Home > Addons > Nuxeo Aspera Connector > Nuxeo Aspera Release Notes
Addons

Nuxeo Aspera Release Notes

Updated: March 4, 2026

What's New in Aspera for LTS 2025 (Version 2025.1.7)

This release includes a bug fix, vulnerability fixes and some technical enhancements.

Released Changes

Bug Fixes

Improved the link behavior for the Location field in the Aspera Transfer Document Edit view. Clicking the suggested document now opens it cleanly in a new browser tab without interrupting the edit session.

Modal Dialog Behavior in Upload Page

Enhanced user feedback when the IBM Aspera Client selection window is already open. Instead of failing silently, users now see a clear message: "Modal dialog already opened."

Security Improvements

Code Scanning and Dependency Security

  • Addressed multiple security vulnerabilities reported by GitHub Code Scanning in the nuxeo-aspera-connector, including a fix for an implicit narrowing conversion vulnerability.

  • Resolved a critical Prototype Pollution vulnerability in the handlebars dependency for nuxeo-aspera-web by upgrading to a secure version.

Functional Enhancements

Transfer Action Synchronization

The Aspera connector now fully supports pause, resume, and remove actions initiated from IBM Aspera Client Connect.

  • Dashboard statuses in Nuxeo remain in sync.
  • Delete is automatically disabled for in‑progress transfers to prevent inconsistent states.

Quality and Maintainability Improvements

Automated Code Coverage and SonarCloud

  • Added automated code coverage reporting and SonarCloud integration for both backend and frontend of the Aspera connector on the lts‑2025 branch, improving test visibility and code quality.

  • Extended code coverage support to the lts‑2023 branch for consistent quality metrics across supported versions.

What's New in Aspera for LTS 2025 (version 2025.1.6)

This release includes a bug fix, vulnerability fixes and some technical enhancements.

Released Changes

Bug fix

Make Aspera API max_items parameter optional

An issue was encountered when max_items param was included in '/ops/transfers' request, which displayed "400 Bad request" with message - "max_items var not applicable to single transfer queries". To resolve this issue, a new framework property 'aspera.transfers.max.items' was added which can be configured in nuxeo.conf file. This makes adding the property as optional for single transfer queries. If it is set to zero, the max_items param is omitted from the API call.

Vulnerability fixes

  • Updated data types from int to long to ensure compound assignments do not cause implicit conversions. This was reported as a vulnerability in codeQL scan.

  • Included permissions in workflow file. This was reported as a vulnerability in codeQL scan.

    Technical enhancements

  • Added the maven enforcer steps introduced in nuxeo-opensearch2 addon that checks the commit to keep the project ready for release any time.

  • Fixed the FFmpeg installation in Oracle Linux 9.

  • Optimized Docker Image build with bind mount.

  • Helmfile descriptors have been updated so that external repositories can use them. Now nuxeo-aspera-connector supports nuxeo-lts v2025.7.

  • Updated shared library to use the migrated Jira APIs. These APIs were migrated as they were deprecated.

  • Enabled Dependabot daily SCA checks.