Nexus Repository Manager 3.3 Release Notes

Nexus Repository Manager 3.3 Release Notes

These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 3.3.

See the complete release notes for all resolved issues.

New and Noteworthy

Git LFS Support

Nexus Repository is first to market with free support for Git LFS.

Downloading or sharing large binary files, such as videos, images, audio recordings, and database files, can slow down the development process and negatively impact the performance of a DevOps tool chain. By managing these components in Nexus Repository, organizations can save time and benefit from increased availability, ease of file sharing, and the ability to better control access to Git LFS components.

Nexus Repository lets you store all of your software binaries, including Git LFS in a single location. With the introduction of Git LFS support, Nexus Repository now offers free support for eight components formats, including: Java, npm, NuGet, RubyGems, PyPI, Bower, and Docker.

Once you give our Git LFS support a try, we would love to hear how this feature works for you. Let us know at nexus-feedback@sonatype.com.

Repository Health Check Revamped!

We’ve made a significant overhaul to how Repository Health Check (RHC) works. Our goal was to make it easier for repository administrators to not just understand, but to improve the health of their repositories over time.

RHC now shows the top five components in need of remediation, prioritized by the severity and impact of the vulnerability. It also provides download trends to help you understand how the health of your repositories is changing over time.

image00.png

If you are using Nexus Repository and have not yet turned on the RHC feature, start today. What’s the urgency? Perhaps you have not read the 2016 State of the Software Supply Chain Report that indicated 1 in 16 open source components downloads has a known security vulnerability. It’s time to know what’s in your repo.

Browsing and Proxy Repository Performance Issues Squashed

We continue to squash performance issues as they surface. This release includes some significant fixes that were affecting proxy repository cache throughput and Browse UI rendering. Try this new release - you should notice immediate gains in performance especially in these areas.

We are working some known issues with Search performance and we hope to have these rectified soon.

Upgrade Improvements and Requirements

If you’re upgrading to 3.3 from Nexus Repository 2.x, you must first upgrade your installation to 2.14.4.

We've corrected an issue where the upgrade process could fail if it encountered invalid or corrupt NuGet components in the 2.x repository.

We’ve also tightened the validation of proxy repository configuration to prevent blank or invalid remote repository URLs. Before upgrading to 3.3.0 from 3.2.1 or earlier, please ensure that your proxy repository remote URLs are valid.

General Improvements

Blobstore

  • [ NEXUS-12496] Bug FileBlobStore error handling makes it impossible to see what blob causes a runtime exception
  • [ NEXUS-12676] Bug BlobStoreException should implement toString() to facilitate better exception messages
  • [ NEXUS-10540] Bug BlobStoreManagerImpl is not thread-safe

Browse Storage

  • [ NEXUS-12678] Bug Browse assets or components user interface slow to respond performance
  • [ NEXUS-12360] Improvement expose blob created and updated dates to avoid confusion with last updated date

Capabilities

  • [ NEXUS-10621] Bug DefaultCapabilityRegistry is not thread-safe

Configuration,UI

  • [ NEXUS-12285] Bug Remote Storage URL should be a required for proxy repository configuration

Crowd

  • [ NEXUS-12404] Bug Crowd cache entries do not expire properly

Database

  • [ NEXUS-12040] Bug Faulty handling of query timeouts in OrientAsyncHelper.QueueConsumingIterable
  • [ NEXUS-11972] Bug JobStoreImpl should skip over malformed records to allow nexus to start

Documentation

  • [ NEXUS-12255] Bug book mentions upgrade options that are not available

git-lfs

LDAP

  • [ NEXUS-12020] Bug LDAP cache entries do not expire properly
  • [ NEXUS-10533] Bug EnterpriseLdapManager is not thread-safe
  • [ NEXUS-12250] Bug "Generic LDAP Server" UI configuration template should not have password attribute set by default

Logging

  • [ NEXUS-12242] Bug repository requests to paths containing certain characters may fail with status 500 "Illegal character in path at index"
  • [ NEXUS-12334] Bug Log spam when a user's session expires while viewing the repositories UI

Maven2

  • [ NEXUS-12355] Bug MavenModels throws an IOException when attempting to parse an empty InputStream

Migration

  • [ NEXUS-12081] Bug Upgrade never completes if source repository has zero length files in it

NPM,Security

  • [ NEXUS-11965] Bug npm install fails with 500 error when user has Group level privileges

Migration,NuGet

  • [ NEXUS-12483] Bug invalid nexus 2.x NuGet repository files will cause nexus 3.x upgrade to fail with NullPointerException

NuGet

  • [ NEXUS-12337] Bug NuGet queries against asset attributes can be slow due to non-optimized indexes performance
  • [ NEXUS-12338] Bug query parameter names for NuGet search requests are not case-insensitive
  • [ NEXUS-12484] Bug targetFramework attribute in NuGet nuspec file is rendered as Unsupported

Proxy Repository

  • [ NEXUS-12677] Bug proxy repository default negative cache size is too low to be effective performance
  • [ NEXUS-10059] Bug 404 response from Nexus 2 proxying Nexus 3 due to auto-routing

Repository,Transport

  • [ NEXUS-12077] Bug Auto-blocked proxy repository logs gigantic stack trace, doesn't say what was blocked, or why
  • [ NEXUS-12527] Bug Nexus will not deliver files from the on-disk cache of a proxy repository if their metadata/artifact max age has expired and the remote is not reachable performance

Repository

  • [ NEXUS-10503] Bug RepositoryManagerImpl is not thread-safe

Repository Health Check

  • [ NEXUS-12645] Improvement make the Repository Health Check summary useful for discovering vulnerable components
  • [ NEXUS-12367] Bug UI Danger error message when enabling RHC on a Maven Snapshot Repo.

Scheduled Tasks

  • [ NEXUS-12481] Bug NullPointerException while rebuilding maven metadata if database operations timeout

Security

  • [ NEXUS-11238] Bug Repository View - Browse permission grants too much access security
  • [ NEXUS-12852] Bug certain responses may print absolute file system paths in the response

SSL

  • [ NEXUS-10477] Bug SSL key/trust store is not thread-safe

Support Tools

  • [ NEXUS-11190] Bug java.nio.file.NoSuchFileException for inaccessible mounts prevents support zip generation

UI

  • [ NEXUS-12091] Bug HTTP Proxy host name setting accepts invalid characters such as space which can prevent server start
  • [ NEXUS-12673] Improvement display given roles in alphabetical order by name instead of arbitrary order compatibility
  • [ NEXUS-12535] Bug Manage Privileges search dialog loses cursor focus
  • [ NEXUS-10774] Bug the icon to collapse user interface feature menu can be easily confused for a back navigation button
  • [ NEXUS-12693] Bug Create wildcard privilege form does not redirect to list view on success

User Token

  • [ NEXUS-11231] Bug Require User Token setting not enforced security
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk