Announcements
- PostgreSQL Index Corruption - "duplicate key violation" errors
- Sonatype Data Services (HDS) Regularly Scheduled Maintenance
- IQ Server vulnerability information contains the Root Cause
- codehaus.org Repositories Should Be Removed From Your Nexus Repository Instance
- Commons-collections unintended execution in deserialization
- Spring-core unintended code execution in deserialization
Product Support Overview
- How to Pre-fill the Sonatype Support Ticket Form
- How do I attach files to my support ticket?
- How do I find my Sonatype product license fingerprint?
- Sonatype Security Data Sources and Research Overview
- How to Create Sonatype Server Product Support Zip Bundles
- Sonatype Product Ideas Portal Help
Security Advisories
- CVE-2024-4956 Nexus Repository 3 - Path Traversal - 2024-05-16
- CVE-2024-5764 - Nexus Repository Manager 3 - Static hard-coded encryption passphrase used by default - 2024-10-17
- CVE-2024-5082 Nexus Repository 2 - Remote Code Execution
- CVE-2024-5083 Nexus Repository 2 - Stored XSS Vulnerability
- Mitigations for CVE-2024-4956 Nexus Repository 3 Vulnerability
- CVE-2024-1142 Sonatype IQ Server Path Traversal- 2024-03-06
General Product Tips & How To
- How do I disable the Server Response Header?
- SHA-1 certificate signing support in Docker images
- What is an uber jar?
- How to Find the Sonatype Nexus Repository Product Version
- How to migrate IQ from embedded DB to external postgresql DB on k8s platform
- How to install Nexus IQ instance using Sonatype helm3 chart
Apache Maven Tips & Troubleshooting
- maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found
- What are the requests that Maven 3.x sends when deploying artifacts?
- Configuring Maven HTTP Wagon Detailed Logging
- HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
- Maven deploys fail with Java 7, work with Java 6
- Maven deploy works using plain text password, but fails if encrypted