Nexus IQ Server Release 161

[Dariush Griffin]

Hi!

Latest version of Sonatype IQ Server version 161 has been released and is freely available for download for all existing users.

As part of our organization-wide brand refresh, we are excited to announce that Nexus Lifecycle and Nexus Firewall are now Sonatype Lifecycle and Sonatype Repository Firewall. This release brings over new product names and logos for a fresh but familiar experience!

New Features in this Release

1. Customizable Vulnerability Attributes

Using this feature, security experts can augment Sonatype Vulnerability Data with their company security regulations to create customized vulnerability attributes that match their specific environments. The customized vulnerability attributes can be used to build constraints for policies in Lifecycle and help prioritize remediations.

The new Vulnerability Custom Attributes REST API (experimental) extends the ability to customize the vulnerability data, beyond the UI.

2. Move Organizations

This feature enhances the capabilities of managing a multi-level (N-level) hierarchy within organizations. Using this feature, users can move an entire organization branch (including dependent organizations and applications) to a new organization branch in the hierarchy. This feature will prove exceptionally helpful while transforming an existing single-level organization hierarchy into an N-level hierarchy.

Improvements in this release:

1. The Vulnerability Details REST API includes an additional response field, customData to retrieve vulnerability attributes that are user customized.

2. The new PUT method in Organizations REST API can be used to change the parent organizations and transform to N-level hierarchy

3. The Source Control Configuration section now allows SCM users to turn the Automatic Commit Feedback feature off. 

4. Users can configure the expiration time of Quarantined Component Report in Firewall using the quarnatinedComponentReportExpirationTimeInHours property in Configurations REST API.

5. Users will now be able to view all hosted repositories, for which namespace confusion protection is enabled.

6. Users can now set the --ignore-scanning-errors switch in IQ Command Line Interface (CLI) to skip scanning invalid files in target codebase.

Notable Bug Fixes in this release:

1. Error with SCM URLs that occurred during importing applications.

2. Error occurring with forwarded HTTP headers when used for reverse proxy.

For more detailed information on release 161, please refer to the release notes.

Thank you,

Dariush Griffin

Sonatype Lifecycle - Product Manager

--

Dariush Griffin Senior Product Manager Mobile: 512.299.0429