Bug
- [SONAR-11914] - Prevent JavaScript from being executed in the About page
- [SONAR-12843] - Error 500 when creating an Application branch name that already exist
- [SONAR-12911] - Code coverage information is not accessible to blind users
- [SONAR-12920] - Add product footer to the Hotspots page
- [SONAR-13023] - About page doesn't display the security hotspot's count
- [SONAR-13202] - Homepage icon not correctly "checked" for the Main Branch of a Project
- [SONAR-13324] - Fix Stored XSS vulnerability in rules's description
- [SONAR-13327] - Prevent SAML replay
- [SONAR-13328] - SAML responses must be validated
- [SONAR-13341] - Fix Blind Server-Side Request Forgery (SSRF) in Webhook
- [SONAR-13342] - Links to project are broken in the portfolio page
- [SONAR-13344] - Disabled Project Create button not grayed out
- [SONAR-13354] - Fix Reverse Tabnabbing vulnerability through Rules ‘Extend Description’
- [SONAR-13366] - Insufficient priviliges to vizualize applications overview
- [SONAR-13372] - User JWT Token refresh occurs with every HTTP request instead of every 5 minutes
- [SONAR-13374] - Duplication density on new code table shows the same header for density and line count
- [SONAR-13408] - Don't close activity metrics dropdown when clicking inside it
- [SONAR-13419] - Activity panel on overview doesn't always show latest analysis
- [SONAR-13452] - Scanner fails if no HEAD reference is found with git
- [SONAR-13460] - Hotspot count to review has a max value of 500
- [SONAR-13461] - Fix Log forging vulnerability in system logs
- [SONAR-13462] - Portfolio overview activity links should point to the correct metric
- [SONAR-13472] - Logout does not terminate the session
- [SONAR-13489] - Can't assign hotspots in branches
- [SONAR-13494] - ALM binding table blinks shortly out of existence when deleting a binding
- [SONAR-13499] - Webapp is broken for IE11
- [SONAR-13500] - Code block has broken formatting inside a list item
- [SONAR-13529] - Jenkins auto-configuration not working when running the scanner docker image
- [SONAR-13553] - Issues' show more can be clicked multiple times
- [SONAR-13567] - Measures graph zoom is broken
New Feature
- [SONAR-13296] - Explain how to set up Jenkins for analysis with SonarQube and Bitbucket Server
- [SONAR-13391] - New type of New Code Period with a "reference branch"
Task
- [SONAR-12938] - Fix IssuesPageTest.should_open_selected_issue FP
- [SONAR-12949] - First iteration of an automated mechanism to perform DB migration tests
- [SONAR-13365] - Perform DB Migration performance tests for 8.4
- [SONAR-13367] - Bump to sonar-ui-common@1.0.1-3
- [SONAR-13380] - Drop favourite files from Property DB table
- [SONAR-13382] - Drop file search components references in UI
- [SONAR-13395] - Drop file favourites from UI
- [SONAR-13447] - Update the Upgrade Notes with deprecated WS parameters and plugin API method
- [SONAR-13478] - Update docs for creating projects from Github repos and auto PR configuration
- [SONAR-13495] - Release and embed Git 1.12.0.2034 and SVN 1.10.0.1917 plugins
- [SONAR-13496] - Update sonar-javascript, sonar-python to latest release(s)
- [SONAR-13563] - Update analyzers to latest releases
Improvement
- [SONAR-12266] - Drop "mark file as favorite"
- [SONAR-12884] - Display nice error message when creating a project with invalid characters in key
- [SONAR-12914] - Security report page links to hotspot should propagate the desired category
- [SONAR-12989] - Display project extension's menu for all branches & pull requests
- [SONAR-13075] - Show a legend for the New Code period on the activity graph
- [SONAR-13114] - Clicking on the Homepage button reverts back to the default if already checked
- [SONAR-13116] - Improve help message when Bitbucket repository import is not available
- [SONAR-13130] - Capitalize the "I" in Project information and Application information
- [SONAR-13152] - Use consistent spelling for "analyze"
- [SONAR-13192] - Display nice error message when updating a project key with invalid character
- [SONAR-13221] - Replace all AUTO_INCREMENT columns by UUID
- [SONAR-13248] - Deprecate and change use of metric id in web services
- [SONAR-13249] - Deprecate and change use of group id in web services
- [SONAR-13271] - Add padding to hotspots list
- [SONAR-13291] - Remove the possibility to search files within the whole instance and speed up indexing time
- [SONAR-13297] - Allow users to permanently skip the Jenkins tutorial's "Prerequisites" section
- [SONAR-13300] - Deprecate and change use of id in quality gate web services
- [SONAR-13331] - Display the external engine name instead of ID in Issues
- [SONAR-13336] - Larger click target for “Create new project” link
- [SONAR-13339] - Disable component links when no analysis has been run yet
- [SONAR-13355] - Application deletion should go back to projects page
- [SONAR-13371] - Bitbucket Server pull request decoration raises a warning.
- [SONAR-13373] - Fail when sonar.web.sessionTimeoutInMinutes is lower than 5mins
- [SONAR-13385] - Sort plugins on Marketplace alphabetically
- [SONAR-13386] - Don't show plugin dependency "will get installed" if it's already installed
- [SONAR-13390] - Detect date of the fork with reference branch
- [SONAR-13398] - Project pages should be unavailable as long as issues indexing is in progress
- [SONAR-13399] - It should be explicit in Projects page which project is indexed or not
- [SONAR-13400] - Portfolio pages are unavailable as long as all projects indexing are in progress
- [SONAR-13402] - Application pages should be unavailable as long as issues indexing is in progress
- [SONAR-13413] - Issues page should be unavailable as long as issues indexing is in progress
- [SONAR-13420] - Breaking change of org.sonar.api.rules.Rule#getId() in plugin API
- [SONAR-13436] - Update web API documentation and example
- [SONAR-13438] - Formalize backup/restore documentation
- [SONAR-13444] - Display issues indexing tasks in the Background Task page
- [SONAR-13459] - Sort Quality Profiles by display name
- [SONAR-13467] - On Portfolios list page, "My Portfolios" should read "My Favorites"
- [SONAR-13473] - Import GitHub repositories
- [SONAR-13474] - Auto-configure PR decoration of imported GitHub projects
- [SONAR-13475] - List Github repositories
- [SONAR-13479] - Re-organize creation menu
- [SONAR-13481] - About page should not display issues statistics as long as issues indexation is in progress
- [SONAR-13517] - Improve code snippets visually
- [SONAR-13524] - Add import from GitHub feature handling in Settings
- [SONAR-13527] - Show full filename on hover in the concise issues list
- [SONAR-13557] - Show full directory facet path on hover
Documentation
- [SONAR-13295] - Explain how to set up Jenkins for analysis with SonarQube and Bitbucket Server
- [SONAR-13425] - Update README and Docs for SonarScanner Docker Image
- [SONAR-13503] - Update Specifying Exclusion Example in Narrowing the Focus
- [SONAR-13550] - Update HTTPS configuration on Operate the Server page
- [SONAR-13560] - Add Python Rules S5131 and S2631 to Security Engine Docs
Edit/Copy Release Notes
The text area below allows the project release notes to be edited and copied to another document.