Skip to content

Releases: juliogonzalez/nexus-oss-rpms

3.74.0.05-1

05 Dec 19:18
@juliogonzalez juliogonzalez
3.74.0.05-1
b115369
Compare
Choose a tag to compare
3.74.0.05-1 Latest
Latest
Assets 2
Loading

3.73.0.12-1

04 Dec 22:42
@juliogonzalez juliogonzalez
3.73.0.12-1
3a56be8
Compare
Choose a tag to compare
3.73.0.12-1
  • Update to 3.73.0-12
  • Bugfixes:
    • NEXUS-44488: You can no longer enable user tokens via capabilities and
      must use the user token UI or API
    • NEXUS-44370: Switched order of staging delete and move operations to avoid
      a concurrency issue when running staging move and cleanup
      unused asset tasks at the same time
    • NEXUS-44350: The database migrator utility correctly migrates the
      'soft_deleted_blobs' table from H2 to PostgreSQL and
      PostgreSQL to H2
    • NEXUS-44337: Resolved an issue that was preventing the option to retain a
      select number of previous versions when running cleanup from
      working as expected
    • NEXUS-44017: The jmx.json is now included in support zips
    • NEXUS-44005: Cleanup preview works as expected in H2 environments without
      an unexpected UI timeout
    • NEXUS-43977: Changed 'com.sonatype.nexus.repository.nuget.internal.v3.NugetProxySearchHandler'
      log level to from WARN to DEBUG
    • NEXUS-43780: Updated Helm chart with examples of how to configure the
      environment variable and key file for the secret
      encryption keys
    • NEXUS-43764: After migrating from OrientDB to PostgreSQL, the browse
      rebuild task only runs once
    • NEXUS-43758: After migrating to a PostgreSQL database, the search rebuild
      index task only runs once
    • NEXUS-43587: Anonymous users are not able to browse after pulling a Docker
      image unless they log in
    • NEXUS-43648: Special characters encode as expected for raw
      proxy repositories
    • NEXUS-43413: The Maven rebuild metadata task provides meaningful error
      messaging when it encounters invalid versions
    • NEXUS-43253: Made adjustments to improve 'getByDisplayPath'
      query performance. This includes creating a new index on
      'parent_id' that runs on startup. The new index may slow
      startup time but will allow the retrieval of data based on
      'node_ids' and 'parent_ids' in a very efficient way
    • NEXUS-43022: Grouping multiple proxy PyPi repositories works as expected
    • NEXUS-42751: Logs exceeding the 30MB file size limit are truncated with a
      truncated marker/
    • NEXUS-42704: Nexus Repository cleans up yaml metadata as new metadata
      is generated
    • NEXUS-42207: There are no longer UI errors when IQ is configured with
      Firewall audit and quarantine disabled
    • NEXUS-37772: Yum metadata updates as expected after a cleanup policy
      removes rpms
    • NEXUS-21389: Removed inaccurate information about the maximum number of
      users that the users REST API will return
  • Improvements:
    • Added a new index on "parent_id" that runs on startup, to improve
      "getByDisplayPath" query performance. The new index may slow startup time
      for large deployments but will allow the retrieval of data based on
      "node_id" and "parent_id" in a very efficient way
    • Sonatype Nexus Repository 3.73.0 introduces a re-encryption feature to
      mitigate CVE-2024-5764. This feature allows administrators to change the
      encryption key used to protect passwords and other
      confidential information.
      If you have not configured and run re-encryption and are still using the
      default key, you will see a health check warning with the message
      "Nexus was not configured with an encryption key and is using the Default key"
      after upgrading to 3.73.0+. Follow the steps in the re-encryption help
      documentation to resolve the warning:
      https://help.sonatype.com/en/re-encryption-in-nexus-repository.html
    • Support for Rust / Cargo Format (PRO Only)
    • Malware Warning Banner: When Sonatype Nexus Repository identifies malware
      components, a warning banner alerts both administrators and users in the
      Nexus Repository interface. This banner updates every 24 hours to reflect
      the latest malware detection status
  • Dependency Changes:
    • Upgrade pax-url-aether from 2.6.7 to 2.6.12
    • Upgrade protobuf-java from 3.25.3 to 3.25.5
    • Upgraded keycloak-saml-* and keycloak-admin-client from 12.0.3 to 18.0.2
Assets 2
Loading

3.72.0.04-1

15 Nov 23:32
@juliogonzalez juliogonzalez
3.72.0.04-1
78bda81
Compare
Choose a tag to compare
3.72.0.04-1
  • Update to 3.72.0-04
  • Bugfixes:
    • NEXUS-43651: Sending NuGet v2 requests to a Nexus NuGet v3 proxy
      repository results in a 404 instead of a 200 response
    • NEXUS-43634: The Import task fails gracefully if a user attempts to import
      a repository without specifying the drive letter
    • NEXUS-43608: Requests for version-specific scoped npm metadata return the
      expected metadata. All Nexus Repository instances must be
      updated to at least 3.72.0 to benefit from this fix and avoid
      polluting downstream metadata
    • NEXUS-43602: Resolved an issue that was preventing some customers from
      properly loading the Capabilities user interface
    • NEXUS-43562: Increased nexus.assetBlobCleanupTask.batchSize default value
      from 100 to 1,000 to improve AssetBlobCleanupTask performance
    • NEXUS-43506: Updated cyclonedx-core-java version to version 9.0.4
    • NEXUS-43504: Created a new Search Configuration Capability to allow
      administrators to configure a prefetch limit controlling the
      number of times Nexus can return to the database to populate
      a given page
    • NEXUS-43484: An enabled Default Role Realm remains enabled in an HA
      cluster even if an HA node shuts down
    • NEXUS-43463: Attempting to import to an S3-backed repository with the hard
      link option enabled now gracefully fails with improved
      error messaging. Note that you cannot use hard links with
      object storage blob stores like S3
    • NEXUS-43211: Resolved an issue that prevented some deployments from
      starting after migrating from OrientDB to PostgreSQL due to a
      'repeatable migration "NpmPCCSAndFirewallAuditCapabilityOutOfSyncMigrationStep" failed'
      error
    • NEXUS-43007: Attempting an IQ server login with invalid credentials no
      longer causes repeated error messages in the logs
    • NEXUS-42500: Azure blob store metrics migrate successfully during
      HA migration
    • NEXUS-40641: Download links update as expected after generating a new
      support zip while a previous one already exists
    • NEXUS-36285: When creating an LDAP external role mapping, Nexus Repository
      does not query the LDAP server until the user has entered at
      least three characters and stopped typing
  • Improvements:
    • Upgrade to 3.72.0 with Zero Downtime (PRO High Availability
      Deployments Only)
    • View Published and Last Downloaded Date in Cleanup Preview
      CSV (PostgreSQL Only)
    • New Configurable Database Refetch Limit for Search in High
      Availability Deployments
    • Starting December 2024 deployments using PostgreSQL database will require
      at least PostgreSQL 14
Assets 2
Loading

3.71.0.06-1

15 Nov 22:00
@juliogonzalez juliogonzalez
3.71.0.06-1
78e7ee6
Compare
Choose a tag to compare
3.71.0.06-1
  • Update to 3.71.0-06
  • WARNINGS:
  • Bugfixing:
    • NEXUS-43640: Removed the deprecated WATCH_NAMESPACE environment variable
      from the HA OpenShift Operator. The Operator now deploys
      correctly when installed in a specific namespace
    • NEXUS-43337: Content selectors to browse a specific directory listing now
      work as expected; content selectors defined as path =~ ".*/"
      work as expected
    • NEXUS-43268: Caching works as expected for pypi.org simple index pages
    • NEXUS-43080: The search_components table is now excluded from tableNames
      when the clustering (HA) flag is disabled in
      PostgreSQL environments. DBAs should no longer unexpectedly
      see "ERROR: relation "search_components" does not exist"
      messages
    • NEXUS-43037: Directly deleting a tag from OrientDB removes it from the
      "tags" table as expected, unblocking database migration using
      the newer migrator method that was implemented in 3.69.0
    • NEXUS-42974: Improved HA proxy cooperation to reduce failed requests
    • NEXUS-42529: Nexus Repository correctly serves Yum packages containing a
      colon in the URL path without error
    • NEXUS-41935: The removed hyphens from the default values.yaml in the
      nxrm-ha helm chart to accommodate an undocumented AWS Secret
      Store CSI Provider Driver limitation
    • NEXUS-41552: Nexus Repository appropriately logs exceptions that the
      "Docker - Delete unused manifests and images" task
      might trigger
    • NEXUS-40192: When Nexus Repository receives more than one request to
      create a new tag with the same name, one request will now
      succeed while the other returns an error response alerting
      the user that the tag already exists
    • NEXUS-39181: Added audit logging for User Token events. See feature
      description in improvements listed above
    • NEXUS-37993: Converting an Azure blob store to a group blob store works
      as expected without errors
    • NEXUS-34715: Publishing components using the Maven REST API while also
      adding staging tags and then issuing a staging move to another
      repository works as expected without error
    • NEXUS-31283: Attempts to upload components to a non-root Helm repository now
      result in a graceful error message. Components can only be
      uploaded to a root Helm repository
  • Improvements:
    • H2 database available for OSS and is the default for new Installs
    • Rolling Upgrade Support for High Availability (HA) Deployments (PRO Only)
    • OCI 1.0/1.0.1 Specification Support for Docker
    • Manage HTTP Configuration via New REST API (PRO Only)
    • Additional Audit Logging
      • Creating a user token
      • Resetting a user token
      • Globally resetting all user tokens
      • The number of API keys removed after running the
        "Admin - Delete orphaned API keys" task
      • When user token configuration changes regarding repository access
        and authentication
Assets 2
Loading

2.15.2.03-1

15 Nov 23:04
@juliogonzalez juliogonzalez
2.15.2.03-1
32e5f41
Compare
Choose a tag to compare
2.15.2.03-1
  • Update to 2.15.2-03
  • WARNING: Sonatype will officially sunset its Nexus Repository 2 product on
    June 30, 2025. Consider migrating to Nexus Repository 3 as soon as
    possible:
    https://help.sonatype.com/en/upgrading-from-nexus-repository-manager-2.html
    Find more information at the Sonatype Nexus Repository 2 Sunsetting
    Information help page:
    https://download.sonatype.com/nexus/2/Sonatype%20Nexus%20Repository%202%20Help.pdf
  • Bugfixes:
    • CVE-2024-5082: Fixed a Remote Code Execution vulnerability through which
      an attacker with privileges to publish content could upload
      a specially crafted file that would result in Nexus
      Repository attempting to execute embedded commands
      upon retrieval
    • CVE-2024-5083: Fixed a Stored XSS vulnerability through which an attacker
      with privileges to publish content could upload a specially
      crafted file that includes embedded JavaScript. If that
      file is viewed by an authenticated user, the JavaScript
      could execute product features available to the
      authenticated user
Assets 2
Loading

3.70.3.01-2

02 Nov 00:22
@juliogonzalez juliogonzalez
3.70.3.01-2
3fe6aef
Compare
Choose a tag to compare
3.70.3.01-2
  • This is the final warning about the migration from OrientDB to H2/PostgreSQL
    and from Java 1.8 to Java 17!
  • The migration to Java 17 is performed automatically by the package, if the
    OS provides it
  • The migration to H2/PostgreSQL needs to be performed MANUALLY. If you are
    still using OrientDB (you did not perform a migration, Make sure you read
    https://help.sonatype.com/en/migrating-to-a-new-database.html
    and run the procedure before updating to Nexus 3.71.0 or any newer version!
Assets 2
Loading

3.70.3.01-1

28 Oct 19:17
@juliogonzalez juliogonzalez
3.70.3.01-1
9501a62
Compare
Choose a tag to compare
3.70.3.01-1
  • Update to 3.70.3-1
  • Dependency Updates in 3.70.3:
    • Upgraded protobuf-java from 1.36.0 to 3.25.5
    • Upgraded pax-url-aether from 2.6.7 to 2.6.12
  • WARNINGS:
    • 3.70.3 is the final version supporting OrientDB, Java 8, and Java 11.
      3.71.0+ will require either an H2 or PostgreSQL database and Java 17.
      This means that this is the latest release that will build for CentOS7
      or any other clones from third party providers.
Assets 2
Loading

3.70.2.01-1

06 Sep 21:36
@juliogonzalez juliogonzalez
3.70.2.01-1
65cc796
Compare
Choose a tag to compare
3.70.2.01-1
  • Update to 3.70.2-01
  • Fix for a Database Migrator issue that caused some users to see duplicate
    key errors after migrating from OrientDB to H2
  • WARNINGS:
    • 3.70.2 is the final version supporting OrientDB, Java 8, and Java 11.
      3.71.0+ will require either an H2 or PostgreSQL database and Java 17.
      This means that this is the latest release that will build for CentOS7
      or any other clones from third party providers.
Assets 2
Loading

3.70.1.02-1

29 Aug 00:37
@juliogonzalez juliogonzalez
3.70.1.02-1
9d16c39
Compare
Choose a tag to compare
3.70.1.02-1

3.70.1.02-1:

  • Update to 3.70.1-02
  • Fix for UI issues with custom context path in Nexus Repository 3.70.0
    This issue only impacted the UI and did not impact other functionality such
    as for example requests for components.

Unreleased 3.70.1.02-1:

  • Update to Nexus 3.70.0-03
  • WARNINGS:
    • 3.70.0 is the final version supporting OrientDB, Java 8, and Java 11.
      3.71.0+ will require either an H2 or PostgreSQL database and Java 17.
      This means that this is the latest release that will build for CentOS7
      or any other clones from third party providers.
    • 3.70.0 upgrades the embedded H2 database to version 2.2.244. As there are
      considerable changes between version 1.4.200 and 2.2.244, those using an
      H2 database will need to take some additional steps to upgrade to Nexus
      Repository 3.70.0
      3.69.0, added an "Admin - Export SQL database to script task" you can
      use to create a SQL script export of your H2 database.
      If you are using an H2 database, you will need to run this task and follow
      the instructions at https://help.sonatype.com/en/upgrade-h2.html
      instructions in order to upgrade to release 3.70.0.
      This means that you must upgrade to version 3.69.0 before upgrading
      to 3.70.0+
      If you are unsure what database your deployment is using, follow the help
      documentation for determining your current database:
      https://help.sonatype.com/en/migrating-to-a-new-database.html#determining-current-database-162010
  • Bugfixing:
    • NEXUS-43307: Updated documentation to accurately state that access to
      SAML UI and API requires nx-all privileges
    • NEXUS-42854: The npm view command works as expected for scoped packages
    • NEXUS-42336: Database records that cause exceptions during database
      migration are appropriately logged
    • NEXUS-39818: Running npm audit should no longer result in
      unexpected exceptions
    • NEXUS-39799: In Yum repositories, all pathnames in the filelist.xml.gz
      file are properly escaped
    • NEXUS-39462: If an asset’s format is incorrect, the Database Migrator
      will continue with migration and skip corrupted records
    • NEXUS-22888: Added componentId validation when trying to view an asset
      that does not have a component. If the componentId is an
      empty string, string of blank spaces, null, or undefined,
      then the LifeCycle Component panel is not displayed
  • Improvements:
Assets 2
Loading

3.69.0.02-1

06 Jun 21:56
@juliogonzalez juliogonzalez
3.69.0.02-1
6bd3c76
Compare
Choose a tag to compare
3.69.0.02-1
  • Update to Nexus 3.69.0-02
    • NEXUS-42786: Exporting npm assets with application/x-gzip content type now
      works as expected
    • NEXUS-42560: The YumAbsouteUrlRemover no longer recalculates or updates
      checksums for XML files containing the xml:base attribute;
      this change greatly improves performance
    • NEXUS-42434: Adjusted all places in AuditDTO where ObjectMapper was
      instantiated to use the injected global mapper. Users should
      no longer see errors in the logs when uploading assets
    • NEXUS-42411: Database Migrator: Reduced log noise by adjusting the
      ProcessChunkListener to log migration progress in time
      intervals (e.g., showing how many records were migrated each
      10 seconds)
    • NEXUS-42409: Firewall works with Conda format as expected
    • NEXUS-42276: The System Information page appears as expected with
      no NullPointerException
    • NEXUS-41974: Running the "Cleanup unused asset blobs" task and
      "Staging move" in parallel now works as expected
    • NEXUS-41862: Nexus Repository logs for deployments using PyPI
      Policy-Compliant Component Selection now only include
      filtered versions
    • NEXUS-41692: User tokens for Crowd-backed users now use auth caching
      as expected
    • NEXUS-41385: Downloading files through a proxy PyPI repository no longer
      leaves files in the blob store’s temporary directory
    • NEXUS-41374: Nexus Repository no longer logs an ERROR message when a
      remote PyPI repository does not have a requested package
    • NEXUS-41250: The nx-tasks-run privilege details in the Nexus Repository
      user interface no longer display an error under the
      Actions section
    • NEXUS-41218: Added a property to nexus.properties that users may configure
      in order to reduce overly verbose audit logging for NuGet v2
      on deployments using PostgreSQL. To turn off attributes
      logging, add the following to:
      nexus.properties: nexus.audit.attribute.changes.enabled=true
    • NEXUS-41403: Reduced excessive Database Migrator logging
    • NEXUS-39085: To ensure consistency across the REST API, we updated all
      asset ID formats to use only the long ID
    • NEXUS-37307: The Crowd realm user cache is now used for npm client bearer
      token-authenticated requests
    • NEXUS-36248: As mentioned in the improvements above, we have extended the
      users API to allow you to include a realm parameter when
      deleting a user
    • NEXUS-31205: Adjusted support zip algorithms to not truncate any support
      zip files other than log files
    • NEXUS-26828: When a remote Docker repository indicates that something is
      “not found,” the proxy repository no longer logs a
      WARN message
    • NEXUS-23052: As mentioned in the improvements above, Administrators can
      now delete cached authenticated SAML user records via user
      administration section in the Sonatype Nexus Repository
      user interface
    • NEXUS-17740: Created a "Repair - Recalculate blob store storage task" that
      can be run if blob store blob count and total size display
      incorrect information. This is a slow-running task and should
      be used with careful consideration of available
      system resources. See the published performance testing
      for details:
      https://help.sonatype.com/en/recalculate-blob-store-storage-performance-testing.html
  • Improvements
    • Java 17 Support for Deployments Using H2 or PostgreSQL Databases, but
      not OrientDB (PRO Only)
      NOTE: This package is still based in Java 8 for the time being.
    • Configure User Token Expiration (PRO Only)
    • SAML Integration Improvements:
      • You can now optionally specify a user realm source when deleting a user
        via the Users API
      • Administrators can also now delete cached authenticated SAML user
        records via user administration section in the Sonatype Nexus
        Repository user interface
      • If a user's IdP field mappings change, Nexus Repository now
        automatically updates the user’s profile to show the new values
    • Dependency Updates in 3.69.0:
      • org.bouncycastle: bcprov-jdk15to18 upgraded from 1.75 to 1.78.1
Assets 2
Loading