Welcome to the Sonatype Support Knowledge Base
Announcements
- ★ New Spring Framework RCE Vulnerability (CVE-2021-22963, SONATYPE-2022-1764)
- ★ Scheduled Maintenance: Nexus IQ Data Services (HDS)
- ★ CVE-2021-44228 log4j Log4Shell Vulnerability
- IQ Server vulnerability information contains the Root Cause
- codehaus.org Repositories Should Be Removed From Your Nexus Repository Instance
- Commons-collections unintended execution in deserialization
Product Support Overview
- How do I attach files to my support ticket?
- How do I find my Nexus product license fingerprint?
- Sonatype Security Data Sources and Research Overview
- How to Create Sonatype Server Product Support Zip Bundles
- Sonatype Product Ideas Portal Help
- Sonatype Product Support FAQ
Security Advisories
- CVE-2022-27907 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2022-03-30
- CVE-2021-43961 Nexus Repository 3 - HTML Injection - 2022-03-02
- CVE-2021-43293 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2021-10-27
- CVE-2021-42568 Nexus Repository 3 - Incorrect Access Control - 2021-10-27
- CVE-2021-40143 Nexus Repository 3 - HTTP Header Injection - 2021-09-01
- CVE-2021-37152 Nexus Repository 3 - Multiple Cross Site Scripting XSS - 2021-08-05
General Product Tips & How To
- How to migrate IQ from embedded DB to external postgresql DB on k8s platform
- How to install Nexus IQ instance using Sonatype helm3 chart
- How to install Nexus Pro instance using Sonatype helm3 chart
- Advanced Debugging of SMTP with Sonatype Server Products
- Nexus Repository or Sonatype IQ Server fail to start or read product license on RedHat with FIPS enabled
- Azure AD SAML Integration with Sonatype Platform
Apache Maven Tips & Troubleshooting
- maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found
- What are the requests that Maven 3.x sends when deploying artifacts?
- Configuring Maven HTTP Wagon Detailed Logging
- HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
- Maven deploys fail with Java 7, work with Java 6
- Maven deploy works using plain text password, but fails if encrypted
Sonatype Nexus Repository 3
General Tips & How To
- How to know a repository's elastic search index value
- How to install Nexus IQ on EKS with EBS volume
- How to migrate Nexus from embedded database to external postgres DB on kubernetes platform
- Starting Nexus Repository 3 as a service may result in a Karaf NullPointerException on start-up
- Increasing the LDAP Cache Timeout in Nexus Repo 3.6 and Higher
- How to Configure Credentials for a Proxy Repository to Google Container or Artifact Registry (GCR)
Installation, Upgrade and Compatibility
- ★ How to install Nexus Pro using Nexus Operator in OpenShift
- Slow search performance with Postgres after upgrading to Nexus Repository 3.44.0+ in HA Preview
- How to resolve file blob store path warnings when upgrading to Nexus Repository 3.29 or later
- Nexus Repository 2 to 3 Migration Checklist
- Moving a Nexus Repo 3 Instance to a New Location
- Updating Java Version Used for Nexus Repository 3 on Windows
Troubleshooting
- Attachments
- SocketTimeoutException connect timed out when accessing S3 buckets using S3 blobstores
- Too many open files processing elasticsearch translog files prevents startup
- Nexus Repository 3 Startup Fails Due to ConstraintViolationException Blob Store does not exist
- What does "CacheInfo missing for ... assuming stale content" mean?
- conan download Fails With "Please enter a password"
Development
Nexus Repository Manager 2
Release Notes
Getting Started
- Eclipse Jetty Changes in Nexus Repository 2.15.0
- Download Nexus Repository Manager 2
- Nexus Repository 2 Professional Download Archives
- Nexus Repository Manager OSS Download Archives
- Sonatype Nexus System Requirements
- Nexus Repository 2 Pro Trial Edition vs. Nexus Repository 2 Professional Full Edition
General Tips & How To
- How to configure HSTS in Nexus Repository 2
- How to disable authentication dialogs for sensitive operations performed by RUT authenticated users
- Deleting a specific npm package version in Nexus Repository 2
- How can I create private repositories in Nexus Repository?
- How to Configure Request Header Authentication with Apache
- Can I make the Nexus Repository 2 installation directory read only?
Smart Proxy
- Understanding Smart Proxy Connections
- How do I simulate Nexus Repository 2 Pro Smart Proxy performance benefits using OSS?
- Smart Proxy stops working after downgrade
- Basic Smart Proxy Troubleshooting
- Smart proxy: Resolving Unable to open keystore with provided password
- Can I use Nexus Smart Proxy Preemptive Fetch for replication?
Troubleshooting
- Problem: Proxy repository to secure.central.sonatype.com site is auto-blocked
- Reset and Compact NuGet package database
- What do the Nexus Repository 2 status messages mean?
- Why does Nexus download npm packages from sites other than the configured remote URL?
- Ivy deploy fails intermittently with "java.io.IOException: Error writing to server"
- Nexus Repository 2.12.0-01 RubyGems plugin rollup patch
Performance & Tuning
- WARN org.eclipse.jetty.io.nio - javax.net.ssl.SSLException: Received fatal alert: certificate_unknown log messages
- NuGet Performance Issue - Action Recommended
- Solving NuGet Query Performance Problems in Nexus Repo 2
- Can I use AJP protocol with Neuxs Repository 2?
- Optimizing Nexus Repository 2 Disk IO Performance
- Increasing the LDAP Cache Size in Nexus Repository 2 Professional
Development
- How do I add user interface elements to my Nexus Repository plugin?
- How do I add a servlet filter to Nexus Repository 2 request processing?
- How do I create a security realm implementation?
- Uploading to a Nexus Repository 2 Staging Repository via REST API
- Migrating Nexus Repository 2 plugins from Plexus to JSR-330
- Staging: How to find where a staging repository is promoted to using REST
Sonatype IQ Server (Auditor, Firewall, and Lifecycle Solutions)
Advanced Component Intelligence
Sonatype IQ Server
- ★ How do I download and install the Sonatype IQ Server?
- Remediation recommendations don't load consistently
- How can I find the list of applications affected by a vulnerability?
- What are "Sonatype" vulnerability IDs?
- How to mark all files that start with a certain pattern as proprietary?
- New Uploaded Components are not Quarantined by Proprietary Name Conflict Policy