Welcome to the Sonatype Support Knowledge Base
Announcements
- ★ codehaus.org Repositories Should Be Removed From Your Nexus Instance
- ★ Sonatype Data Research supplies reserved CVE CVSS scores
- IQ vulnerability information contains the Root Cause
- Commons-collections unintended execution in deserialization
- Spring-core unintended code execution in deserialization
- OpenSSL Heartbleed bug and Sonatype
Product Support Overview
Security Advisories
- CVE-2020-29436 Nexus Repository Manager 3 and Nexus IQ Server - XML External Entities injection - 2020-12-15
- CVE-2020-13933 Nexus Repository Manger 2 & 3 - Shiro Authentication Bypass - 2020-10-15
- CVE-2020-24622 Nexus Repository Manager 3 - Sensitive Information Disclosure - 2020-09-15
- CVE-2020-15868 Nexus Repository Manager 3 - Access Controls Bypass - 2020-08-11
- CVE-2020-15871 Nexus Repository Manager 3 - Remote Code Execution - 2020-07-29
- CVE-2020-15870 Nexus Repository Manager 3 - Reflection XSS - 2020-07-29 See all 30 articles
General Product Tips & How To
- Why do nuget push commands authenticate yet still return a 401 response code?
- SAML integration for Nexus Repository Manager Pro 3 and Nexus IQ Server with Keycloak
- Error during SSO login "Authentication failed due to SAML error" after upgrading Repository Manager 3 or IQ Server
- SAML integration for Nexus Repository Manager Pro 3 and Nexus IQ Server with Auth0
- How to Install a Sonatype License File (.lic)
- 401 Content access is protected by token when accessing repositories See all 19 articles
Apache Maven Tips & Troubleshooting
- maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found
- What are the requests that Maven 3.x sends when deploying artifacts?
- Configuring Maven HTTP Wagon Detailed Logging
- HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
- Maven deploys fail with Java 7, work with Java 6
- Maven deploy works using plain text password, but fails if encrypted