You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Nexus Pro Announcements
Sonatype Nexus Repository 3.68.1 fixes a critical vulnerability impacting all Sonatype Nexus Repository 3 deployments. All Sonatype Nexus Repository 3 Pro and OSS customers should upgrade to 3.68.1 as soon as possible.
While there are no known active exploits, this vulnerability could allow a specially crafted URL to return any file as a download, including system files outside of Nexus Repository application scope. See our CVE-2024-4956 KB article for full details. The Nexus Repository 3.68.0 - 3.68.1 Release Notes are also available.