Nexus Repository Manager 2.12.1 Release Notes

Nexus Repository Manager 2.12.1 Release Notes

These notes are a compilation of new features and significant bug fixes for Nexus Repository Manager 2.12.1.

See the complete release notes for all resolved issues.

New and Noteworthy

Repository Health Check (RHC) analysis support for npm repositories

Sonatype is pleased to expand support for health analysis of your proxy repository npm packages sourced from the official npm registry . Data available at this time includes identity and vulnerability information. We will continue to expand our support to include more data and other repository formats. (NEXUS-9854)

RubyGems Improvements

We fixed some important issues affecting RubyGems repositories users and encourage everyone using Rubygems with Nexus to upgrade.

Nexus UI XSS Vulnerabilities Squashed

A recent security audit discovered some Cross Site Scripting vulnerabilities in versions of Nexus from 2.8.1 to 2.12.0. While there are no known exploits of these vulnerabilities, Sonatype recommends upgrading to Nexus 2.12.1 to minimize the risk to your Nexus instance. (NEXUS-9893)

General Improvements

Build Tooling,UI

  • [NEXUS-9774] Bug UI javascript files are not compressed/minimized

LDAP

  • [NEXUS-9541] New Feature allow setting java.naming.referral for LDAP connections performance

Licensing,UI

  • [NEXUS-9730] Improvement licensing UI should show distinction between recent connections and total licensed users

Logging

  • [NEXUS-9785] Bug Nexus startup no longer logs the edition

NPM

  • [NEXUS-9573] Bug all proxied repository items should have "remoteUrl" attribute set
  • [NEXUS-9786] Bug IllegalArgumentException Tar does not contains /package.json rebuilding metadata for some npm packages

NPM,Scheduled Tasks

  • [NEXUS-9856] Bug running rebuild npm hosted metadata scheduled task can change repository value

Performance,Repository

  • [NEXUS-9612] Bug better protect against conflicting simultaneous deploys of the exact same file performance

REST

  • [NEXUS-9790] Bug REST client JerseyArtifactMaven does not properly handle packaging parameter

Repository Health Check

  • [NEXUS-9854] New Feature Repository Health Check (RHC) analysis support for npm repositories

RubyGems

  • [NEXUS-9618] Bug rubygems proxy repository not found cache not consulted performance
  • [NEXUS-9705] Bug expire cache task on rubygems repositories may lead to /api/v1/dependecies api performance degradation performance
  • [NEXUS-9637] Bug rubygems proxy repository does not respect Artifact Max Age for gem files performance
  • [NEXUS-9551] Bug installing gems with long dependency chains can trigger IOException File name too long

Security

  • [NEXUS-9636] Bug revert Basic auth realm name change introduced in 2.12.0

Security,Staging

  • [NEXUS-9634] Bug /service/local/staging/bulk/promote resource does not check drop privilege

Staging,Yum

  • [NEXUS-9439] Bug deadlock between mergeropo and staging promotion

Yum

  • [NEXUS-9652] Bug xml:base URL in proxied yum metadata files is not rewritten
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk