Bug

• [SONAR-11639] - Some directories are not collapsed in pull requests
• [SONAR-12169] - Provisioned applications should not act like a project
• [SONAR-12215] - Projects list is not accessible
• [SONAR-12255] - Docs nav tree non longer opened when accessing via a direct link
• [SONAR-12258] - Latest version shown as "old" when docs is updated
• [SONAR-12374] - Prevent double icons in documentation
• [SONAR-12375] - Floating TOC and wide content overlap in documentation
• [SONAR-12429] - 404 when opening the embedded doc in a new tab
• [SONAR-12452] - Scrolling problem when navigating issue locations
• [SONAR-12622] - Edition of an application's description does not behave properly
• [SONAR-12684] - Spinner is chopped-off when searching a specific rule in the issue page facets
• [SONAR-12762] - Rules Bulk Change Dropdown is partially hidden
• [SONAR-12802] - Moved File Detection should be used when calculating new lines
• [SONAR-12829] - Wrong error message is displayed on Portfolio/Application when license is invalid
• [SONAR-12862] - Fix open redirect vulnerability
• [SONAR-12864] - Fix XXE vulnerability in unused deprecated code
• [SONAR-12883] - Background task message is incorrect if exporting/importing a project
• [SONAR-12886] - Do not show an "Archived" warning for LTS documentation
• [SONAR-12912] - Tags should not misleadingly be associated to branches
• [SONAR-12927] - Moved File Detection doesn't work for Cobol
• [SONAR-12937] - Text indentation issue on Application and Portfolio activity page
• [SONAR-12941] - Project import/export loses new code period settings
• [SONAR-13019] - Keys of rules created from template are not renamed when template rule key is renamed
• [SONAR-13030] - Error when adding notifications to applications
• [SONAR-13072] - GitLab CI PR decoration infinite loop with SSL certificates
• [SONAR-13089] - Groups with permission are no more at the top when large number of groups in Permission Templates page
• [SONAR-13098] - Do not show Most Violated Projects breakdown for Security Hotspot rules
• [SONAR-13103] - Parsing errors in documentation page breaks the whole documentation app
• [SONAR-13117] - Fix unauthorized access to source code
• [SONAR-13583] - Project import fails on Windows

New Feature

• [SONAR-12632] - Implement the new Project and Application dashboard design
• [SONAR-12717] - New dedicated project page displays the list of Security Hotspots
• [SONAR-12865] - Support PostgreSQL 11 and 12
• [SONAR-12962] - Display new Security Review measures in Projects/Applications Overview page
• [SONAR-13001] - Allow Bitbucket Server repositories to be imported as projects

Task

• [SONAR-12831] - Upgrade jackson-databind from 2.9.9.2 to 2.10+
• [SONAR-12875] - Upgrade sonar-java to 6.0
• [SONAR-12888] - Migrate sonar.typescript.lcov.reportPaths to sonar.javascript.lcov.reportPaths
• [SONAR-12889] - Dockerfile should use some cryptographic signature to verify the downloaded zip
• [SONAR-12893] - Make the SQ QA fast&furious
• [SONAR-12895] - Upgrade sonar-cfamilly to 6.6
• [SONAR-13097] - Upgrade analyzers
• [SONAR-13142] - Separate storage of Projects and Applications from Components

Improvement

• [SONAR-12060] - Fix very long project names causing display issues
• [SONAR-12355] - Lack of visual feedback when adding a new condition to a Quality Gate
• [SONAR-12467] - "Return to list" button is misleading when reaching the rule through a permalink
• [SONAR-12488] - Make official that Docker images can be used in production
• [SONAR-12509] - Improve settings scrolling
• [SONAR-12608] - Update the Editions marketing content on the /Marketplace page
• [SONAR-12613] - No confirmation when saving the New Code period Setting
• [SONAR-12633] - Extract project information into a side drawer
• [SONAR-12637] - Improve activity list's tooltips
• [SONAR-12645] - Move project/application/portfolio administration menu
• [SONAR-12648] - Change "Metrics" label to "Main measures" on PR dashboard
• [SONAR-12678] - Use lines metric instead of ncloc to determine if a project is empty or not
• [SONAR-12718] - Security Hotspots page displays details of Security Hotpost
• [SONAR-12719] - Security Hotspots page allows to resolve a Security Hotspot
• [SONAR-12720] - Security Hotspots page allows to comment a Security Hotspot
• [SONAR-12721] - Display Security Hotspots page on branches and pull requests
• [SONAR-12722] - Drop "IN_REVIEW" status for Security Hotspots
• [SONAR-12723] - Do not display Security Hotspots in issue page anymore
• [SONAR-12724] - Update link for Security Hotspots count in Github PR decoration
• [SONAR-12725] - Drop manual Vulnerabilities
• [SONAR-12726] - Show Security Hotspots page on applications
• [SONAR-12727] - Security Hotspots page allows to filter hotspots assigned to the current user
• [SONAR-12745] - Change notifications to account for Hotspots not being issues anymore
• [SONAR-12751] - Security Hotspots page displays reviewed hotspots
• [SONAR-12753] - Security Hotspots page allows to change status of a reviewed hotspot
• [SONAR-12754] - Security Hotspots page allows to assign a hotspot to another user
• [SONAR-12793] - Simplify the configuration of PR decoration for editions with no support of multiple ALMs
• [SONAR-12796] - Permission template page's table padding is inconsistent
• [SONAR-12797] - Security Hotspots page allows to filter by hotspots keys param
• [SONAR-12874] - PR decoration link should point to new hotspots page
• [SONAR-12877] - Add aria-label to quality gate badges if shown without context
• [SONAR-12878] - Add aria-label to tag list group
• [SONAR-12880] - Improve tag select accessibility
• [SONAR-12882] - Add aria-label to Toggle button to distinguish states
• [SONAR-12922] - Manage comments on security hotspots
• [SONAR-12933] - Make link label of rule tabs more explicit
• [SONAR-12955] - Accept IPv6 adresses in cluster properties
• [SONAR-12960] - Make Security Review Rating more intuitive on Portfolios
• [SONAR-12961] - Add Security Review facet in Projects page
• [SONAR-12963] - Display new Security Review measures in Pull request Overview page
• [SONAR-12964] - Display Security Review % in Security Hotspots page
• [SONAR-12965] - Add new Security Review facet in Measures page
• [SONAR-12966] - Allow usage of new Security Review measures in Quality Gate
• [SONAR-13002] - Auto-configure PR decoration of imported Bitbucket Server projects
• [SONAR-13004] - Validate Bitbucket Server Personal Access Token during on-boarding
• [SONAR-13027] - Search for repositories on Bitbucket Server
• [SONAR-13033] - Display the new Security Review measures in the Project/Application's overview
• [SONAR-13035] - Group global ALM authentication and PR Decoration settings into a single category
• [SONAR-13068] - Add hotspots reviewed and rating to applications in portfolio list
• [SONAR-13077] - Drop support for "--init" parameter in SQ docker images
• [SONAR-13078] - Enable configuring the server by environment variables
• [SONAR-13079] - Remove support for using `/conf` and copying `sonar.properties` in SQ docker image
• [SONAR-13080] - Update provided docker-compose recipe for SQ docker images
• [SONAR-13081] - Revert to previous entrypoint location in SQ docker images
• [SONAR-13099] - ALM settings WS for GitLab should support URL and project binding
• [SONAR-13100] - Decorate GitLab MR based on settings
• [SONAR-13101] - Configure URL and Project IDs for GitLab MR decoration
• [SONAR-13108] - Portfolio report email should contain the "Security Review" measure
• [SONAR-13113] - Deprecate environment variable interpolation mechanism in sonar.properties

Documentation

• [SONAR-12854] - Update documentation for new Security Hotspots page
• [SONAR-12905] - Update paths in the docs for new projects UI
• [SONAR-12956] - Update C++ part of the Azure DevOps documentation
• [SONAR-13070] - Update docs for creating projects from BBS repos and auto PR configuration
• [SONAR-13091] - Update docs to officially support Docker

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.