.0 where duplicate user tokens were breaking upgrades. Upgrades now succeed and will detect duplicate rows and produce a log warning
* NEXUS-40313: User tokens work as expected with Conan repositories
* NEXUS-40196: Created an advanced option for Sonatype Nexus Repository Pro customers to clean up identical Docker image layers across repositories. See https://support.sonatype.com/hc/en-us/articles/22490107929619 for full details
* NEXUS-40120: Made changes to reduce the number of queries performed when running Nuget V2 FindPackagesById in PostgreSQL environments
* NEXUS-39411: Resolved a database migrator issue that was causing some NuGet downloads to fail after migrating to PostgreSQL
* NEXUS-39150: Resolved a concurrency issue that was ocurring when running Staging move and Cleanup unused assets task at the same time
* NEXUS-38850: The database migrator --healthcheck option now also checks the configuration database for corruptions in config classes
* NEXUS-38257: Repository configuration changes that occur while a search reindex task is running cause a lock exception after waiting for 60 seconds; however, the repository now stays in a stable state. A subsequent try to save the config change now works as expected once the long-running task is complete
* NEXUS-36836: Running the DeadBlobsFinder groovy script against a large database no longer causes out of memory errors
* NEXUS-32009: The last-modified date for hosted yum repositories now matches the metadata rebuild date after migrating from OrientDB to H2
* NEXUS-22262: Made changes to address multiple issues that were causing build failures due to failing to return maven-metadata.xml from a group repository- Improvements:
* New Cleanup Preview Experience for Pro Customers Using PostgreSQL (PRO Only) See https://help.sonatype.com/repomanager3/nexus-repository-administration/repository-management/cleanup-policies
* Azure HA Performance Data (PRO Only) See https://help.sonatype.com/repomanager3/product-information/sonatype-nexus-repository-system-requirements/system-requirements-for-high-availability-deployments/sonatype-nexus-repository-high-availability-performance-data-using-azure
* Support Zip Improvements: HA deployments will now see a button that allows configuring the support zip options once but generate support zips for all nodes The download link for a node\'s latest support zip also remains available even if navigating away from and back to the Support Zip page
* Expanded Audit Logging: The audit log now includes records for \"Clear Cache\" and \"Change (server) order\" LDAP events Added logging for the creation, update or removal of routing rules
* Deployment Pattern Library: New library of deployment patterns specifically designed to address three primary concerns: resiliency, scalability, and distribution https://help.sonatype.com/repomanager3/planning-your-implementation/deployment-pattern-library
* Notable Dependency Changes: Upgraded Jetty from version 9.4.51.v20230217 to version 9.4.53.v20231009 Upgraded goodies from version 2.3.5 to version 2.3.6 Upgraded eclipse-sisu from version 0.3.4 to version 0.3.5 Upgraded guice from version 5.0.1 to version 6.0.0
* High Availability-Clustering (HA-C) is now in extended maintenance and will be officially sunset in April 2024. Full details can are available at https://help.sonatype.com/docs/sonatype-sunsetting-information/sonatype-nexus-repository-3-feature-status and https://help.sonatype.com/docs/sonatype-sunsetting-information
* Thu Oct 12 2023 J. Daniel Schmidt - 3.61.0.02-2- Fix the macro for the service removal so the package builds again for openSUSE Tumbleweed and Factory
* Wed Oct 04 2023 Julio González Gil - 3.61.0.02-1- Update to Nexus 3.61.0-02- Bugfixing:
* NEXUS-40135: Fixed an issue that was causing upgrade errors to 3.59.0 or 3.60.0 when user tokens existed in earlier Sonatype Nexus Repository versions with the exact same user ID but different principals (security realms). Noted as a known issue in 3.59.0 and 3.60.0
* NEXUS-39995: Resolved an issue that was preventing administrator users from generating support zips
* NEXUS-39973: Fixed an issue that was causing Docker proxy or group repositories to return a 404 error even though the remote returned the correct manifest
* NEXUS-39624: The task for migrating the blobRef assets field now handles blob_ref duplicates correctly
* NEXUS-38800: AssetBlobCleanupTask now works as expected; the number of threads eventually stays around the same number as expected
* NEXUS-38530: Blob store metrics now update as expected after HA migration
* NEXUS-38292: Improved repository import task memory efficiency so that imports will not fail with out-of-memory errors even with large import sets
* NEXUS-36697: Made changes to the Admin - Delete blob store temporary files task to prevent it accidentally deleting in-use tmp files
* NEXUS-23185: Made improvements for those using Sonatype Nexus Repository with Sonatype Repository Firewall to prevent overloading IQ Server with asset deletion requests- Improvements:
* New OpenShift Operator for PostreSQL and High Availability Deployments (PRO Only)
* Change Repository Blobstore Task Supports Proxy Repositories (PRO Only)
* Policy-Compliant Component Selection for PyPI (PRO Only)
* Azure Blob Store Performance Improvements (PRO Only)
* Sonatype Nexus Repository Usage Metrics (not currently available for High Availability deployments)
* Improved Security When Specifying Credentials as JVM Arguments. Ensure that sensitive credentials are always masked in any location where they may appear
* Fri Sep 08 2023 Julio González Gil - 3.60.0.02-1- Update to Nexus 3.60.0-02- Bugfixing:
* NEXUS-40141: Fixed the previously reported \"Repair - Reconcile component database from blob store task\" issue. The bug caused the task to soft-delete the blob .properties and .bytes files for NuGet v2 proxy and hosted repositories. It also failed to restore the desired content for RubyGems, NuGet v2 (proxy or hosted), or P2 repositories; however, there was no soft deletion associated with RubyGems or P2 repositories
* NEXUS-39918: Clarified search restrictions in high availability environments to explain that searches cannot begin with a special character followed by a wildcard. Attempts to perform such seareches will now result in appropriate descriptive messaging
* NEXUS-39825: NuGet v3 search now returns the complete list of component versions even when the component name has a dot after a digit
* NEXUS-38670: Improved Apt upload performance and speed
* NEXUS-37537: The lastDownloaded attribute for hosted Helm assets now updates as expected in deployments using PostgreSQL or H2
* NEXUS-37024: The Global Webhook capability with Audit Type now works as expected- Improvements:
* Support for Cocoapods Stored on Google Open Source
* Refactored caching for deployments using Atlassian Crowd to improve performance and avoid calls to Crowd Server every time user information is needed. This refactoring also enables caching and improves performance for formats using bearer token realms (i.e., Conan, Docker, and npm formats). You must enable the Crowd realm for this to take effect (PRO Only)
* Wed Aug 16 2023 Julio González Gil - 3.59.0.01-1- Update to Nexus 3.59.0-01- Bugfixing:
* Apache shiro upgraded from 1.10.0 to 1.12.0 to mitigate CVE-2023-34478
* SnakeYaml upgraded from 1.33 to 2.0 to mitigate CVE-2022-1471
* Sonatype recently became aware of a bug impacting those using user tokens for authentication. To address potential security concerns, user token authentication methods were enhanced to ensure that user tokens are always case-sensitive regardless of security realm or database used
* NEXUS-39797: Resolved an issue that was causing some components to not be indexed for search in HA deployments
* NEXUS-39774 & 39573: Using the Search API to return Maven assets with an empty maven.classifier now works as expected
* NEXUS-39255 The Conan v2 remote list command to retrieve revisions performs as expected without a 500 error
* NEXUS-36486 The blobCreated date is now preserved when migrating to PostgreSQL
* NEXUS-36415 Adjusted handling in cases where invalid content violating metadata format is cached in a proxy repository
* NEXUS-35977 Improved error messaging and documentation related to requesting files from a R format repository. See our updated R repositories documentation for supported file types- Improvements:
* Support for password encoders like SHA-256, SHA-384, and SHA-512 for those using LDAP authentication
* To help facilitate debugging outbound network problems, an outbound request log that generates an outbound-request.log file in the $data-dir/log directory is now provided. The outbound request log rotates daily, maintains 90 days of log files by default, and compresses old logs. The log includes information such as date/time, authenticated user id, method, url, response status code, bytes sent, bytes received, and response time
* To help troubleshoot content selector issues, the audit log ($data-dir/log/audit/audit.log) is now expanded to log content selector creation, update, or deletion
* Tue Jul 25 2023 Julio González Gil - 3.58.1.01-1- Update to Nexus 3.58.1-01- Bugfixing:
* Critical Fix for 3.57.0 and 3.58.0 deployments Using Sonatype Repository Firewall. This bug could allow for users to unintentionally download quarantined components
* Tue Jul 18 2023 Julio González Gil - 3.58.0.01-1- Update to Nexus 3.58.0-01- Bugfixing:
* NEXUS-39766: Docker Subdomain connectors work with nGrok again as expected
* NEXUS-39415: Added logging for and made \"Rubygems - Generate SHA256 Checksums and Repair - Update attributes for RubyGems\" tasks configurable via the user interface. See the Tasks documentation for details on these tasks- Improvements:
* Restored \"Admin - Change repository blob store\"Task for deployments using PostgreSQL or H2, after it got disabled in 3.45.0, due to multiple issues that could result in data loss (PRO Only)
* Fri Jul 07 2023 Julio González Gil - 3.57.0.01-1- Update to Nexus 3.57.0-01- Bugfixing:
* NEXUS-24088: You can now properly remove an S3 blob store from a group even when it references an S3 bucket that is no longer accessible; such blob stores no longer cause UI errors
* NEXUS-24726: You can now search for components with an empty group or npm.scope
* NEXUS-27710: Fixed errors that were sporadically preventing startup in some cases due to a corrupted org.apache.karaf.features.cfg file
* NEXUS-29638: Downloading a pom.xml that uses unicode characters no longer fails due to calling getBytes without using UTF8
* NEXUS-31461: Searching for Maven versions now returns versions in alpha-numeric order as expected
* NEXUS-31492: Raw proxy URL no longer encodes special characters for outbound requests
* NEXUS-35917: The Repair - Reconcile component database from blob store task with only Integrity Check option selected now removes stale objects from S3 blob stores as expected
* NEXUS-36599: Browse privileges are no longer required to execute a NuGet search; only Read is needed
* NEXUS-38662: Deleting large repositories is no longer impeded by errors where Sonatype Nexus Repository looks for repository_blobstore in the component database
* NEXUS-38791: Running a search for Maven assets in an HA environment now returns the versions in descending order
* NEXUS-38851: npm exports no longer skip assets with an application/x-tgz content type
* NEXUS-39169: The permissions required for the search API are now consistent between HA and non-HA environments. Searching a group repository from the API only requires the user to have read permissions for the group- Improvements:
* Added a Default Role alert to inform administrators when the Default Role capability is enabled and what role is configured as the default role granted to all authenticated users
* Multiple UX enhancements, including a new Blob Store column in the Repositories table and a sortable Last Updated column to Search results
* Improvements in Support of Sonatype Repository Firewall to ensure HA Sonatype Nexus Repository deployments can support the new Sonatype Repository Firewall SaaS offering. Added validation to ensure that Sonatype Nexus Repository and Firewall only exchange information when Firewall configuration is enabled to avoid data becoming out of syn Renamed the Component IQ and IQ Application fields in the component browse view to Sonatype Lifecycle Component and Application respectively Modified the policy-compliant component selection checkbox so that it is disabled until and unless both the Firewall - Audit and Quarantine capability is enabled and the Enable Quarantine checkbox that appears within that capability is checked. This is to prevent Sonatype Nexus Repository from getting into an inconsistent state with the Firewall server
* Mon Jul 03 2023 Julio González Gil - 3.56.0.01-1- Update to Nexus 3.56.0-01- Bugfixing:
* The Repair - Rebuild npm metadata task now rebuilds npm package metadata as expected
* When migrating from Sonatype Nexus Repository 2 to 3, broken NuGet assets will no longer prevent completing migration. Sonatype Nexus Repository will provide an error message and log an exception for broken NuGet assets. Migration will continue and Sonatype Nexus Repository 3 will migrate valid NuGet assets as expected
* Enabling the IQ: Audit and Quarantine capability in Sonatype Nexus Repository 2 will no longer cause migration to Sonatype Nexus Repository 3 to hang
* PyPI simple index is rebuilt as expected after a staging move
* Repositories already using a blobstore that is then promoted to a group blobstore will continue to function as expected
* Performing \"conan search zlib/
*\" on a hosted repository in a high availability environment works as expected
* Calling \"info/rater_pdf\" only returns versions of the rater_pdf gem as expected- Improvements:
* Search Improvement for High Availability (HA) Enviornments (PRO Only) To ensure you receive the most accurate and usable information, a small aspect of component search was changed for those using one of our HA deployment options. You will now see the latest modification date from among all asset blobs assigned to a component in the Last Updated column. Previously, the component\'s creation date appeared in this column
* In order to prevent unreasonable wait times, a 1-minute timeout was added to the Cleanup Policy preview featureAWs me-central-1 region now appears as an option when creating an S3 blobstore.
* Sun Jul 02 2023 Julio González Gil - 3.55.0.01-1- Update to Nexus 3.55.0-01- Bugfixing:
* The Standard request timeout and Extended request timeout fields in the UI:Settings capability are now properly updated when upgrading from older versions
* Sonatype Nexus Repository now supports Yum repositories using the caret (^) character in RPM names
* Staging move respects the Allow redeploy only on \'latest\' tag setting as expected
* Subdomain routing now reflects the nexus-context-path
* NuGet v3 search in non-HA environments now return components that have a dot after a digit. Note that search works differently in HA, and we are still investigating a fix for HA environments- Improvements:
* Fluentbit, External DNS, and the Docker Ingress and service are now all optional in the Helm chart for a resilient Sonatype Nexus Repository deployment in AWS (PRO Only)
* /v2/users/authenticate Conan endpoint for hosted Conan repositories on Sonatype Nexus Repository deployments using H2 or PostgreSQL databases (PRO Only)
* Streamlined Experience for Those Using Sonatype Repository Firewall
* Quick Actions on Welcome Page, list of quick actions depends on the permissions for each user
* Sun Jul 02 2023 Julio González Gil - 3.54.1.01-1- Update to Nexus 3.54.1-01- Bugfixing:
* Added recently provided patch fixing the GroovyCastException that was occurring when installing the nexus gem
* Fixed the known issue from 3.53.0 for those using community or custom plugins. These plugins now load as expected.
* Added validation so that users can only add valid content selector privileges
* NEXUS-37518: Fixed an issue that was causing errors when running the \"Docker - Delete unused manifests and images\" task
* NEXUS-38740: Fixed an issue that was preventing NuGet v3 search from returning components with \".\" in the component name under some search conditions
* Plugins bundled as .kar files that are installed via $install-dir/deploy now start as expected
* Updated documentation to better explain how metadata is impacted during repository import- Improvements:
* Refreshed Outreach Page
* Export Unused Assets (PRO Only)
* The IQ Audit and Quarantine capability was renamed to Firewall Audit and Quarantine and hidden the IQ Server Configuration capability from the Capabilities screen. Functionality is not impacted, and you will still configure your connection to IQ Server via the IQ Server tab in the user interface
* Sat May 13 2023 Julio González Gil - 3.53.1.02-1- Update to Nexus 3.53.1-02- Bugfixing:
* NEXUS-39091: Concurrent event handling and asynchronous processing works as expected for RubyGems
* Fixed an issue that was causing the RubyGems Info API to work with incorrect groups
* Fixed a paging issue on OrientDB for RubyGems upgrade tasks
* Fixed a GroovyCastException that was occurring when installing the nexus gem
* Resolved an issue for those using OrientDB where, if a package was uploaded while a rebuild was in progress, it may result in missing a package until the next upload
* Fixed an issue that was causing an exception when running the \"Repair - Rebuild Rubygems versions file\" task- It is possible that you may still encounter issues related to the RubyGems Dependencies API deprecation even after upgrading to 3.53.1 Sonatype observed packaging inconsistencies in the RubyGems ecosystem that leave required fields missing or with values that are non-conforming to spec In these scenarios, Sonatype Nexus Repository is unable to properly store the gem or complete normal operations In 3.53.0 and earlier, this error would occur with a 500 error and not enough data being provided in the log file to identify the specific gem In 3.53.1, gems that have this gap will be reported in the \"nexus.log\" file with a log line like the following: 2023-05-12 12:20:32,043-0500 WARN [quartz-11-thread-2]
*SYSTEM org.sonatype.nexus.repository.rubygems.orient.internal.hosted.OrientGemInfoHostedFacet - Could not parse version 0.2.2 from gem gems/nexus-0.2.2.gem Please report such problems to Sonatype so they can properly address non-conforming gems in future releases
* Thu May 11 2023 Julio González Gil - 3.53.0.01-2- There is a known issue in Sonatype Nexus Repository 3.53.0 impacting those using community or custom plugins. These plugins will not load from the typical install directory and, in some cases, this may prevent Sonatype Nexus Repository from starting. If you are using community or custom plugins and wish to upgrade, remove the plugin before doing so. Otherwise, wait to upgrade until a fix is released this issue. If you are not using community or custom plugins, upgrading is safe
* Sat May 06 2023 Julio González Gil - 3.53.0.01-1- Update to Nexus 3.53.0-01- Bugfixing:
* NEXUS-17626: rubygems /versions endpoint not implemented resulting in performance issues installing gems
* NEXUS-20429: incomplete gem metadata returned sometimes from /api/v1/dependencies
* NEXUS-25408: Using 0 in \"Authenticated user status interval\" disables buttons after logging in
* NEXUS-31023: npm metadata request fails with \"Missing blob and no handler set to recover\"
* NEXUS-31286: nexus.datastore system properties do not overwrite values in nexus-store.properties file
* NEXUS-31635: Repository REST API allows invalid version policy value for Maven repo
* NEXUS-35728: New Nexus Repository Manager 3 image breaks \"kubectl cp\" and \"oc cp\" commands
* NEXUS-37958: Blob store health check fails reporting group blobstores as not writable
* NEXUS-38452: RubyGems.org /api/v1/dependencies API removal may cause empty 200 status responses from groups which can then fail builds
* NEXUS-38579: Expensive search done for deleted assets after repository is removed
* NEXUS-38585: Conan hosted repo search does not return all deployed components when conan attributes contain special characters and using elasticsearch indexing
* Upgraded org.apache.karaf.jaas:org.apache.karaf.jaas.modules package from 4.3.6 to 4.3.9 due to a vulnerability. There are no known exploits of this vulnerability, so the this upgrade happens out of an abundance of caution- Improvements:
* NEXUS-31225: Add support for rubygems compact_index /info/ endpoint
* Change in Database Property Evaluation Priority when Using PostgreSQL (PRO Only) To help you more easily change database connection details, there are changes in the way and order in which Sonatype Nexus Repository evaluates the mechanism for evaluating this information. You will also need to provide all required fields through the same mechanism
* Fix for RubyGems Dependency API Deprecation: RubyGems will deprecate its dependency API as of May 10, 2023. Those using RubyGems will need to upgrade to Sonatype Nexus Repository 3.53.0 by May 10 to avoid encountering errors caused by this deprecation
* New Name (Sonatype Nexus Repository) & UI Changes. Functionality is not impacted
* Wed Apr 19 2023 Julio González Gil - 3.52.0.01-1- Update to Nexus 3.52.0-01- Bugfixing:
* NEXUS-24266: Trim SAML UI Input Fields
* NEXUS-27453: The user ID field in \"security --> anonymous\" allows trailing spaces
* NEXUS-33918: Deleting tag via REST API UI returns \"error: no content\"
* NEXUS-34185: Nexus UI does not show \'Last downloaded\' with full time and timezone details
* NEXUS-34566: Deleting an image tag deletes all tags with the same digest from other images
* NEXUS-34611: user-token-reset API execution in Nexus Swagger UI returns \'Error: No Content\'
* NEXUS-35509: Improve search performance with large Roles and Privileges: OrientDB
* NEXUS-36480: Improve robustness and logging for Null Pointer handling in Docker.GC task
* NEXUS-37491: Pypi proxy always does expensive rewrite of simple index pages
* NEXUS-38412: Resetting the nexus loggers to default levels causes \"IllegalArgumentException: The level of the root logger cannot be set to null\" with New HA deployments
* Thu Apr 06 2023 Julio González Gil - 3.51.0.01-1- Update to Nexus 3.51.0-01- Bugfixing:
* NEXUS-31948: Attempting to create Azure blob store with an existing name causes 500 server error
* NEXUS-34077: scheduled tasks race condition during DB migration can leave tasks without proper schedule
* NEXUS-34599: Status API execution via Nexus Swagger UI returns Undocumented Error: OK
* NEXUS-35229: Reconcile task with last X days option checks all properties files
* NEXUS-35728: kubectl cp and oc cp commands work as expected.
* NEXUS-36296: Placing proxy repo in offline mode releases quarantined components
* NEXUS-36416: MissingBlobException for Nuget asset prevents instance from starting
* NEXUS-36817: Increase default size limit for helm yaml files
* NEXUS-37005: Blob store UI will not load if s3 blob store host can\'t be reached
* NEXUS-37639: Docker manifest upload to a docker hosted repository causes missing \"Docker-Content-Digest\" in the response when Nexus running with PostgreSQL db- Improvements:
* Automatically Rebuild Search Indexes for New High Availability (HA) Deployments (PRO Only)
* UI/UX: Better error messaging when configuring Content (PRO only)
* UI/UX: Increasing the size of the routing rule preview field on the routing rule form so that you can see the full path that you enter
* UI/UX: Continued conversion of parts of our UI to use React components See https://help.sonatype.com/repomanager3/product-information/release-notes/2023-release-notes/nexus-repository-3.46.0-release-notes for more information on this effort
* Tue Mar 28 2023 Julio González Gil - 3.50.0.01-1- Update to Nexus 3.50.0-01- Bugfixing:
* NEXUS-22721: UI sign out/logout does not redirect to the default page
* NEXUS-25037: UNAVAILABLE repository status creates confusing user experiencie
* NEXUS-27530: proxying nested repodata/repomd.xml from remote YUM repositories causes automatic download attempt of primary.xml.gz at wrong remote path
* NEXUS-30939: New user token created every time a user clicks the Access token button
* NEXUS-33794: LogbackLogManager ERROR and WARN messages about missing log files lack context and log at the wrong level
* NEXUS-34022: Unable to unassign Routing Rules to a repository via Nexus UI
* NEXUS-35497: Staging move fails if some image layers are contained in a proxy repository
* NEXUS-36365: Blob store names can contain arbitrary characters and lack full validation leading to blobstores which cannot be used, deleted or accessed using REST API
* NEXUS-36590: Choco installs a different package when using Nuget V2 with PostgreSQL
* NEXUS-36955: Checksum and size not updated in repomd.xml which can fail yum install due to checksum doesn\'t match
* NEXUS-37182: Conan search with hosted repo only works for the _ channel
* NEXUS-37315: conan search for hosted repository does not work when package has dependencies defined via \'requires\'
* NEXUS-37454: group blobstore UI Transferred Items title lacks context
* NEXUS-37512: Format specific UI search returns results from different formats
* NEXUS-37563: conan hosted repo does not allow redeploying different configurations of the same package with disable redeploy option
* NEXUS-37895: Data Store UI shows required fields with possibly empty values that cannot be edited- Improvements:
* High availability deployment options with Amazon Web Services, Azure, Kubernetes, or manual setup (PRO Only)
* Supports for Conan revisions for hosted repositories when using an H2 or PostgreSQL database (revisions are not supported on OrientDB) (PRO Only)
* Tue Mar 07 2023 Julio González Gil - 3.49.0.02-1- Update to Nexus 3.49.0-02- Bugfixes:
* NEXUS-30166: Error responses from roles REST API are not in consistent format
* NEXUS-30811: Staging move failing for multi-arch docker image due to NPE
* NEXUS-34600: Unable to add old privileges to role after migrating to postgresql
* NEXUS-36028: enable async batch deletes by default for Admin Cleanup unused asset blob tasks
* NEXUS-36244: Security Users view in the UI queries the database for all user role mappings in the entire database
* NEXUS-36296: Placing proxy repo in offline mode releases quarantined components
* NEXUS-36555: Component links in Browse UI delimit GAV paths with \'%2F\' instead of \'/\'
* NEXUS-36784: Regression: Download asset from UI, the filename contains group id with underscores and then the artifact name
* NEXUS-37385: db-migrator fails if the blob store name contains a colon
* NEXUS-37490: unable to download files when blobstore name contains colon after upgrading to 3.47- Improvements:
* Batch delete is now the default for the \"Admin - Cleanup unused asset blobs\" task (PRO Only)
* Tue Feb 28 2023 Julio González Gil - 3.48.0.01-1- Update to Nexus 3.48.0-01- Bugfixes:
* NEXUS-36573: create a repository of any format triggers a complete Helm index rebuild
* NEXUS-36998: dotnet add command against nuget v2 group repo is very slow on newDB
* NEXUS-37617: loading welcome page can make frequent calls to database which may lead to ui latency in some circumstances
* NEXUS-37810: strict content validation may fail on exe application/x-sharedlib protobuf protoc- Improvements:
* NEXUS-37535: Removed Legacy SQL Maven Metadata Builder
* Improved NuGet v2 Performance on PostgreSQL (PRO Only)
* New and improved Content Replication (PRO Only) While help documentation for legacy replication remains available, it will be unavailable for general use, and will be eventually removed. Reach out to your CSE if you are still using legacy replication and would like to continue using it- Notes: After upgrading to 3.48.0, those using an H2 or PostgreSQL database will need to run a task for each existing Apt, Helm, and Yum repository in order to rebuild their metadata:
* Apt: Rebuild Apt metadata for each Apt repository
* Helm: Rebuild Helm metadata for each Helm repository
* Repair: Rebuild Yum rebuild metadata (repodata) for each Yum repository
* Fri Feb 10 2023 Julio González Gil - 3.47.1.01-1- Update to Nexus 3.47.1-01- Bugfixes:
* NEXUS-37325: MissingBlobException and slow downloads after upgrading to 3.47.0
* Fri Feb 10 2023 Julio González Gil - 3.47.0.01-1- Update to Nexus 3.47.0-01- Bugfixes:
* NEXUS-36506: NonResolvableTarballNameException returned for npm group requests if member proxy is unavailable
* NEXUS-36617: PyPi index not update or generated when importing repository
* NEXUS-36667: logged execution time of database upgrade steps report as seconds when they are actually milliseconds- Improvements:
* NEXUS-34236: Migrate all deletions.indexes, not just the indexes named with the node ID of the instance being migrated to SQL database (PRO only)
* Continued UI Improvements: updated HTTPS Settings and SSL Certificates pages visible to all users
* Thu Feb 09 2023 Julio González Gil - 3.46.0.01-1- Update to Nexus 3.46.0-01- Bugfixes:
* NEXUS-36655: REST API search does not respect maven.extension parameter
* NEXUS-36782: Slow merging of yum group metadata- Improvements:
* Removed Space Remaining Soft Quota for Azure and S3 Blob Stores
* Wed Jan 18 2023 Julio González Gil - 3.45.1.01-1- Update to Nexus 3.45.1-01- Bugfixes:
* NEXUS-36400: Npm package dist-tags are not preserved during repository export/import
* Fri Dec 30 2022 Julio González Gil - 3.45.0.01-1- Update to Nexus 3.45.0-01- Please note new PostgreSQL database user permission requirements introduced as of 3.44.0 that impact your upgrade to 3.45.0. The PostgreSQL user must have CREATE priveleges on the current database due to schema changes made during the upgrade process that have new dependencies- Bugfixes:
* NEXUS-36046: roles ui call to backend is not sending x-nexus-ui request header
* NEXUS-36239: Multiple known issues can lead to data loss, so \"Admin - Change repository blob store\" is now disabled for your protection. All pre-existing tasks of this type will no longer run, and you will not be able to create new ones through either the user interface or API. Sonatype highly discourage you from using this task in earlier Nexus Repository releases where it is not disabled
* Thu Dec 15 2022 Julio González Gil - 3.44.0.01-1- Update to Nexus 3.44.0-01- Bugfixes:
* NEXUS-31363: Remove Quarantined Versions does not update asset attributes.content.etag
* NEXUS-31796: transitive repo group content privileges are not transparently applied to search results causing possible 403 errors in the UI
* NEXUS-33553: Search API returns null for \"lastDownloaded\" field
* NEXUS-34508: Update Stream Filtering on BlobStoreGroupMemberRemovalTask
* NEXUS-34875: docker-nexus3: removal of chef dropped support for NEXUS_CONTEXT
* NEXUS-34950: PyPI package versions published using twine before upgrading to 3.41.0 or later are missing from /simple index preventing discovery by clients
* NEXUS-34969: \"DatastoreFileBlobDeletionIndex - Processing blobstore\" takes long time and block the startup
* NEXUS-35486: Unable to Upload npm package with long buildnumber
* NEXUS-35623: helm proxy fails with large index.yaml (bitnami)
* NEXUS-35867: Group Yum metadata merging failing with OutOfMemoryError in AbstractStringBuilder.hugeCapacity
* NEXUS-35995: Potentially long running query deleting components with repository.cleanup task due to fk_maven2_browse_node_component constraint
* NEXUS-36085: Task creation no longer works with group blob stores
* NEXUS-36154: database migrator may filter out valid components and assets due to \"no repositoryId\"- Improvements:
* Update the Log4J Visualizer user interface to provide new guidance on integrating Nexus Firewall with Nexus Repository
* NEXUS-36180: add configurable cache buster for rapture web UI resources
* NEXUS-36232: prevent automatic search in the UI
* Tue Nov 08 2022 Julio González Gil - 3.43.0.01-1- Update to Nexus 3.43.0-01- Bugfixes:
* NEXUS-31672: Potentially long running query deleting components with repository.cleanup task
* NEXUS-34608: cleanup policies may cause PostgreSQL database connection pool exhaustion and prevent restarts
* NEXUS-34681: Blobstore Group Round Robin should try next blobstore member if one member if full
* NEXUS-34774: Some dependency packages are not downloaded via Nexus Nuget V3 repository
* NEXUS-34950: pypi package versions published using twine before upgrading to 3.41.0 or later are missing from /simple index preventing discovery by clients
* NEXUS-35259: PyPI INDEX type asset is always created by accessing it via group repo
* NEXUS-35492: INSTALL4J_ADD_VM_PARAMS do not override resiliency helm chart jvm arguments defined in nexus.vmoptions
* NEXUS-35515: Cannot cast DetachingList to ArrayList when retrieving Docker proxy repo configuration via REST API
* NEXUS-35530: Maven REPOSITORY_METADATA type asset is always created by accessing it via group repo
* NEXUS-36027: Admin - Cleanup unused asset blobs task may not be able to keep up with the number of newly created unused blobs- Improvements:
* NEXUS-25231: Nexus Repository Now Mirrors PyPI Yank Attribute (PEP 592)
* NuGet V2 Support for H2 and PostgreSQL Database Users (PRO only)
* Upgraded vulnerable Apache Shiro 1.9.1 to 1.10.0 (no reported exploits so far
* Upgraded Jackson Databind from version 2.13.2.1 to 2.13.4.2
* Ugraded SnakeYAML from version 1.28 to 1.32
* Thu Sep 29 2022 Julio González Gil - 3.42.0.01-1- Update to Nexus 3.42.0-01- Bugfixes:
* NEXUS-31088: Helm proxy does not properly handle upstream UTF-8 characters
* NEXUS-31099: Manually scheduled tasks triggered after migration to Postgres
* NEXUS-31188: Nexus Firewall quarantined component returns 404 status through group repository instead of 403
* NEXUS-31891: Performance issue with \"Download cataloged versions only\" and \"Download policy compliant versions\" options
* NEXUS-32449: blobstore outbound http connection or file handle leak while rebuilding Helm index
* NEXUS-32453: Golang metadata in group repos is cached using component max age
* NEXUS-32529: Nexus upgrade can fail with NullPointerException at OrientBlobReconciliationLogMigrator stage.
* NEXUS-33294: Most of docker layer assets are filtered during postgresql migration
* NEXUS-33540: downloadUrl for assets in /rest/v1/search contain extra forward slash after migrating from OrientDB to PostgreSQL
* NEXUS-33917: NPM group repository does not return correct latest version
* NEXUS-33933: Nuget V3 search does not return the expected version against Hosted repository
* NEXUS-34184: log in audit.log components deleted by Cleanup service task
* NEXUS-34242: Elapsed time logged for scheduled tasks is using a time unit that is not human readable
* NEXUS-35082: Instance ID is not preserved during postgres migration
* NEXUS-35218: docker-nexus3 - memory settings no longer removed from nexus.vmoptions- Improvements:
* NEXUS-34932: Upgraded to Jetty 9.4.48.v20220622
* Improvement to Logs for Remove Quarantined Versions Feature (PRO only)
* Search performance improvements
  
ICM