Release Notes - SonarQube - Version 8.4 - HTML format

Bug

  • [SONAR-11914] - Prevent JavaScript from being executed in the About page
  • [SONAR-12843] - Error 500 when creating an Application branch name that already exist
  • [SONAR-12911] - Code coverage information is not accessible to blind users
  • [SONAR-12920] - Add product footer to the Hotspots page
  • [SONAR-13023] - About page doesn't display the security hotspot's count
  • [SONAR-13202] - Homepage icon not correctly "checked" for the Main Branch of a Project
  • [SONAR-13324] - Fix Stored XSS vulnerability in rules's description
  • [SONAR-13327] - Prevent SAML replay
  • [SONAR-13328] - SAML responses must be validated
  • [SONAR-13341] - Fix Blind Server-Side Request Forgery (SSRF) in Webhook
  • [SONAR-13342] - Links to project are broken in the portfolio page
  • [SONAR-13344] - Disabled Project Create button not grayed out
  • [SONAR-13354] - Fix Reverse Tabnabbing vulnerability through Rules ‘Extend Description’
  • [SONAR-13366] - Insufficient priviliges to vizualize applications overview
  • [SONAR-13372] - User JWT Token refresh occurs with every HTTP request instead of every 5 minutes
  • [SONAR-13374] - Duplication density on new code table shows the same header for density and line count
  • [SONAR-13408] - Don't close activity metrics dropdown when clicking inside it
  • [SONAR-13419] - Activity panel on overview doesn't always show latest analysis
  • [SONAR-13452] - Scanner fails if no HEAD reference is found with git
  • [SONAR-13460] - Hotspot count to review has a max value of 500
  • [SONAR-13461] - Fix Log forging vulnerability in system logs
  • [SONAR-13462] - Portfolio overview activity links should point to the correct metric
  • [SONAR-13472] - Fix SSF-113
  • [SONAR-13489] - Can't assign hotspots in branches
  • [SONAR-13494] - ALM binding table blinks shortly out of existence when deleting a binding
  • [SONAR-13499] - Webapp is broken for IE11
  • [SONAR-13500] - Code block has broken formatting inside a list item
  • [SONAR-13529] - Jenkins auto-configuration not working when running the scanner docker image
  • [SONAR-13553] - Issues' show more can be clicked multiple times
  • [SONAR-13567] - Measures graph zoom is broken

New Feature

  • [SONAR-13296] - Explain how to set up Jenkins for analysis with SonarQube and Bitbucket Server
  • [SONAR-13391] - New type of New Code Period with a "reference branch"

Task

  • [SONAR-12938] - Fix IssuesPageTest.should_open_selected_issue FP
  • [SONAR-12949] - First iteration of an automated mechanism to perform DB migration tests
  • [SONAR-13365] - Perform DB Migration performance tests for 8.4
  • [SONAR-13367] - Bump to sonar-ui-common@1.0.1-3
  • [SONAR-13380] - Drop favourite files from Property DB table
  • [SONAR-13382] - Drop file search components references in UI
  • [SONAR-13395] - Drop file favourites from UI
  • [SONAR-13447] - Update the Upgrade Notes with deprecated WS parameters and plugin API method
  • [SONAR-13478] - Update docs for creating projects from Github repos and auto PR configuration
  • [SONAR-13495] - Release and embed Git 1.12.0.2034 and SVN 1.10.0.1917 plugins
  • [SONAR-13496] - Update sonar-javascript, sonar-python to latest release(s)
  • [SONAR-13563] - Update analyzers to latest releases

Improvement

  • [SONAR-12266] - Drop "mark file as favorite"
  • [SONAR-12884] - Display nice error message when creating a project with invalid characters in key
  • [SONAR-12914] - Security report page links to hotspot should propagate the desired category
  • [SONAR-12989] - Display project extension's menu for all branches & pull requests
  • [SONAR-13075] - Show a legend for the New Code period on the activity graph
  • [SONAR-13114] - Clicking on the Homepage button reverts back to the default if already checked
  • [SONAR-13116] - Improve help message when Bitbucket repository import is not available
  • [SONAR-13130] - Capitalize the "I" in Project information and Application information
  • [SONAR-13152] - Use consistent spelling for "analyze"
  • [SONAR-13192] - Display nice error message when updating a project key with invalid character
  • [SONAR-13221] - Replace all AUTO_INCREMENT columns by UUID
  • [SONAR-13248] - Deprecate and change use of metric id in web services
  • [SONAR-13249] - Deprecate and change use of group id in web services
  • [SONAR-13271] - Add padding to hotspots list
  • [SONAR-13291] - Remove the possibility to search files within the whole instance and speed up indexing time
  • [SONAR-13297] - Allow users to permanently skip the Jenkins tutorial's "Prerequisites" section
  • [SONAR-13300] - Deprecate and change use of id in quality gate web services
  • [SONAR-13331] - Display the external engine name instead of ID in Issues
  • [SONAR-13336] - Larger click target for “Create new project” link
  • [SONAR-13339] - Disable component links when no analysis has been run yet
  • [SONAR-13355] - Application deletion should go back to projects page
  • [SONAR-13371] - Bitbucket Server pull request decoration raises a warning.
  • [SONAR-13373] - Fail when sonar.web.sessionTimeoutInMinutes is lower than 5mins
  • [SONAR-13385] - Sort plugins on Marketplace alphabetically
  • [SONAR-13386] - Don't show plugin dependency "will get installed" if it's already installed
  • [SONAR-13390] - Detect date of the fork with reference branch
  • [SONAR-13398] - Project pages should be unavailable as long as issues indexing is in progress
  • [SONAR-13399] - It should be explicit in Projects page which project is indexed or not
  • [SONAR-13400] - Portfolio pages are unavailable as long as all projects indexing are in progress
  • [SONAR-13402] - Application pages should be unavailable as long as issues indexing is in progress
  • [SONAR-13413] - Issues page should be unavailable as long as issues indexing is in progress
  • [SONAR-13420] - Breaking change of org.sonar.api.rules.Rule#getId() in plugin API
  • [SONAR-13436] - Update web API documentation and example
  • [SONAR-13438] - Formalize backup/restore documentation
  • [SONAR-13444] - Display issues indexing tasks in the Background Task page
  • [SONAR-13459] - Sort Quality Profiles by display name
  • [SONAR-13467] - On Portfolios list page, "My Portfolios" should read "My Favorites"
  • [SONAR-13473] - Import GitHub repositories
  • [SONAR-13474] - Auto-configure PR decoration of imported GitHub projects
  • [SONAR-13475] - List Github repositories
  • [SONAR-13479] - Re-organize creation menu
  • [SONAR-13481] - About page should not display issues statistics as long as issues indexation is in progress
  • [SONAR-13517] - Improve code snippets visually
  • [SONAR-13524] - Add import from GitHub feature handling in Settings
  • [SONAR-13527] - Show full filename on hover in the concise issues list
  • [SONAR-13557] - Show full directory facet path on hover

Documentation

  • [SONAR-13295] - Explain how to set up Jenkins for analysis with SonarQube and Bitbucket Server
  • [SONAR-13425] - Update README and Docs for SonarScanner Docker Image
  • [SONAR-13503] - Update Specifying Exclusion Example in Narrowing the Focus
  • [SONAR-13550] - Update HTTPS configuration on Operate the Server page
  • [SONAR-13560] - Add Python Rules S5131 and S2631 to Security Engine Docs

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.