Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

runC Vulnerabilities

  • Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
  • The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.

Apache Kafka 3.6.1
Improvement:
[KAFKA-15415] - In Java-client, backoff should be skipped for retried producer-batch to a new leader
[KAFKA-15596] - Upgrade ZooKeeper to 3.8.3

Bug:
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-15481] - Concurrency bug in RemoteIndexCache leads to IOException
[KAFKA-15491] - RackId doesn't exist error while running WordCountDemo
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15552] - Duplicate Producer ID blocks during ZK migration
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15605] - Topics marked for deletion in ZK are incorrectly migrated to KRaft
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15644] - Fix CVE-2023-4586 in netty:handler
[KAFKA-15653] - NPE in ChunkedByteStream
[KAFKA-15658] - Zookeeper.jar | CVE-2023-44981
[KAFKA-15680] - Partition-Count is not getting updated Correctly in the Incremental Co-operative Rebalancing(ICR) Mode of Rebalancing
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15799] - ZK brokers incorrectly handle KRaft metadata snapshots
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
[KAFKA-15802] - Trying to access uncopied segments metadata on listOffsets
[KAFKA-15825] - KRaft controller writes empty state to ZK after migration

GitLab Security Release: 16.8.2, 16.7.5, 16.6.7
 Table of fixes:

TitleSeverity
Restrict group access token creation for custom rolesMedium
Project maintainers can bypass group's scan result policy block_branch_modification settingMedium
ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntaxMedium
Resource exhaustion using GraphQL vulnerabilitiesCountByDayMedium

Non-Security Based Updates

Elasticsearch 8.12.1
Bug fixes:
Allocation

  • Improve CANNOT_REBALANCE_CAN_ALLOCATE explanation #104904

Application

  • [Connector API] Fix bug in configuration validation parser #104198
  • [Connector API] Fix bug when triggering a sync job via API #104802
  • [Profiling] Query in parallel on content nodes #104600

Data streams

  • Data streams fix failure store delete #104281
  • Fix _alias/<alias> returning non-matching data streams #104145 (issue: #96589)

Downsampling

  • Downsampling supports date_histogram with tz #103511 (issue: #101309)

ES|QL

  • Avoid execute ESQL planning on refresh thread #104591
  • ESQL: Allow grouping by null blocks #104523
  • ESQL: Fix SearchStats#count(String) to count values not rows #104891 (issue: #104795)
  • Limit concurrent shards per node for ESQL #104832 (issue: #103666)
  • Reduce the number of Evals ReplaceMissingFieldWithNull creates #104586 (issue: #104583)

Infra/Resiliency

  • Limit nesting depth in Exception XContent #103741

Ingest Node

  • Better handling of async processor failures #104289 (issue: #101921)
  • Ingest correctly handle upsert operations and drop processors together #104585 (issue: #36746)

Machine Learning

  • Add retry logic for 500 and 503 errors for OpenAI #103819
  • Avoid possible datafeed infinite loop with filtering aggregations #104722 (issue: #104699)
  • [LTR] FieldValueExtrator - Checking if fetched values is empty #104314

Network

  • Fix lost headers with chunked responses #104808

Search

  • Don’t throw error for remote shards that open PIT filtered out #104288 (issue: #102596)

Snapshot/Restore

  • Fix deleting index during snapshot finalization #103817 (issue: #101029)

TSDB

  • Fix routing_path when template has multiple path_match and multi-fields #104418 (issue: #104400)

Transform

  • Fix bug when latest transform is used together with from parameter #104606 (issue: #104543)

Jenkins 2.444

  • Prevent authenticated access to Resource Root URL. (issue 72636)
  • Improve locale parsing for loading of localised help files. (issue 72627)
  • Support noCertificateCheck with webSocket on the CLI. (issue 72532)
  • Show error message in progressive logs on 4xx status codes. (issue 72509)
  • Avoid stacktrace from artifactarchiver when no artifacts are found. (issue 71700)
  • Upgrade Winstone to 6.18 in order to update Jetty from 10.0.18 to 10.0.20. (Winstone 6.15 changelog, Winstone 6.16 changelog, Winstone 6.17 changelog, Winstone 6.18 changelog, Jetty 10.0.18 changelog, Jetty 10.0.19 changelog, Jetty 10.0.20 changelog)
  • Developer: Unrestricted FilePath.isDescendant (pull 8913)
  • Introduce an API to be used by the Folders plugin to fix some corner cases involving branch project reloading. (issue 72613)

Kibana 8.12.1
Enhancements:
Elastic Security

  • For the Elastic Security 8.12.1 release information, refer to Elastic Security Solution Release Notes.

Observability

  • Adds defer_validation: true to transforms on creation to stop errors when the destination index doesn’t exist yet (#174463).

Bug Fixes:
Alerting

  • Fixes context variables not being passed in to the action parameters when an alert- as-data document is available (#175682).
  • Fixes the Rules page loosing user selections when navigating back (#174954).
  • Fixes the custom threshold rendering in the create rule flyout (#174982).

APM

  • Fixes a transactions error link for mobile (#174655).
  • Increases the number of maximum function calls from 3 to 5 (#175588).

Dashboard

  • Fixes a caching issue that caused problems updating dashboard information (#175635).

Elastic Security

  • For the Elastic Security 8.12.1 release information, refer to Elastic Security Solution Release Notes.

Fleet

  • Fixes the display of category label on the Integration overview page (#176141).
  • Fixes conflicting dynamic template mappings for intermediate objects (#175970).
  • Fixes reserved keys for Elasticsearch output YAML box (#175901).
  • Prevent deletion of agent policies with inactive agents from UI (#175815).
  • Fixes incorrect count of agents in bulk actions (#175318).
  • Fixes a custom integrations not displaying on the Installed integrations page (#174804).

Lens & Visualizations

  • Fixes a validation error for invalid formula and math columns in Lens (#175644).

Machine Learning

  • Fixes Allocation rendering for failed deployments (#174882).
  • Fixes an issue where a user could create an anomaly rule but couldn’t see it or interact with the rule via stack management (#174791).

Security

  • Fixes API Key table sorting (#175813).
  • Ensures all API Keys have a defined name (#175721).
  • Fixes an issue with @kbn-handlebars, where nested inputs were not being escaped properly (#175490).

Logstash 8.12.1

  • Updates bundled JDK #15840

Plugins:
Http Filter - 1.5.1

  • Don’t process response when the body is empty. #50

Syslog_pri Filter - 3.2.1:

  • Remove spurious leftover text from "use_labels" docs #15

Logstash Integration - 1.0.2

  • Fix: input plugin now correctly applies common event decorators type, tags, and add_field to events after receiving them #21

PostgreSQL 16.2
E.1.2. Changes:

  • Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (Heikki Linnakangas)
  • One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view's owner, as expected.
  • The only known exploit for this error does not work in PostgreSQL 16.0 and later, so it may be that v16 is not vulnerable in practice.
  • The PostgreSQL Project thanks Pedro Gallegos for reporting this problem. (CVE-2024-0985)
  • Fix memory leak when performing JIT inlining (Andres Freund, Daniel Gustafsson)
  • There have been multiple reports of backend processes suffering out-of-memory conditions after sufficiently many JIT compilations. This fix should resolve that.
  • Avoid generating incorrect partitioned-join plans (Richard Guo)
  • Some uncommon situations involving lateral references could create incorrect plans. Affected queries could produce wrong answers, or odd failures such as “variable not found in subplan target list”, or executor crashes.
  • Fix incorrect wrapping of subquery output expressions in PlaceHolderVars (Tom Lane)
  • This fixes incorrect results when a subquery is underneath an outer join and has an output column that laterally references something outside the outer join's scope. The output column might not appear as NULL when it should do so due to the action of the outer join.
  • Fix misprocessing of window function run conditions (Richard Guo)
  • This oversight could lead to “WindowFunc not found in subplan target lists” errors.
  • Fix detection of inner-side uniqueness for Memoize plans (Richard Guo)
  • This mistake could lead to “cache entry already complete” errors.
  • Fix computation of nullingrels when constant-folding field selection (Richard Guo)
  • Failure to do this led to errors like “wrong varnullingrels (b) (expected (b 3)) for Var 2/2”.
  • Skip inappropriate actions when MERGE causes a cross-partition update (Dean Rasheed)
  • When executing a MERGE UPDATE action on a partitioned table, if the UPDATE is turned into a DELETE and INSERT due to changing a partition key column, skip firing AFTER UPDATE ROW triggers, as well as other post-update actions such as RLS checks. These actions would typically fail, which is why a regular UPDATE doesn't do them in such cases; MERGE shouldn't either.
  • Cope with BEFORE ROW DELETE triggers in cross-partition MERGE updates (Dean Rasheed)
  • If such a trigger attempted to prevent the update by returning NULL, MERGE would suffer an error or assertion failure.
  • Prevent access to a no-longer-pinned buffer in BEFORE ROW UPDATE triggers (Alexander Lakhin, Tom Lane)
  • If the tuple being updated had just been updated and moved to another page by another session, there was a narrow window where we would attempt to fetch data from the new tuple version without any pin on its buffer. In principle this could result in garbage data appearing in non-updated columns of the proposed new tuple. The odds of problems in practice seem rather low, however.
  • Avoid requesting an oversize shared-memory area in parallel hash join (Thomas Munro, Andrei Lepikhov, Alexander Korotkov)
  • The limiting value was too large, allowing “invalid DSA memory alloc request size” errors to occur with sufficiently large expected hash table sizes.
  • Fix corruption of local buffer state when an error occurs while trying to extend a temporary table (Tender Wang)
  • Fix use of wrong tuple slot while evaluating DISTINCT aggregates that have multiple arguments (David Rowley)
  • This mistake could lead to errors such as “attribute 1 of type record has wrong type”.
  • Avoid assertion failures in heap_update() and heap_delete() when a tuple to be updated by a foreign-key enforcement trigger fails the extra visibility crosscheck (Alexander Lakhin)
  • This error had no impact in non-assert builds.
  • Fix possible failure during ALTER TABLE ADD COLUMN on a complex inheritance tree (Tender Wang)
  • If a grandchild table would inherit the new column via multiple intermediate parents, the command failed with “tuple already updated by self”.
  • Fix problems with duplicate token names in ALTER TEXT SEARCH CONFIGURATION ... MAPPING commands (Tender Wang, Michael Paquier)
  • Fix DROP ROLE with duplicate role names (Michael Paquier)
  • Previously this led to a “tuple already updated by self” failure. Instead, ignore the duplicate.
  • Properly lock the associated table during DROP STATISTICS (Tomas Vondra)
  • Failure to acquire the lock could result in “tuple concurrently deleted” errors if the DROP executes concurrently with ANALYZE.
  • Fix function volatility checking for GENERATED and DEFAULT expressions (Tom Lane)
  • These places could fail to detect insertion of a volatile function default-argument expression, or decide that a polymorphic function is volatile although it is actually immutable on the datatype of interest. This could lead to improperly rejecting or accepting a GENERATED clause, or to mistakenly applying the constant-default-value optimization in ALTER TABLE ADD COLUMN.
  • Detect that a new catalog cache entry became stale while detoasting its fields (Tom Lane)
  • We expand any out-of-line fields in a catalog tuple before inserting it into the catalog caches. That involves database access which might cause invalidation of catalog cache entries — but the new entry isn't in the cache yet, so we would miss noticing that it should get invalidated. The result is a race condition in which an already-stale cache entry could get made, and then persist indefinitely. This would lead to hard-to-predict misbehavior. Fix by rechecking the tuple's visibility after detoasting.
  • Fix edge-case integer overflow detection bug on some platforms (Dean Rasheed)
  • Computing 0 - INT64_MIN should result in an overflow error, and did on most platforms. However, platforms with neither integer overflow builtins nor 128-bit integers would fail to spot the overflow, instead returning INT64_MIN.
  • Detect Julian-date overflow when adding or subtracting an interval to/from a timestamp (Tom Lane)
  • Some cases that should cause an out-of-range error produced an incorrect result instead.
  • Add more checks for overflow in interval_mul() and interval_div() (Dean Rasheed)
  • Some cases that should cause an out-of-range error produced an incorrect result instead.
  • Allow scram_SaltedPassword() to be interrupted (Bowen Shi)
  • With large scram_iterations values, this function could take a long time to run. Allow it to be interrupted by query cancel requests.
  • Ensure cached statistics are discarded after a change to stats_fetch_consistency (Shinya Kato)
  • In some code paths, it was possible for stale statistics to be returned.
  • Make the pg_file_settings view check validity of unapplied values for settings with backend or superuser-backend context (Tom Lane)
  • Invalid values were not noted in the view as intended. This escaped detection because there are very few settings in these groups.
  • Match collation too when matching an existing index to a new partitioned index (Peter Eisentraut)
  • Previously we could accept an index that has a different collation from the corresponding element of the partition key, possibly leading to misbehavior.
  • Avoid failure if a child index is dropped concurrently with REINDEX INDEX on a partitioned index (Fei Changhong)
  • Fix insufficient locking when cleaning up an incomplete split of a GIN index's internal page (Fei Changhong, Heikki Linnakangas)
  • The code tried to do this with shared rather than exclusive lock on the buffer. This could lead to index corruption if two processes attempted the cleanup concurrently.
  • Avoid premature release of buffer pin in GIN index insertion (Tom Lane)
  • If an index root page split occurs concurrently with our own insertion, the code could fail with “buffer NNNN is not owned by resource owner”.
  • Avoid failure with partitioned SP-GiST indexes (Tom Lane)
  • Trying to use an index of this kind could lead to “No such file or directory” errors.
  • Fix ownership tests for large objects (Tom Lane)
  • Operations on large objects that require ownership privilege failed with “unrecognized class ID: 2613”, unless run by a superuser.
  • Fix ownership change reporting for large objects (Tom Lane)
  • A no-op ALTER LARGE OBJECT OWNER command (that is, one selecting the existing owner) passed the wrong class ID to the PostAlterHook, probably confusing any extension using that hook.
  • Fix reporting of I/O timing data in EXPLAIN (BUFFERS) (Michael Paquier)
  • The numbers labeled as “shared/local” actually refer only to shared buffers, so change that label to “shared”.
  • Ensure durability of CREATE DATABASE (Noah Misch)
  • If an operating system crash occurred during or shortly after CREATE DATABASE, recovery could fail, or subsequent connections to the new database could fail. If a base backup was taken in that window, similar problems could be observed when trying to use the backup. The symptom would be that the database directory, PG_VERSION file, or pg_filenode.map file was missing or empty.
  • Add more LOG messages when starting and ending recovery from a backup (Andres Freund)
  • This change provides additional information in the postmaster log that may be useful for diagnosing recovery problems.
  • Prevent standby servers from incorrectly processing dead index tuples during subtransactions (Fei Changhong)
  • The startedInRecovery flag was not correctly set for a subtransaction. This affects only processing of dead index tuples. It could allow a query in a subtransaction to ignore index entries that it should return (if they are already dead on the primary server, but not dead to the standby transaction), or to prematurely mark index entries as dead that are not yet dead on the primary. It is not clear that the latter case has any serious consequences, but it's not the intended behavior.
  • Fix signal handling in walreceiver processes (Heikki Linnakangas)
  • Revert a change that made walreceivers non-responsive to SIGTERM while waiting for the replication connection to be established.
  • Fix integer overflow hazard in checking whether a record will fit into the WAL decoding buffer (Thomas Munro)
  • This bug appears to be only latent except when running a 32-bit PostgreSQL build on a 64-bit platform.
  • Fix deadlock between a logical replication apply worker, its tablesync worker, and a session process trying to alter the subscription (Shlok Kyal)
  • One edge of the deadlock loop did not involve a lock wait, so the deadlock went undetected and would persist until manual intervention.
  • Ensure that column default values are correctly transmitted by the pgoutput logical replication plugin (Nikhil Benesch)
  • ALTER TABLE ADD COLUMN with a constant default value for the new column avoids rewriting existing tuples, instead expecting that reading code will insert the correct default into a tuple that lacks that column. If replication was subsequently initiated on the table, pgoutput would transmit NULL instead of the correct default for such a column, causing incorrect replication on the subscriber.
  • Fix failure of logical replication's initial sync for a table with no columns (Vignesh C)
  • This case generated an improperly-formatted COPY command.
  • Re-validate a subscription's connection string before use (Vignesh C)
  • This is meant to detect cases where a subscription was created without a password (which is allowed to superusers) but then the subscription owner is changed to a non-superuser.
  • Return the correct status code when a new client disconnects without responding to the server's password challenge (Liu Lang, Tom Lane)
  • In some cases we'd treat this as a loggable error, which was not the intention and tends to create log spam, since common clients like psql frequently do this. It may also confuse extensions that use ClientAuthentication_hook.
  • Fix incompatibility with OpenSSL 3.2 (Tristan Partin, Bo Andreson)
  • Use the BIO “app_data” field for our private storage, instead of assuming it's okay to use the “data” field. This mistake didn't cause problems before, but with 3.2 it leads to crashes and complaints about double frees.
  • Be more wary about OpenSSL not setting errno on error (Tom Lane)
  • If errno isn't set, assume the cause of the reported failure is read EOF. This fixes rare cases of strange error reports like “could not accept SSL connection: Success”.
  • Fix file descriptor leakage when a foreign data wrapper's ForeignAsyncRequest function fails (Heikki Linnakangas)
  • Fix minor memory leak in connection string validation for CREATE SUBSCRIPTION (Jeff Davis)
  • Report ENOMEM errors from file-related system calls as ERRCODE_OUT_OF_MEMORY, not ERRCODE_INTERNAL_ERROR (Alexander Kuzmenkov)
  • In PL/pgSQL, support SQL commands that are CREATE FUNCTION/CREATE PROCEDURE with SQL-standard bodies (Tom Lane)
  • Previously, such cases failed with parsing errors due to the semicolon(s) appearing in the function body.
  • Fix libpq's handling of errors in pipelines (Álvaro Herrera)
  • The pipeline state could get out of sync if an error is returned for reasons other than a query problem (for example, if the connection is lost). Potentially this would lead to a busy-loop in the calling application.
  • Make libpq's PQsendFlushRequest() function flush the client output buffer under the same rules as other PQsend functions (Jelte Fennema-Nio)
  • In pipeline mode, it may still be necessary to call PQflush() as well; but this change removes some inconsistency.
  • Avoid race condition when libpq initializes OpenSSL support concurrently in two different threads (Willi Mann, Michael Paquier)
  • Fix timing-dependent failure in GSSAPI data transmission (Tom Lane)
  • When using GSSAPI encryption in non-blocking mode, libpq sometimes failed with “GSSAPI caller failed to retransmit all data needing to be retried”.
  • Change initdb to always un-comment the postgresql.conf entries for the lc_xxx parameters (Kyotaro Horiguchi)
  • initdb used to work this way before v16, and now it does again. The change caused initdb's --no-locale option to not have the intended effect on lc_messages.
  • In pg_dump, don't dump RLS policies or security labels for extension member objects (Tom Lane, Jacob Champion)
  • Previously, commands would be included in the dump to set these properties, which is really incorrect since they should be considered as internal affairs of the extension. Moreover, the restoring user might not have adequate privilege to set them, and indeed the dumping user might not have enough privilege to dump them (since dumping RLS policies requires acquiring lock on their table).
  • In pg_dump, don't dump an extended statistics object if its underlying table isn't being dumped (Rian McGuire, Tom Lane)
  • This conforms to the behavior for other dependent objects such as indexes.
  • Properly detect out-of-memory in one code path in pg_dump (Daniel Gustafsson)
  • Make it an error for a pgbench script to end with an open pipeline (Anthonin Bonnefoy)
  • Previously, pgbench would behave oddly if a \startpipeline command lacked a matching \endpipeline. This seems like a scripting mistake rather than a case that pgbench needs to handle nicely, so throw an error.
  • In contrib/bloom, fix overly tight assertion about false_positive_rate (Alexander Lakhin)
  • Fix crash in contrib/intarray if an array with an element equal to INT_MAX is inserted into a gist__int_ops index (Alexander Lakhin, Tom Lane)
  • Report a better error when contrib/pageinspect's hash_bitmap_info() function is applied to a partitioned hash index (Alexander Lakhin, Michael Paquier)
  • Report a better error when contrib/pgstattuple's pgstathashindex() function is applied to a partitioned hash index (Alexander Lakhin)
  • On Windows, suppress autorun options when launching subprocesses in pg_ctl and pg_regress (Kyotaro Horiguchi)
  • When launching a child process via cmd.exe, pass the /D flag to prevent executing any autorun commands specified in the registry. This avoids possibly-surprising side effects.
  • Move is_valid_ascii() from mb/pg_wchar.h to utils/ascii.h (Jubilee Young)
  • This change avoids the need to include <simd.h> in pg_wchar.h, which was causing problems for some third-party code.
  • Fix compilation failures with libxml2 version 2.12.0 and later (Tom Lane)
  • Fix compilation failure of WAL_DEBUG code on Windows (Bharath Rupireddy)
  • Suppress compiler warnings from Python's header files (Peter Eisentraut, Tom Lane)
  • Our preferred compiler options provoke warnings about constructs appearing in recent versions of Python's header files. When using gcc, we can suppress these warnings with a pragma.
  • Avoid deprecation warning when compiling with LLVM 18 (Thomas Munro)
  • Update time zone data files to tzdata release 2024a for DST law changes in Greenland, Kazakhstan, and Palestine, plus corrections for the Antarctic stations Casey and Vostok. Also historical corrections for Vietnam, Toronto, and Miquelon.

Sonatype Nexus Repository 3.65.0
NEXUS-34334:

  • If the rebuild index task triggers an ElasticSearchException, one repository failing will no longer prevent task completion or affect the other repositories. Added an error message to alert the user if a repository does fail.

NEXUS-34968:

  • Attempting to download an asset with a missing blob from a proxy repository in a PostgreSQL or H2 deployment no longer results in an immediate 500 error. Sonatype Nexus Repository automatically attempts to re-fetch the asset from remote as expected.

NEXUS-36807:

  • Made changes to improve cleanup policy preview performance.

NEXUS-39665:

  • Resolved an issue that was preventing some installations of a package from a group repository with a certain private proxy repository member.

NEXUS-39881:

  • The package-specific index page for a Python package requested from a proxy repository now displays the non-truncated package name as expected.

NEXUS-40111:

  • Resolved an issue that was causing some Yum assets to be shown as "components" in the Sonatype Nexus Repository UI.

NEXUS-40213:

  • Addressed an issue impacting HA deployments where tokens after a wildcards in component searches were being dropped (e.g. for searches like “nexus*core”).

NEXUS-40378:

  • Searching components by exact tag in an HA environment now returns an exact match as expected.

NEXUS-40680:

  • Associating a tag with a component used to operate on a loose match; it now uses an exact match as expected. For example, associating a tag with a .jar with the version “1.0.0” used to associate that tag with all components that had “1.0.0” in the version number. Now, it will associate with the exact version match only unless you use a wildcard.

NEXUS-40987:

  • Resolved an issue that was causing some PostgreSQL HA deployments to have excessive errors written to logs despite requests working as expected.

NEXUS-40994:

  • In HA environments, performing an exact-match search for components where the group ID or artifact ID contain an underscore now returns exact-match results as expected.

NEXUS-41211:

  • Added clarifying documentation regarding changes in NuGet client compatibility with Sonatype Nexus Repository:
  • In Sonatype Nexus Repository release 3.43.0, we added compatibility with official NuGet v2 clients. The supported subset of the legacy NuGet v2 protocol is the same as that supported by Microsoft's NuGet Gallery, http://nuget.org. Use cases that rely on the deprecated parts of the v2 API are not supported, including many common Chocolatey use cases and some custom OData queries.

View all OpenUpdate editions >