Welcome to the Sonatype Support Knowledge Base

Announcements

• ★ New Spring Framework RCE Vulnerability (CVE-2021-22963, SONATYPE-2022-1764)
• ★ Scheduled Maintenance: Nexus IQ Data Services (HDS)
• ★ CVE-2021-44228 log4j Log4Shell Vulnerability
• ★ Sonatype Data Research supplies reserved CVE CVSS scores
• IQ vulnerability information contains the Root Cause
• codehaus.org Repositories Should Be Removed From Your Nexus Instance

See all 9 articles

Product Support Overview

• How do I attach files to my support ticket?
• How do I find my Nexus product license fingerprint?
• Sonatype Security Data Sources and Research Overview
• How to Create Sonatype Server Product Support Zip Bundles
• Sonatype Product Ideas Portal Help
• Sonatype Product Support FAQ

See all 8 articles

Security Advisories

• CVE-2022-27907 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2022-03-30
• CVE-2021-43961 Nexus Repository 3 - HTML Injection - 2022-03-02
• CVE-2021-43293 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2021-10-27
• CVE-2021-42568 Nexus Repository Manager 3 - Incorrect Access Control - 2021-10-27
• CVE-2021-40143 Nexus Repository 3 - HTTP Header Injection - 2021-09-01
• CVE-2021-37152 Nexus Repository 3 - Multiple Cross Site Scripting XSS - 2021-08-05

See all 40 articles

General Product Tips & How To

• How to install Nexus Pro instance using Sonatype helm3 chart
• Advanced Debugging of SMTP with Sonatype Server Products
• Nexus Repository or IQ Server fail to start or read product license on RedHat with FIPS enabled
• Azure AD SAML Integration with Nexus Applications
• Why do nuget push commands authenticate yet still return a 401 response code?
• Okta SAML integration with Nexus Applications

See all 27 articles

Apache Maven Tips & Troubleshooting

• maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found
• What are the requests that Maven 3.x sends when deploying artifacts?
• Configuring Maven HTTP Wagon Detailed Logging
• HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
• Maven deploys fail with Java 7, work with Java 6
• Maven deploy works using plain text password, but fails if encrypted

Nexus Repository Manager 3

General Tips & How To

• Starting NxRM as a service may result in a Karaf NullPointerException on start-up
• Increasing the LDAP Cache Timeout in Nexus Repo 3.6 and Higher
• How to Configure Credentials for GCR Proxy Repository
• nuget push Prompts for Credentials when Anonymous Access is not Enabled
• How can I change the number of days of Nexus Repository 3 audit logs retained?
• How to grant anonymous access to a specific repository?

See all 18 articles

Release Notes

• ★ Nexus Repository Manager 3 Latest Release Notes
• Download Nexus Repository Manager 3
• Nexus Repository Manager 3.5.0 Release Notes
• Nexus Repository Manager 3.4.0 Release Notes
• Nexus Repository Manager 3.3.2 Release Notes
• Nexus Repository Manager 3.3.1 Release Notes

See all 20 articles

Installation, Upgrade and Compatibility

• ★ How to install Nexus Pro using Nexus Operator in OpenShift
• How to resolve file blob store path warnings when upgrading to NXRM 3.29 or later
• Nexus Repository Manager 2.x to 3.y Migration Checklist
• Moving a Nexus Repo 3 Instance to a New Location
• Updating Java Version Used for Nexus Repository 3 on Windows
• Configuring network interface for Nexus HA-C with TCP/IP

See all 27 articles

Troubleshooting

• SocketTimeoutException connect timed out when accessing S3 buckets using S3 blobstores
• Too many open files processing elasticsearch translog files prevents startup
• Repository 3 Startup Fails Due to ConstraintViolationException Blob Store does not exist
• What does CacheInfo missing for ... assuming stale content mean?
• conan download Fails With 'Please enter a password'
• User with add Privilege Encounters "Not authorized for requested path" Attempting to Upload to a Repository

See all 52 articles

Development

• How can I convert a groovy script to JSON for REST API usage ?
• Script Parameters
• Groovy: Close those transactions, or else...
• Nexus 3 Groovy Script development environment setup

Nexus Repository Manager 2

Release Notes

• ★ Nexus Repository Manager 2 Release Notes Index
• Nexus Repository 2 Eclipse Jetty Version History
• Nexus Repository Manager 2.14.5 Release Notes
• Nexus Repository Manager 2.14.4 Release Notes
• Nexus Repository Manager 2.14.3 Release Notes
• Nexus Repository Manager 2.14.2 Release Notes

See all 23 articles

Getting Started

• Eclipse Jetty Changes in Repository 2.15.0
• Download Nexus Repository Manager 2
• Nexus Repository Manager Professional Download Archives
• Nexus Repository Manager OSS Download Archives
• What are the available Sonatype Nexus Repository Manager 2.x distributions and editions?
• Sonatype Nexus System Requirements

See all 23 articles

General Tips & How To

• How to configure HSTS in Nexus Repository 2
• Jenkins Publish Using Maven Coordinates from the pom.xml
• How to disable authentication dialogs for sensitive operations performed by RUT authenticated users
• Deleting a specific npm package version in Nexus Repository Manager 2.x
• How can I create private repositories in Nexus Repository Manager?
• How to Configure Request Header Authentication in Nexus with Apache

See all 53 articles

Smart Proxy

• Understanding Smart Proxy Connections
• How do I simulate Nexus Pro Smart Proxy performance benefits using Nexus OSS?
• Smart Proxy stops working after downgrade
• Basic Smart Proxy Troubleshooting
• Smart proxy: Resolving Unable to open keystore with provided password
• Can I use Nexus Smart Proxy Preemptive Fetch for replication?

See all 7 articles

Troubleshooting

• Problem: Proxy repository to secure.central.sonatype.com site is auto-blocked
• Reset and Compact NuGet package database
• 401 Unauthorized with npm client versions 5.0.0 to 5.0.3
• What do the repository manager 2.x status messages mean?
• Why does Nexus download npm packages from sites other than the configured remote URL?
• Ivy deploy fails intermittently with "java.io.IOException: Error writing to server"

See all 66 articles

Performance & Tuning

• WARN org.eclipse.jetty.io.nio - javax.net.ssl.SSLException: Received fatal alert: certificate_unknown log messages
• NuGet Performance Issue - Action Recommended
• Solving NuGet Query Performance Problems in Nexus Repo 2
• Can I use AJP protocol with Neuxs?
• Optimizing Nexus Disk IO Performance
• Increasing the LDAP Cache Size in Nexus Professional

See all 18 articles

Development

• What command line tools are available for Nexus?
• How do I add user interface elements to my Nexus plugin?
• How do I add a servlet filter to Nexus request processing?
• How do I create a security realm implementation?
• Uploading to a Staging Repository via REST API
• Migrating Nexus plugins from Plexus to JSR-330

See all 11 articles

Nexus IQ Server (Auditor, Firewall, and Lifecycle Solutions)

Advanced Component Intelligence

• Updating License Threat Groups in Bulk

Nexus IQ Server

• ★ Root Organization Best Practices
• ★ How do I download and install the Nexus IQ Server?
• Remediation recommendations don't load consistently
• How can I find the list of applications affected by a vulnerability?
• What are "Sonatype" vulnerability IDs?
• How to mark all files that start with a certain pattern as proprietary?

See all 63 articles

Application Health Check

• Nexus Vulnerability Scanner FAQ

Previously Supported Products

• How do I migrate a CLM 1.5 application policy to a CLM 1.6 organization policy
• Trouble viewing reports in Sonatype CLM for CI after 1.7 upgrade?
• How can I free up space used by the Sonatype CLM Server (1.7 or earlier)?