Sonatype posted security
vulnerabilities in Nexus releases prior to 2.1 and recommending upgrade to
latest release (i.e. 2.1)
We areusing the nexus version 2.0.6 OSS. Considering this alert, I’m planning to upgrade soon.
Here is the quote from sonatype
“Unless you want to risk
exposing a secure credential, get hacked via some XML, or suffer a denial of
service attack via our Artifactory bridge, you probably want to upgrade to
Nexus 2.1 right now.”
Refer the link http://www.sonatype.com/people/2012/08/dogfooding-sonatype-insight-we-found-vulnerabilities-in-nexus/#more-11947
for details.
I hope they are not marketing Sonatype Insight with this
alert J