If you are currently utilizing Sonatype Nexus Repository or the Sonatype Nexus Repository Community Edition (previously known as Nexus Repository OSS) on OrientDB, it’s important to recognize that your system is built on a legacy database architecture that no longer meets contemporary security and platform standards. Support for OrientDB in Nexus Repository has officially been discontinued, meaning that any deployments relying on this database will no longer receive assistance.
While certain issues associated with newer architectures have been addressed, the legacy OrientDB-based stack cannot fully remediate these concerns. Consequently, a widening gap exists between what can be secured and what remains unmanageable.
The Problem: OrientDB Is No Longer Defensible
Older versions of Nexus Repository (prior to 3.70.5) are dependent on an architecture centered around OrientDB and outdated software dependencies. This outdated stack now presents:
- High-severity vulnerabilities.
- Active exploitation in the wild.
- No complete patch path.
Continuing to operate on OrientDB imposes increasing operational constraints, as security fixes cannot always be backported. Meanwhile, platform innovation is progressing elsewhere. PostgreSQL has emerged as the recommended and actively supported database for Nexus Repository, offering significant enhancements in performance, improved support for high availability and cloud-native architectures, as well as access to new and future product capabilities that are not being developed for OrientDB.
The Decision: Two Supported Paths Forward
Upon deciding to transition away from OrientDB, you will find two supported migration paths available. Both options eliminate reliance on OrientDB, differing primarily in the extent of infrastructure responsibility your team wishes to maintain.
Option A: Move to Sonatype Nexus Repository Cloud (Recommended)
The most efficient and secure route is to transition to Nexus Repository Cloud. The advantages of this migration include:
- Fully managed infrastructure.
- Automatic updates and patching.
- Reduced operational overhead.
- Built-in scalability and resilience.
- Elimination of database management entirely.
This approach alleviates the operational burden associated with database management, ensuring that you are consistently operating on a current and supported architecture.
Option B: Stay Self-Hosted and Migrate to PostgreSQL
If maintaining a self-hosted environment is essential, the supported path is to migrate to PostgreSQL. This option allows you to retain your deployment model while aligning your system with a supported and actively developed database layer. However, it still necessitates infrastructure ownership, ongoing patching and maintenance, and meticulous execution of the migration process.
Setting Up Your Repository for the Future
Transitioning away from OrientDB is fundamentally about aligning your repository with a secure, supported, and forward-thinking architecture. By integrating Sonatype’s migration guidance with modern DevOps practices and automated workflows, you can transform a complex migration into a structured and repeatable process—one that minimizes risk while enhancing long-term maintainability.
For comprehensive migration steps, prerequisites, and troubleshooting assistance, refer to the full migration guide or connect with a Sonatype migration specialist for tailored support.
