Sonatype Nexus 2.11.1 Release Notes

Sonatype Nexus 2.11.1 Release Notes

These notes are a compilation of new features and significant bug fixes for Sonatype Nexus 2.11.1.

See the complete release notes for all resolved issues.

Security Advisory: Directory Traversal

This release fixes a critical security issue. All Nexus instances should upgrade.

Details about this vulnerability can be found here.

General Improvements


  • [NEXUS-7731] Bug limit size of analytics event zip files at creation and submission performance
  • [NEXUS-7739] Improvement capture generation time in analytics event-zip header.json as reference


  • [NEXUS-7837] Bug ODirectMemoryViolationException: Negative offset was provided 500 error requesting npm metadata


  • [NEXUS-7732] Bug Expiring item cache in Nuget proxy repositories causes them to auto-block frequently
  • [NEXUS-7693] Bug Inconsistency in handling of repository targets for NuGet security
  • [NEXUS-7699] Bug downloading specific versions of NuGet packages via Visual Studio package manager console fails


  • [NEXUS-7774] Bug deadlock trying to read .meta/obr.xml after running task to merge metadata performance


  • [NEXUS-7696] Bug "Logs (read)" privilege doesn't give access to /service/siesta/logging/log
  • [NEXUS-7839] Bug Security Vulnerability: Directory Traversal security


  • [NEXUS-7779] Bug NullPointerException in pom validator staging rule

Support Tools

  • [NEXUS-7785] Improvement request.log should be able to print the Nexus authenticated userid
  • [NEXUS-7646] Bug CLM server password is not removed from support tool zip configuration security


  • [NEXUS-7800] Bug add configuration to set Secure flag on cookies security
Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk