The latest version of Sonatype CLM is free for all existing users of Sonatype CLM. This includes the Sonatype CLM Server as well as the entire Sonatype CLM suite of tools (e.g. Sonatype CLM for Nexus).
The following updates are included in the 1.14 release:
Details, where applicable, have been included below.
A new notification panel located next to the name of the logged-in user provides a mechanism for the Sonatype CLM development team to communicate directly with Sonatype CLM users. Look to this location for important announcements that affect your CLM Server.
The Sonatype CLM Server provides extended functionality to a number of tools (e.g. Sonatype CLM for Nexus, Hudson, Jenkins, Bamboo, Eclipse, Maven, etc.). Previously these tools allowed limited, or no direct, authorization options when evaluating applications.
Starting with Sonatype CLM 1.14, CLM Server authorization for these tools is optional by default. This means a username and password can be entered if desired. Additionally, the Sonatype CLM Server can be configured to force authorization for all tools.
If you desire to turn off the anonymous access, we recommend you upgrade your Sonatype CLM Server first, and then follow with the various tools. In cases where you can’t upgrade the tools as quickly or easily as the Sonatype CLM Server, we recommend waiting until those tools are updated before forcing authorization.
The affected tools includes Sonatype CLM for:
The Sonatype CLM Server allows notifications and monitoring to be configured such that when a policy violation occurs, users will be notified. Previously, policy notifications and monitoring required an email to be added.
In the Sonatype CLM 1.14 update, users can select a particular role in addition to entering a specific email. When policy violations occur, any user assigned to that role will be emailed. For additional information, please review the Policy Notifications and Monitoring documentation.
An update to the application log has been made. These changes provide a foundation for more detailed logging in the future. Previous users of Sonatype CLM who are upgrading to 1.14, and want to take advantage of this feature, will need to update their logFormat configuration.
Please review the config.yml
file included with the Sonatype CLM Server
download. An example of the new logging is provided below.
2015-04-10 10:34:16,919-0400 INFO [qtp308511037-32 - GET /rest/productNotifications?timestamp=1428676456892] admin com.sonatype.insight.brain.notifications.HdsProductNotificationService - Updating notification cache from HDS
The Edit Security Vulnerability area of the Component Information Panel (CIP) located in the Application Composition Report has been modified. A new information column has been added with an icon in each row. Clicking on this icon will display a summary of the Security Vulnerability Information Sonatype has curated.
Terms of Service Privacy Policy
Copyright ©
2008-present, Sonatype Inc. All rights reserved. Includes the
third-party code listed here. Sonatype and Sonatype Nexus are trademarks
of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache
Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
All other trademarks are the property of their respective owners.
Sonatype Headquarters - 8161
Maple Lawn Blvd #250, Fulton, MD 20759
Tysons Office - 8251 Greensboro Drive #610, McLean, VA
22102
Australia Office - 5 Martin Place, Level 14, Sydney 2000, NSW, Australia