Announcements
- PostgreSQL Index Corruption - "duplicate key violation" errors
- Sonatype Data Services (HDS) Regularly Scheduled Maintenance
- IQ Server vulnerability information contains the Root Cause
- codehaus.org Repositories Should Be Removed From Your Nexus Repository Instance
- Commons-collections unintended execution in deserialization
- Spring-core unintended code execution in deserialization
Product Support Overview
- Sonatype Product Support FAQ
- Sonatype Product Ideas Portal Help
- How to Create Sonatype Server Product Support Zip Bundles
- Sonatype Security Data Sources and Research Overview
- How do I find my Sonatype product license fingerprint?
- How do I attach files to my support ticket?
Security Advisories
- CVE-2024-4956 Nexus Repository 3 - Path Traversal - 2024-05-16
- CVE-2020-24622 Nexus Repository 3 - Sensitive Information Disclosure - 2020-09-15
- CVE-2020-13933 Nexus Repository 2 & 3 - Shiro Authentication Bypass - 2020-10-15
- CVE-2020-29436 Nexus Repository 3 and IQ Server - XML External Entities injection - 2020-12-15
- CVE-2021-29159 Nexus Repository Manager 3 - Cross Site Scripting XSS
- CVE-2021-29158 Nexus Repository Manager 3 - Sensitive Information Disclosure - 2021-04-22
General Product Tips & How To
- How to retrieve a user token from Nexus Repository using REST
- How to disable Sonatype Nexus Repository Health Check (RHC)
- Accessing Sonatype Nexus Private Development Repository
- How to Configure HTTPS Protocols Used By Nexus Repository
- How to avoid, Could not download page bundle, messages
- SSL Certificate Guide
Apache Maven Tips & Troubleshooting
- Maven deploy works using plain text password, but fails if encrypted
- Maven deploys fail with Java 7, work with Java 6
- HTTPS/SSL deploy fails with "Received fatal alert: bad_record_mac"
- Configuring Maven HTTP Wagon Detailed Logging
- What are the requests that Maven 3.x sends when deploying artifacts?
- maven-release-plugin + nexus-staging-plugin + Maven 2.2.1 Server Credentials with ID not found