Sonatype Nexus Repository ManagerOSS 3.41.1-01
Just info if Sonatype / Nexus Repository is affected by the last vulnerability discovered in open-source libwebp library
Thanks in advance
Juan
Hello @jmlp1 . We don’t disclose the specific exploitability of potential vulnerabilities in Sonatype Nexus Repository; we treat all vulnerabilities in our open source dependencies as potentially exploitable, and we schedule them all for removal or upgrade to a non-vulnerable version.
3.41.1 is more than a year old at this point, we would normally recommend you upgrade to a much more recent version. Versions this old are at risk of being significantly out of date in terms of security updates.