Upgrade for newer Nexus versions

[AlbertoOS]

Hello, currently I want to update a private Nexus instance to solve some vulnerabilities but I'm currently unable to since we make use of this plugin here.

Could you kindly take a look on updating the plugin?

If I can somehow contribute to it, I'm willing to help

[jtnord]

it is unclear to me (as I have not tested yet) if anything is needed in this plugin apart from fixing the Readme which states

nexus-blobstore-google-cloud/README.md

Line 34 in 7425e11

2. Select the version that matches your Nexus Repository Manager version. Example: 0.39 of the plugin is intended for Repository Manager 3.39, 0.38 for 3.38, etc.

however the most recent bump stated that this was not the case in contradiction to the above

build: update Nexus Repository version to 3.64
No plugin update is required, version 0.61.0 is compatible with 3.64.0.

[higor-duarte-oliveira]

Nexus has a security flaw and the fix is ​​in version 3.68.1. We need the plugin to be compatible with version 3.68.1 or newer.

CVE-2024-4956 Nexus Repository 3 - Path Traversal - 2024-05-16

[jtnord]

We've been running 3.52 against nexus 3.68.1 for months without even realising this was not supposed to be supported and it is as far as I am aware all working...

@higor-duarte-oliveira are you actually seeing any errors, if so can you provide the details, or are you using the incorrect information from the README?

[AlbertoOS]

@jtnord that's nice to hear, we were worried to update because of the README:

Select the version that matches your Nexus Repository Manager version.

After your comment we went ahead and upgraded to Nexus 3.70.3 as it is the latest version that still support OrientDB paired with plugin version 0.61 and so far it seems to be working fine.

[jtnord]

I attempted to get the project up to date to run the ITs but have spent an entire day and not made much progress.

my conclusion is that this project is not in a healthy state to be community maintained and users with a contract can only push Sonatype to either officially support this, or to make it supportable by the community

sonatype/nexus-public#504

[OleksiiSkopych]

Hello. Has anyone tested if this plugin works with version 3.73?

[jtnord]

FYI: Nexus 3.74 has been released with the following release notes.

Pro customers can now take advantage of native blob store support on GCP. This allows customers running Nexus Repository on GCP to seamlessly store and manage their build artifacts within Google Cloud Storage.

I'm a pro customer so am disappearing from here now.

[nblair]

@AlbertoOS thanks for testing out the plugin for 3.70.3 and reporting back.

As I noted in #132, I won't be updating this plugin any more, and as @jtnord pointed out official support for Google Cloud is now fully available in the Pro offering. Thanks!

[jtnord]

FWIW, the page to edit the blobstore (#admin/repository/blobstores:google/blobstoreid) for a google blobstore hangs for me on 3.73

[madpah]

ℹ️ As of 7th November 2024, this community project has graduated and is offered as part of Sonatype's commercial offerings - see here for full details.

🚧 This community project will receive not accept further contributions nor receive maintenance.