From 1af084269265a310fb10cdc0d8b82203450a0f90 Mon Sep 17 00:00:00 2001
From: brais <26645694+braisvq1996@users.noreply.github.com>
Date: Fri, 17 May 2024 10:35:06 +0200
Subject: [PATCH] update Nexus to 3.68.1-java11 to fix CVE-2024-4956 (#1286)

---
 CHANGELOG.md                             | 1 +
 configuration-sample/ods-core.env.sample | 4 ++--
 nexus/chart/Chart.yaml                   | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 00ca9aa5c..25358aa50 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@
 
 ### Changed
 - Update SonarQube to 9.9.5 and configure resources for Nexus and Sonarqube in ods-configuration ([#1283](https://github.com/opendevstack/ods-core/pull/1283))
+- Update Nexus to 3.68.1-java11 to address a critical vulnerability ([#1286](https://github.com/opendevstack/ods-core/pull/1286))
 
 ## [4.4.0] - 2024-04-22
 
diff --git a/configuration-sample/ods-core.env.sample b/configuration-sample/ods-core.env.sample
index fb6b920ce..a381f39e0 100644
--- a/configuration-sample/ods-core.env.sample
+++ b/configuration-sample/ods-core.env.sample
@@ -45,8 +45,8 @@ ODS_BITBUCKET_PROJECT=opendevstack
 # Nexus base image
 # See Dockerhub https://hub.docker.com/r/sonatype/nexus3/tags.
 # Officially supported is:
-# - 3.67.1-java11
-NEXUS_IMAGE_TAG=3.67.1-java11
+# - 3.68.1-java11
+NEXUS_IMAGE_TAG=3.68.1-java11
 
 # Nexus host without protocol.
 # The domain should be equal to OPENSHIFT_APPS_BASEDOMAIN (see below).
diff --git a/nexus/chart/Chart.yaml b/nexus/chart/Chart.yaml
index 235d053c1..207e5a7f2 100644
--- a/nexus/chart/Chart.yaml
+++ b/nexus/chart/Chart.yaml
@@ -21,4 +21,4 @@ version: 1.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.67.1-java11"
+appVersion: "3.68.1-java11"