[SAC] [OSGeo] #2932: Upgrade nexus to 3.57.0 or higher (was: Upgrade nexus to 3.53.1 or higher)

Thu Jul 13 11:43:44 PDT 2023

#2932: Upgrade nexus to 3.57.0 or higher
---------------------------+---------------------------------------
 Reporter:  robe           |       Owner:  sac@…
     Type:  task           |      Status:  new
 Priority:  normal         |   Milestone:  Sysadmin Contract 2023-I
Component:  Systems Admin  |  Resolution:
 Keywords:                 |
---------------------------+---------------------------------------
Changes (by robe):

 * summary:  Upgrade nexus to 3.53.1 or higher => Upgrade nexus to 3.57.0 or
     higher

Old description:

> repo.osgeo.org is currently on 3.45.1
>
> Latest available nexus is 3.53.1
>
> there are no CVEE fixes noted, and most changes since seem to be aournd
> PostgreSQL as backend store (which we are not using, we are using the
> built-in database) and Ruby Gems. there is also a name change from Nexus
> Repository to Sonatype Nexus Repository.
>
> One caution noted in the upgrades is possible issue with custom plugins.
>
> "There is a known issue in Sonatype Nexus Repository 3.53.0 impacting
> those using community or custom plugins. These plugins will not load from
> the typical install directory and, in some cases, this may prevent
> Sonatype Nexus Repository from starting.
>
> If you are using community or custom plugins and wish to upgrade, remove
> the plugin before doing so. Otherwise, wait to upgrade until we release a
> fix for this issue.
>
> If you are not using community or custom plugins, there is no impact."
>
> https://help.sonatype.com/repomanager3/product-information/release-
> notes/2023-release-notes/sonatype-nexus-repository-3.53.0---3.53.1
> -release-notes
>
> so I'll probably hold off for a bit longer till the next release comes
> out just in case.

New description:

 repo.osgeo.org is currently on 3.45.1

 Latest available nexus is 3.57.0

 More than a year has passed since our upgrade

 there are no CVEE fixes noted, and most changes since seem to be around
 PostgreSQL as backend store (which we are not using, we are using the
 built-in database), Ruby Gems, Conan repo. There is also a name change
 from Nexus Repository to Sonatype Nexus Repository.

 One caution noted in the upgrades is possible issue with custom plugins.

 "There is a known issue in Sonatype Nexus Repository 3.53.0 impacting
 those using community or custom plugins. These plugins will not load from
 the typical install directory and, in some cases, this may prevent
 Sonatype Nexus Repository from starting.

 If you are using community or custom plugins and wish to upgrade, remove
 the plugin before doing so. Otherwise, wait to upgrade until we release a
 fix for this issue.

 If you are not using community or custom plugins, there is no impact."

 https://help.sonatype.com/repomanager3/product-information/release-
 notes/2023-release-notes/sonatype-nexus-repository-3.53.0---3.53.1
 -release-notes

 so I'll probably hold off for a bit longer till the next release comes out
 just in case.

--
-- 
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2932#comment:1>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.