Urgent: Sonatype Nexus Repository 3.68.1 Released

[Nexus Pro Announcements]

Sonatype Nexus Repository 3.68.1 fixes a critical vulnerability impacting all Sonatype Nexus Repository 3 deployments. All Sonatype Nexus Repository 3 Pro and OSS customers should upgrade to 3.68.1 as soon as possible.

While there are no known active exploits, this vulnerability could allow a specially crafted URL to return any file as a download, including system files outside of Nexus Repository application scope. See our CVE-2024-4956 KB article for full details. The Nexus Repository 3.68.0 - 3.68.1 Release Notes are also available.