Release Notes - SonarQube - Version 9.0 - HTML format

Sub-task

  • [SONAR-14816] - Add form to ask Bitbucket Cloud Username and App Password
  • [SONAR-14821] - Add for to search for project and display list of return project.
  • [SONAR-14826] - Add WS to save username and App Password
  • [SONAR-14828] - create search project WS endpoint for bitbucket cloud

Bug

  • [SONAR-11407] - Permission index recovery fails if there is too many projects to recover
  • [SONAR-13513] - Executing a WS that contains null bytes in the query can generate a 500 error
  • [SONAR-14559] - When updating a rule, the severity is not propagate to inherited profiles
  • [SONAR-14605] - Inconsistent response of rule name in "api/issues/search" and "api/rules/show"
  • [SONAR-14641] - Issue search api does not always return the same issues
  • [SONAR-14791] - Outdated DB versions in sonar.properties
  • [SONAR-14807] - Analysis task failure when sending email notification on Quality Gate change
  • [SONAR-14837] - Security review rating facet doesn't show project counts
  • [SONAR-14854] - Do not use TLSv1.1 when encryption between Elasticsearch nodes is set up
  • [SONAR-14861] - GitHub Check live update is not working for monorepositories
  • [SONAR-14870] - DNS cache never expires causing PR decoration to fail
  • [SONAR-14890] - Link to documentation in Warnings should be relative
  • [SONAR-14891] - Generated javadocs have broken references
  • [SONAR-14906] - Coverage rounding discrepancy on Pull Requests
  • [SONAR-14917] - Misleading memory amounts displayed in Administration > System
  • [SONAR-14944] - NPE when updating a Permission Template created via WS without a description
  • [SONAR-14945] - Incorrect API description for api/qualityprofiles/projects
  • [SONAR-14960] - Elasticsearch deprecation warning - JAVA HOME
  • [SONAR-15057] - CeTasksMBean violates JMX Spec
  • [SONAR-15060] - Database migration dropping index should not fail when index does not exist
  • [SONAR-15074] - Fix SSF-173
  • [SONAR-15091] - Compute engine fails with NPE if an external issue has an empty message
  • [SONAR-15092] - Security Hotspots Page: "New Code" filter criteria is not applied on Branches of Applications
  • [SONAR-15109] - Project webhooks are listed as global webhooks
  • [SONAR-15115] - File sources for Security Hotspots don't show on application branches
  • [SONAR-15118] - Reading DevOps response header should be case-insensitive
  • [SONAR-15121] - Remove broken permalink from hotspot snippet

New Feature

  • [SONAR-14802] - Search bitbucket cloud repository for onboarding
  • [SONAR-14803] - Enable bitbucket cloud when adding a project
  • [SONAR-14804] - Identify already imported bitbucket cloud repository when onboarding
  • [SONAR-14805] - Import a repository from bitbucket cloud
  • [SONAR-14806] - Enable main branch detection for bitbucket cloud onboarding
  • [SONAR-14817] - Provide a Bitbucket Pipe that runs the SonarQube scanner
  • [SONAR-14820] - Provide a Bitbucket Pipe that polls for the SonarQube Quality Gate status
  • [SONAR-14822] - Provide a Github Action that runs the SonarQube scanner
  • [SONAR-14825] - Provide a GitHub Action that polls for the Quality Gate status
  • [SONAR-14830] - Provide DOD-approved SonarScanner Docker image
  • [SONAR-14851] - Report Quality Gate status on branches in GitHub
  • [SONAR-14866] - Improve C# analysis - Existing Rules Handle C#9 Record Types
  • [SONAR-14892] - Enable Jenkins tutorial to BitbucketCloud projects
  • [SONAR-14893] - Add Bitbucket Pipeline tutorial
  • [SONAR-14916] - Add URL to BitbucketCloud instances returned by alm_settings/list
  • [SONAR-14919] - Improve RPG analysis - Support for IBM RPG 7.4
  • [SONAR-14927] - Improve C# analysis - C# 9 target-typed new expressions for existing rules
  • [SONAR-14928] - Improve JavaScript/TypeScript analysis - Support for TypeScript 4.3, 1 new security rule
  • [SONAR-14931] - Improve CFamily analysis: Compilation Database support, C++20 support on SonarQube
  • [SONAR-14935] - Prompt users for next steps once the first analysis is finished
  • [SONAR-14968] - Add Azure pipeline tutorial for github project
  • [SONAR-15028] - Explain how to analyse C/C++/Objective C with GitHub Actions
  • [SONAR-15029] - Explain how to analyse C/C++/Objective C with Bitbucket Pipelines
  • [SONAR-15033] - Explain how to analyse C/C++/Objective C with Jenkins
  • [SONAR-15034] - Explain how to analyse C/C++/Objective C with Gitlab-CI
  • [SONAR-15067] - Improve C# analysis - Rule S2115 detects issues in JSON files
  • [SONAR-15087] - Kotlin: more accurate Code Smell, Bug rules - 10 new Security rules - ktlint
  • [SONAR-15088] - Improve JS analysis: detect Vue DOM-XSS hotspot, Vue syntax highlighting for template
  • [SONAR-15093] - Support of Java 16
  • [SONAR-15127] - Improve security analysis: Python analysis is field sensitive - Java supports Lambda expressions

Task

  • [SONAR-14387] - Drop support of Internet Explorer 11 and legacy browsers
  • [SONAR-14790] - Update front-end dependencies
  • [SONAR-14792] - Remove DB migrations prior to 8.9, create a 9.0 initial schema
  • [SONAR-14794] - Optimize ITs to lower run time
  • [SONAR-14812] - Check bitbucket cloud ITs
  • [SONAR-14813] - Drop installation of dropped plugin in ITs
  • [SONAR-14849] - Document Scanner GitHub Action must be manually released when Scanner CLI is updated
  • [SONAR-14855] - Document Scanner Bitbucket Pipe must be manually released when Scanner CLI is updated
  • [SONAR-14856] - Publish GitHub Actions to the Marketplace
  • [SONAR-14857] - Publish Bitbucket Pipes to the Marketplace
  • [SONAR-14869] - Improve Python analysis: more accurate analysis of Python in SonarLint
  • [SONAR-14882] - Remove staxmate and woodstox dependencies from plugin API
  • [SONAR-14885] - Remove deprecated XMLRuleParser in the Plugin API
  • [SONAR-14888] - Fix ApplicationScenarioTest.test_as_application_creator() "Element not found {.tutorial-selection}" false positive
  • [SONAR-14908] - Deprecate 'RulesDefinitionXmlLoader' in the Sonar plugin API
  • [SONAR-14925] - Remove code deprecated before 7.0 in the Plugin API
  • [SONAR-14930] - Rewrite Gitlab ITs to work with HTTPS & enable Gitlab Onboarding ITs
  • [SONAR-15035] - Fix SQ quality issues related to the use of ImmutableList with Java 11
  • [SONAR-15041] - enable test_upgrade_from_8_9_LTS
  • [SONAR-15080] - Update pdfbox to Version 2.0.24
  • [SONAR-15101] - Improve Flex analysis

Improvement

  • [SONAR-10230] - Project search should support search by partial project key
  • [SONAR-11586] - Do not let admin remove their own admin right
  • [SONAR-13135] - It should not be possible to select "Security Hotspots Reviewed" in Portfolio's Activity page
  • [SONAR-13184] - Security Review Rating: measure drill-down should end on the Security Hotspots page when clicking on a file
  • [SONAR-13191] - Fail the analysis when a project is using an invalid key
  • [SONAR-13509] - Add rule title and ID in hotspot page
  • [SONAR-14463] - Github onboarding should be able to search forked project
  • [SONAR-14760] - Failed QG related to "Security Hotspots Review" ratings should redirect to Security Hotspots page
  • [SONAR-14801] - Authenticate user to access list of bitbucket cloud repository
  • [SONAR-14832] - Use our custom GitHub Actions in the GitHub tutorial
  • [SONAR-14833] - Order of fields in SMTP settings is not ideal
  • [SONAR-14865] - Improve VB analysis - skip Utility Analyzers for complex files
  • [SONAR-14871] - Add project Pull Request decoration's settings validation
  • [SONAR-14872] - Display PR decoration's settings validation errors after project onboarding
  • [SONAR-14873] - Ease comprehension of project Pull Request decoration's settings form
  • [SONAR-14886] - Plugins should not modify SonarQube's home directory
  • [SONAR-14887] - Clarify the meaning of "since" and "to" parameters for api/qualityprofiles/changelog
  • [SONAR-14913] - Update Azure Pipelines logo
  • [SONAR-14924] - Detect changed lines when running analysis in git submodules
  • [SONAR-14926] - Improve VB analysis - minor improvements
  • [SONAR-14932] - Improve the Create Project page
  • [SONAR-14933] - Make all tutorials available when the project isn't bound to a DevOps Platform
  • [SONAR-14934] - Improve the manual tutorial
  • [SONAR-14936] - Add new suggestions to the Overview page
  • [SONAR-14938] - Fallback on the Create Project page when the instance doesn't contain any project
  • [SONAR-14939] - Mention in all tutorials that Pull Request Decoration will be automatically set up
  • [SONAR-14940] - Ensuring the Java analyzer works at best with incorrect manual configuration of the raw scanner
  • [SONAR-14941] - Improve the project manual creation form
  • [SONAR-14942] - Improve Project Pull Request Decoration page when no DevOps Plaform are configured yet
  • [SONAR-14943] - Adjust the Add Project button layout on the Projects page
  • [SONAR-14946] - Improve wording on Quality Gate conditions tooltip
  • [SONAR-14951] - Scanners require Java 11
  • [SONAR-14957] - Bitbucket Server PR decoration requires READ permission only
  • [SONAR-15050] - Github imported project should have link to its SQ project
  • [SONAR-15054] - Improve PR Decoration Warning for long Bitbucket Monorepo Key
  • [SONAR-15056] - Allow external issues to be raised at project level
  • [SONAR-15066] - Improve VB analysis - Minor Improvements
  • [SONAR-15068] - Add missing tooltips for Bitbucket Configuration
  • [SONAR-15069] - Add missing tooltips for Github Configuration
  • [SONAR-15094] - Add MODULE lifespan in SonarLintSide annotation
  • [SONAR-15095] - Improve CFamily analysis
  • [SONAR-15120] - Ease project creation page comprehension for admin
  • [SONAR-15126] - Improve CFamily analysis

Documentation

  • [SONAR-13476] - Remove screenshots from Sonar DB Copy Tool docs
  • [SONAR-14008] - Document that sonar.projectKey is case sensitive
  • [SONAR-14131] - Clarify extending and copying Quality Profiles in the docs
  • [SONAR-14622] - Use gender neutral wording in Documentation
  • [SONAR-14811] - Add bitbucket cloud importing project section
  • [SONAR-14814] - SonarScanner .NET docs formatting issue
  • [SONAR-14818] - Document use of SonarQube's pipes for Bitbucket Pipelines
  • [SONAR-14823] - Document use of Actions for GitHub Actions
  • [SONAR-14836] - Improve docs example for api/hotspots/search - hotspots parameter
  • [SONAR-14844] - Document the limitations on block PR policy when using a monorepo
  • [SONAR-14852] - Mention status reporting on branches on GitHub
  • [SONAR-14867] - Document migrating from the zip file to docker
  • [SONAR-14868] - Fix the auto-populated values in the Environment Variables page
  • [SONAR-14894] - Add Bitbucket Cloud to Jenkins' documentation
  • [SONAR-14895] - Add .net example to Bitbucket Pipelines' documentation
  • [SONAR-14922] - Update the Upgrade Notes with the end of support for IE11 and legacy browsers
  • [SONAR-14923] - Update the Upgrades Notes with the Java 11 requirement for Scanners
  • [SONAR-14952] - DOC - Scanners require Java 11
  • [SONAR-15031] - Reference "ktlint" as a supported External Analyzer for Kotlin
  • [SONAR-15045] - Update scanner for Gradle to 3.3 in doc and tutorials
  • [SONAR-15062] - Parts of the Plugin Java API deprecated before 7.0 were dropped
  • [SONAR-15078] - Finalize Upgrade Notes

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.