Announcements
- New Spring Framework RCE Vulnerability (CVE-2021-22963, SONATYPE-2022-1764)
- Scheduled Maintenance: Sonatype Nexus Lifecycle IQ Data Services (HDS)
- CVE-2021-44228 log4j Log4Shell Vulnerability
- IQ Server vulnerability information contains the Root Cause
- codehaus.org Repositories Should Be Removed From Your Nexus Repository Instance
- Commons-collections unintended execution in deserialization
Product Support Overview
- How do I attach files to my support ticket?
- How do I find my Nexus product license fingerprint?
- Sonatype Security Data Sources and Research Overview
- How to Create Sonatype Server Product Support Zip Bundles
- Sonatype Product Ideas Portal Help
- Sonatype Product Support FAQ
Security Advisories
- CVE-2022-27907 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2022-03-30
- CVE-2021-43961 Nexus Repository 3 - HTML Injection - 2022-03-02
- CVE-2021-43293 Nexus Repository 3 - Server Side Request Forgery (SSRF) - 2021-10-27
- CVE-2021-42568 Nexus Repository 3 - Incorrect Access Control - 2021-10-27
- CVE-2021-40143 Nexus Repository 3 - HTTP Header Injection - 2021-09-01
- CVE-2021-37152 Nexus Repository 3 - Multiple Cross Site Scripting XSS - 2021-08-05
General Product Tips & How To
- How to migrate IQ from embedded DB to external postgresql DB on k8s platform
- How to install Nexus IQ instance using Sonatype helm3 chart
- How to install Nexus Pro instance using Sonatype helm3 chart
- Advanced Debugging of SMTP with Sonatype Server Products
- Nexus Repository or Sonatype IQ Server fail to start or read product license on RedHat with FIPS enabled
- Entra ID (FKA Azure AD) SAML Integration with Sonatype Platform
Apache Maven Tips & Troubleshooting
- maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found
- What are the requests that Maven 3.x sends when deploying artifacts?
- Configuring Maven HTTP Wagon Detailed Logging
- HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
- Maven deploys fail with Java 7, work with Java 6
- Maven deploy works using plain text password, but fails if encrypted