Sonatype Nexus 2.11.2 Release Notes
These notes are a compilation of new features and significant bug fixes for Sonatype Nexus 2.11.2.
See the complete release notes for all resolved issues.
2.11.2-06 - Mar. 16, 2015
Nexus 2.11.2-03 users should upgrade - see our article for more information.
- includes scheduled task
Reconcile Repository Checksumsthat fixes bad checksums created by NEXUS-8221
2.11.2-04 - Mar. 6, 2015
- includes critical preventative fix for NEXUS-8221 - Bug metadata generation creates incorrect md5 / sha1
2.11.2-03 - Feb. 23, 2015
- initial 2.11.2 public release
New and Noteworthy
Session Cookie Name Change
To help avoid conflicts with other web applications, the session cookie name required by the Nexus user interface has changed from
NXSESSIONID. The cookie name is now configurable in case you need to revert this change.
Session Cookie Secure Attribute Set Dynamically
If Nexus detects that the inbound request originates over HTTPS, then Nexus now sets the Secure flag on the session cookie. If you have problems with web browser sessions when a server other than Nexus handles the secure connection, then make sure your fronting server is sending Nexus the
X-Forwarded-Proto: https header value. See our book for reverse proxy configuration advice.
Attribute File Access Is Now Blocked By Default
Nexus now blocks HTTP access to paths which include the special storage directory
.nexus/attributes . Customers should avoid relying on direct access of attributes files. Some customers may have relied on accessing these files over HTTP to work around rare problems. In cases where access to these files are still required, we have an article which explains how to restore access.
npm Repository Scheduled Tasks Added
Two new scheduled tasks have been added for npm repositories -
Backup npm metadata database and
Rebuild hosted npm metadata. We advise that users of Hosted npm Repositories consider scheduling the backup task.
Java 8 Official Support
Nexus has worked well with Java 8 since version 2.10. In preparation for the end of Oracle public updates for Java 7, we have updated our complete build and testing infrastructure to ensure Java 8 remains a solid platform on which to run Nexus. [NEXUS-7330]
- [NEXUS-7808] Bug non-snapshot versions containing SNAPSHOT can bypass a release repository Deployment Policy
- [NEXUS-7974] Task Update NPM plugin to use OrientDB 2.0
- [NEXUS-7835] Improvement provide a scheduled task to rebuild the npm metadata from storage data for hosted repositories
- [NEXUS-8072] Improvement provide a scheduled task to backup npm metadata
- [NEXUS-7873] Bug org.jacoco:org.jacoco.report:0.6.2.201302030002 produces OBR metadata which cannot be parsed by felix 4.4.1
- [NEXUS-7881] Improvement allow nexus 2.x to load outreach content by version,edition and user
- [NEXUS-7915] Improvement support proxying maven.oracle.com
- [NEXUS-7933] Bug Delete repository does not work if trash and repository directories are on different file systems
- [NEXUS-7850] Improvement Ban content which could be interpreted as a "link" to be uploaded or downloaded
- [NEXUS-7834] Bug Nexus allows direct access to trash directory through content URL's. security
- [NEXUS-7903] Bug resuming downloads for unsatisfiable Range should respond with 416 or 200 instead of 206
- [NEXUS-7650] Technical Debt Upgrade to Apache Tika 1.7 for better mime detection
- [NEXUS-8058] Improvement block access to .nexus/attributes files by default
- [NEXUS-7929] Bug maven site deployments with .. in paths fail
- [NEXUS-7927] Bug Deletion of ruby gems via REST fails on Windows
- [NEXUS-6246] Bug Checksum search fails after repair index task is run
- [NEXUS-7889] Bug RUT Auth does not work for /content URL's
- [NEXUS-7882] Bug /service/local/authentication/logout should ask the user-agent to delete the session cookie
- [NEXUS-5830] Bug /service/local/status resource creates http sessions
- [NEXUS-7880] Improvement change the default Nexus session cookie name
- [NEXUS-7879] Improvement generate dynamic Secure parameterized cookies based on HttpServletRequest.isSecure()
- [NEXUS-7877] Improvement prevent nexus from sending rememberMe=deleteme cookie
- [NEXUS-7878] Improvement prevent restlet resources from sending duplicate Date and Server headers
- [NEXUS-3540] Bug Copyright date in "Help/About" needs to be updated