Welcome to the Sonatype Support Knowledge Base
Announcements
- ★ codehaus.org Repositories Should Be Removed From Your Nexus Instance
- ★ Sonatype Data Research supplies reserved CVE CVSS scores
- IQ vulnerability information contains the Root Cause
- Commons-collections unintended execution in deserialization
- Spring-core unintended code execution in deserialization
- OpenSSL Heartbleed bug and Sonatype
Product Support Overview
Security Advisories
- CVE-2019-16530 - Nexus Repository Manager 2 & 3, and Nexus IQ Server - Remote Code Execution - 2019-09-19
- CVE-2019-15893 Nexus Repository Manager 2 - Remote Code Execution - 2019-09-03
- CVE-2019-5475 & sonatype-2019-0429 (CVE-2019-15588) Nexus Repository Manager 2 - OS Command Injection - 2019-08-09
- CVE-2019-14469 Nexus Repository Manager 3 - Cross Site Scripting XSS - 2019-07-26
- CVE-2019-11629 Nexus Repository Manager 2 - Cross Site Scripting XSS - 2019-05-02
- CVE-2019-7238 Nexus Repository Manager 3 - Missing Access Controls and Remote Code Execution - 2019-02-05 See all 16 articles
General Product Tips & How To
- Sonatype Docker image security cryptographic standards may affect outbound TLS connections
- How to Make Proxy Repositories Act Like Hosted Repositories
- How to resolve CertificateException: No subject alternative DNS name matching for LDAP secure connections
- Protect Sonatype Server Products against Weak Diffie-Hellman Keys and Logjam
- SSL Certificate Guide
- Accessing Sonatype Nexus Private Development Repository
Apache Maven Tips & Troubleshooting
- maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found
- What are the requests that Maven 3.x sends when deploying artifacts?
- Configuring Maven HTTP Wagon Detailed Logging
- HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
- Maven deploys fail with Java 7, work with Java 6
- Maven deploy works using plain text password, but fails if encrypted