Sonatype Nexus 2.11.1 Release Notes
These notes are a compilation of new features and significant bug fixes for Sonatype Nexus 2.11.1.
See the complete release notes for all resolved issues.
Security Advisory: Directory Traversal
This release fixes a critical security issue. All Nexus instances should upgrade.
- [NEXUS-7731] Bug limit size of analytics event zip files at creation and submission performance
- [NEXUS-7739] Improvement capture generation time in analytics event-zip header.json as reference
- [NEXUS-7837] Bug ODirectMemoryViolationException: Negative offset was provided 500 error requesting npm metadata
- [NEXUS-7732] Bug Expiring item cache in Nuget proxy repositories causes them to auto-block frequently
- [NEXUS-7693] Bug Inconsistency in handling of repository targets for NuGet security
- [NEXUS-7699] Bug downloading specific versions of NuGet packages via Visual Studio package manager console fails
- [NEXUS-7774] Bug deadlock trying to read .meta/obr.xml after running task to merge metadata performance
- [NEXUS-7696] Bug "Logs (read)" privilege doesn't give access to /service/siesta/logging/log
- [NEXUS-7839] Bug Security Vulnerability: Directory Traversal security
- [NEXUS-7779] Bug NullPointerException in pom validator staging rule
- [NEXUS-7785] Improvement request.log should be able to print the Nexus authenticated userid
- [NEXUS-7646] Bug CLM server password is not removed from support tool zip configuration security
- [NEXUS-7800] Bug add configuration to set Secure flag on cookies security