News and Notes from the makers of Nexus | Sonatype Blog

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

By Sonatype Security Research Team on January 13, 2021 vulnerabilities

Sonatype removed 3 malicious open-source Java components from Maven Central targeting popular software releases, stopping a software supply chain attack.

Read More...

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

By Mark Miller on March 20, 2018 Open Source

In this episode of the OWASP 24/7 Podcast Series, I speak with the research team at Semmle on how they discovered the Pivotal Spring framework vulnerability.

Read More...

Struts2 Exploited Again. Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...

Did you wake up to an alert about the Java Deserialization vulnerability?

By Brian Fox on November 13, 2015 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...

PRODUCTS

Powered by Nexus IQ

Nexus Repository Manager

Research and Free Tools

Pricing

No-Pressure Sales

SOLUTIONS

For Professionals

For Industries

RESOURCES

Content

Sonatype Partners

Community

Upcoming Events

COMPANY

Sonatype Blog

Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

Struts2 Exploited Again. Did Anyone Bother to Tell You?

Did you wake up to an alert about the Java Deserialization vulnerability?

Products

Security Research

Solutions

Resources

Company