TL; DR: The release of Nexus 2.11.1 includes a fix for the security vulnerability CVE-2014-9389.
Whenever a new Nexus release becomes available there are a myriad of reasons to upgrade. The team always seems to manage to bring in some really useful new features or bug fixes that you have been waiting for. Luckily upgrades to Nexus can be done easily and there should be no obstacles to sticking with the latest available release.
That is the theory. In practice however there always seem to be some reason coming up, why you might want to not bother with it. We often find organizations running older versions of Nexus and the general story is that it just hums along nicely and does its job. Generally thats okay from our point of view, though personally I think that you are missing out on all the new features and bug fixes.
More importantly, each update you miss means that eventually when you do decide to upgrade, you are going to have to absorb a potentially more complex upgrade and a large change overall. It also means that you are probably a bit rusty about how to do the upgrade - after all you are not doing it that often. Just like “release often” makes releases in your software development efforts easier, “upgrade often” reduces deployment risk and makes it easier for you as well.
Today is one of these days when you should consider upgrading. In fact, we highly recommend it. . The release of Nexus 2.11.1 includes a fix for the security vulnerability CVE-2014-9389. You can read all the details about the issue in our related support page. In a nutshell there is a vulnerability that you want to avoid, especially if your Nexus server is available on the public internet -- even though no exploits are known at this time.
And, like I mentioned, there are a lot of goodies coming your way, especially if you upgrade from Nexus 2.7 or an even older version. In the last releases we have added NuGet support to Nexus OSS, added NPM support, added RubyGems support, made a lot of improvements on the YUM support and generally fixed bugs and added features across the board. So no matter if you are using Nexus OSS or Nexus Professional, it is probably a time to bite the bullet and do the upgrade. The benefits far outweigh the inconveniences from the upgrade. You are going to love it.
