Welcome to the Sonatype Support Knowledge Base
Announcements
- ★ codehaus.org Repositories Should Be Removed From Your Nexus Instance
- ★ Sonatype Data Research supplies reserved CVE CVSS scores
- IQ vulnerability information contains the Root Cause
- Commons-collections unintended execution in deserialization
- Spring-core unintended code execution in deserialization
- OpenSSL Heartbleed bug and Sonatype
Product Support Overview
- ★ Nexus Repository Manager Feature Compatibility Matrix
- Sonatype Security Data Sources and Research Overview
- Support Ticket Best Practices
- Sonatype Product Ideas Portal Help
- Sonatype Product and Solutions Overview
- Sonatype Product Support FAQ
Security Advisories
- CVE-2020-10203 Nexus Repository Manager 3 - Cross Site Scripting XSS - 2020-03-31
- CVE-2020-10204 Nexus Repository Manager 3 - Remote Code Execution - 2020-03-31
- CVE-2020-10199 Nexus Repository Manager 3 - Remote Code Execution - 2020-03-31
- CVE-2019-16530 Nexus Repository Manager 2 & 3, and Nexus IQ Server - Remote Code Execution - 2019-09-19
- CVE-2019-15893 Nexus Repository Manager 2 - Remote Code Execution - 2019-09-03
- CVE-2019-5475 & sonatype-2019-0429 (CVE-2019-15588) Nexus Repository Manager 2 - OS Command Injection - 2019-08-09
General Product Tips & How To
- Central 501 HTTPS Required
- Sonatype Docker image security cryptographic standards may affect outbound TLS connections
- How to generate a HAR for Nexus Repository Manager and IQ Server UI issues
- How to Make Proxy Repositories Act Like Hosted Repositories
- How to resolve CertificateException: No subject alternative DNS name matching for LDAP secure connections
- Protect Sonatype Server Products against Weak Diffie-Hellman Keys and Logjam
Apache Maven Tips & Troubleshooting
- maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found
- What are the requests that Maven 3.x sends when deploying artifacts?
- Configuring Maven HTTP Wagon Detailed Logging
- HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
- Maven deploys fail with Java 7, work with Java 6
- Maven deploy works using plain text password, but fails if encrypted
Nexus Repository Manager 3
General Tips & How To
- Scripting Nexus Repository Manager 3
- How do I determine which repository manager is being referenced by the ID shown in the Repositories list in IQ Server?
- How to configure HSTS in NXRM 3
- Can I enable anonymous access to Nexus IQ Server component details in Nexus Repository Manager?
- How to Restrict Access to Nexus Repo 3 by IP Address
- What is the difference between "add" and "edit" privileges for repositories?
Release Notes
- ★ Nexus Repository Manager 3 Latest Release Notes
- Download Nexus Repository Manager 3
- Nexus Repository Manager 3.5.0 Release Notes
- Nexus Repository Manager 3.4.0 Release Notes
- Nexus Repository Manager 3.3.2 Release Notes
- Nexus Repository Manager 3.3.1 Release Notes
Installation, Upgrade and Compatibility
- Nexus Repository Manager 2.x to 3.y Migration Checklist
- How to Redirect HTTP requests to HTTPS?
- Moving a Nexus Repo 3 Installation to a New Location
- Updating Java for Nexus 3 on Windows
- Configuring network interface for Nexus HA-C with TCP/IP
- Performing an Orderly HA-C Shutdown
Troubleshooting
- How to rebuild the Admin - Compact blobstore deletions index file if soft-deleted blobs are orphaned
- Every time Nexus Repo 3 is restarted it asks to have the license installed
- How to generate native blobstore blob path from a blob ID
- maven-deploy-plugin version 3.0.0-M1 deploy fails with 401 ReasonPhrase: Unauthorized
- Every time Nexus Repository Pro 3.x starts on a Linux server it loses its license
- What is the jvm.log?
Development
Nexus Repository Manager 2
Release Notes
- ★ Nexus Repository Manager 2 Release Notes Index
- Nexus Repository Manager 2.14.5 Release Notes
- Nexus Repository Manager 2.14.4 Release Notes
- Nexus Repository Manager 2.14.3 Release Notes
- Nexus Repository Manager 2.14.2 Release Notes
- Nexus Repository Manager 2.14.1 Release Notes
Getting Started
- Download Nexus Repository Manager 2
- Nexus Repository Manager Professional Download Archives
- Nexus Repository Manager OSS Download Archives
- What are the available Sonatype Nexus Repository Manager 2.x distributions and editions?
- Sonatype Nexus System Requirements
- Nexus Pro Trial Edition vs. Nexus Professional Full Edition
General Tips & How To
- Jenkins Publish Using Maven Coordinates from the pom.xml
- How to disable authentication dialogs for sensitive operations performed by RUT authenticated users
- Deleting a specific npm package version in Nexus Repository Manager 2.x
- How can I create private repositories in Nexus Repository Manager?
- How to Configure Request Header Authentication in Nexus with Apache
- What approach should I use to restrict access to artifacts in Nexus?
Troubleshooting
- Problem: Proxy repository to secure.central.sonatype.com site is auto-blocked
- Reset and Compact NuGet package database
- Understanding Smart Proxy Connections
- 401 Unauthorized with npm client versions 5.0.0 to 5.0.3
- What do the repository manager 2.x status messages mean?
- Why does Nexus download npm packages from sites other than the configured remote URL?
Performance & Tuning
- WARN org.eclipse.jetty.io.nio - javax.net.ssl.SSLException: Received fatal alert: certificate_unknown log messages
- Setting Advanced LDAP Connection Properties in Nexus Repository Manager
- NuGet Performance Issue - Action Recommended
- Solving NuGet Query Performance Problems
- Can I use AJP protocol with Neuxs?
- How do I simulate Nexus Pro Smart Proxy performance benefits using Nexus OSS?
Development
- What command line tools are available for Nexus?
- How do I add user interface elements to my Nexus plugin?
- How do I add a servlet filter to Nexus request processing?
- How do I create a security realm implementation?
- Uploading to a Staging Repository via REST API
- How to retrieve a user token from Nexus using REST
Nexus IQ Server (Auditor, Firewall, and Lifecycle Solutions)
Nexus IQ Server
- ★ Root Organization Best Practices
- ★ How do I download and install the Nexus IQ Server?
- How to Determine Which Outbound Connection TLS Truststore is Used by IQ Server
- How to Determine Which Java is Used by IQ Server?
- Upgrade to IQ Server Release 73 fails due to IllegalArgumentException: timeNanos out of range
- 04/22/19 New Licenses and Updates to Default License Threat Groups (LTGs)