Release Notes - SonarQube - Version 8.6 - HTML format

Bug

  • [SONAR-8427] - "Creation Date" facet might include more issues than expected
  • [SONAR-12821] - Fail to update an application branch name
  • [SONAR-13290] - Merge Request decoration on GitLab is stuck during the background analysis
  • [SONAR-13566] - Security report hotspot link might not propagate category as expected
  • [SONAR-13925] - Rules search field is truncated at 100 chars
  • [SONAR-13937] - Fix a vulnerability with JGit when running analysis on Windows
  • [SONAR-13940] - Add missing translation key for "zero GitLab instances"
  • [SONAR-13943] - Hotspots filter dropdowns truncated for anonymous users
  • [SONAR-13948] - Migration is failing when coming from SonarQube 5.6 or before on Microsoft SQL Server
  • [SONAR-13965] - Quality Profile history is lost
  • [SONAR-13966] - New Code filter for branches of Application filters out all issues
  • [SONAR-13980] - Fail to connect to PostgreSQL on Azure with drivers 42.2.15 & 42.15.16
  • [SONAR-13984] - Email settings' address updates the notification above
  • [SONAR-13985] - Migration is failing on Oracle when schema is copied/refreshed
  • [SONAR-13989] - CSS analysis fails with Node.JS 8
  • [SONAR-13991] - Fix vulnerability with Jackson in Jersey
  • [SONAR-14003] - Fix mutation XSS in DOMPurify
  • [SONAR-14009] - SVN configuration in SQ server does not work
  • [SONAR-14012] - Fix unauthorized access to GitLab Authentication secrets
  • [SONAR-14024] - Some pull requests are never purged
  • [SONAR-14077] - Can click on "Configure Analysis" button, even if data is not refreshed yet
  • [SONAR-14091] - Project data reload tasks might stay stuck in pending state when there is no root component anymore
  • [SONAR-14120] - File-level issues with multiple locations aren't properly handled
  • [SONAR-14125] - BitBucketServer Onboarding search results only display repos in loaded projects, or repos not in loaded projects, but not both
  • [SONAR-14130] - Primary Location sometimes isn't underlined
  • [SONAR-14154] - Unreported errors when transitioning issues
  • [SONAR-14156] - Page 'project/issues' doesn't handle time in parameters
  • [SONAR-14162] - Fix a vulnerability in the JWT implementation
  • [SONAR-14181] - Fix XSS in project links
  • [SONAR-14187] - Fix misleading purge setting description/title
  • [SONAR-14189] - sonar.dbcleaner.branchesToKeepWhenInactive is ignored when set on project level
  • [SONAR-14201] - Sub-Portfolios appear in the list of "All Portfolios"
  • [SONAR-14224] - Total number of issues is invalid if there are more than 10'000

New Feature

  • [SONAR-13931] - Improve Java analysis - 5 new rules to detect broken authentication and access control issues
  • [SONAR-13978] - Validate administrator configuration for GitLab
  • [SONAR-13979] - Fail when sonar.search.host or sonar.search.port is defined in DCE
  • [SONAR-13987] - Validate administrator configuration for BitBucket Server
  • [SONAR-13988] - Validate administrator configuration for GitHub
  • [SONAR-14010] - Improve PHP analysis - support for PHP 8
  • [SONAR-14030] - Improve JavaScript / TypeScript analysis - 9 new cryptography-related security rules
  • [SONAR-14032] - Improve VB6 analysis - 8 new rules, parsing error fixes
  • [SONAR-14055] - Improve Kotlin analysis - support for issue suppression via annotations
  • [SONAR-14056] - Improve Scala analysis - support for issue suppression via annotations
  • [SONAR-14057] - Display repositories from the default collection of the Azure DevOps Sever
  • [SONAR-14058] - Add URL into Azure DevOps integration configuration
  • [SONAR-14059] - Import an Azure DevOps Server repository
  • [SONAR-14061] - Validate Azure DevOps Server settings
  • [SONAR-14079] - Tutorial for Azure DevOps Pipelines on Azure DevOps Server
  • [SONAR-14110] - Open a security hotspot in one IDE
  • [SONAR-14111] - Choose IDE in which to show a security hotspot
  • [SONAR-14133] - Detect existing projects during Azure onboarding
  • [SONAR-14150] - Improve C/C++ analysis - 7 new cryptography-related security rules
  • [SONAR-14152] - Improve JavaScript analysis - 13 new privacy and http headers security rules
  • [SONAR-14153] - Improve Swift analysis - support for Swift 5.3, security rule adjustments, many parse errors fixed
  • [SONAR-14159] - Enforce authentication by default
  • [SONAR-14174] - Improve C# analysis - support analyzing C# 9 projects
  • [SONAR-14175] - Force admin user account to reset its password when using default credential
  • [SONAR-14217] - Improve Security analysis
  • [SONAR-14219] - Improve C and C++ analysis - 4 security rules, 21 new rules for C++17, Clang frontend updated to version 11

Task

  • [SONAR-13562] - Update license headers in example plugin files
  • [SONAR-13733] - Upgrade lodash to version >= 4.17.16
  • [SONAR-13903] - Remove use of organizations in Quality Profiles and Active Rules
  • [SONAR-13913] - Remove tables and indexes clean up used in Integration Tests
  • [SONAR-13936] - Remove use of organizations in Users, Groups and Permissions
  • [SONAR-13992] - Upgrade Apache httpclient to 4.5.13
  • [SONAR-14043] - Write End-to-End tests for Applications
  • [SONAR-14044] - Update mybatis to version 3.5.6
  • [SONAR-14051] - Write End-to-End tests for Portfolios
  • [SONAR-14176] - Warn administrators when default admin credential is detected
  • [SONAR-14252] - Update JavaScript analysis

Improvement

  • [SONAR-10662] - sonar.log should rotate by default
  • [SONAR-11063] - Add "Always use the Default" option at project level for QP
  • [SONAR-11556] - Bubble charts legends should be actionable
  • [SONAR-12659] - Displaying quality profiles can be slow when instance has a lot of projects/components
  • [SONAR-12686] - Upgrade Elasticsearch to 7.X
  • [SONAR-13106] - Allow images to be loaded from an external public source during PR/MR decoration
  • [SONAR-13122] - Reduce log level of rule indexing warnings on startup
  • [SONAR-13564] - Projects can be sorted by Security Review Rating
  • [SONAR-13793] - ‘Checks executed after computation of measures’ step can take a lot of time
  • [SONAR-13834] - Replace "MSBuild" with ".NET"
  • [SONAR-13856] - Add "Always use the Default" option at project level for QG
  • [SONAR-13886] - Improve error prevention and feedback when configuring ALM integration
  • [SONAR-13932] - Improve PHP analysis - bug and false positive fixes
  • [SONAR-13933] - Improve Flex analysis - security rules adjustments, bug and false positive fixes
  • [SONAR-13938] - Make "Gradle" and "Maven" tutorials 1st level options
  • [SONAR-13939] - Update the Gradle Scanner version in the onboarding tutorial
  • [SONAR-13941] - Make applications WS available in developer edition
  • [SONAR-13944] - Improve RPG analysis - security rule adjustment, bug fix
  • [SONAR-13950] - Move Application create and update functionality to DE
  • [SONAR-13972] - Remove "sonar.search.httpPort" property
  • [SONAR-13996] - Add a warning to the form when creating a second ALM config
  • [SONAR-14001] - Improve C# analysis - false positive fixes
  • [SONAR-14033] - Refactor storage of applications
  • [SONAR-14039] - Bind Elasticsearch tcp port to 'sonar.es.port' for non-DCE
  • [SONAR-14047] - Remove duplicate Delete button from Application Console
  • [SONAR-14048] - Remove "Open Dashboard" link from Application console
  • [SONAR-14050] - Improve COBOL analysis - security rules adjustments, parsing error and false positive fixes
  • [SONAR-14052] - Improve Go analysis - security rule adjustments, "go test" coverage and false positive fixes
  • [SONAR-14053] - Improve Ruby analysis - false positive fixes
  • [SONAR-14054] - Improve Apex analysis - false positive fixes
  • [SONAR-14113] - Set `api/hotspots/show` WS as public
  • [SONAR-14148] - Improve PHP analysis - bug and false positive fixes
  • [SONAR-14149] - Improve PL/SQL analysis - security rules adjustments, bug and false positive fixes
  • [SONAR-14151] - Improve HTML analysis - 1 new hotspot rule, security rule adjustments, false positive fixes
  • [SONAR-14157] - Quality gates event names should be called 'Passed' or 'Failed'
  • [SONAR-14163] - Improve Abap analysis - security rules adjustments, false positive fixes
  • [SONAR-14164] - Improve TSQL analysis - security rule adjustments, many parse errors fixed
  • [SONAR-14165] - Improve Kotlin, Scala, Go, Ruby, Apex analysis - bug and false positive fixes
  • [SONAR-14173] - Improve VB.NET analysis - performance improvements
  • [SONAR-14209] - Improve SonarPHP analysis - add messages on secondary locations
  • [SONAR-14220] - Improve JavaScript analysis - more accurate rules

Documentation

  • [SONAR-13824] - Clarify coverage reports in .NET
  • [SONAR-13836] - Add "PKIX path building failed" error to analysis FAQ
  • [SONAR-13871] - Fix the outdated docs about breaking build for Azure Dev Ops
  • [SONAR-13934] - Update landing page graphics
  • [SONAR-13956] - Finalize Upgrade Notes
  • [SONAR-13974] - Add upgrade notes regarding new ES configuration
  • [SONAR-13975] - Update DCE documentation on ES configuration
  • [SONAR-13976] - Update ports description and raise security awareness after upgrading to ES 7.x
  • [SONAR-14007] - Create ALM Integration Documentation
  • [SONAR-14015] - Create GitHub ALM Integration page
  • [SONAR-14016] - Create GitLab ALM Integration Page
  • [SONAR-14017] - Create Azure Devops ALM Integration page
  • [SONAR-14018] - Create BitBucket ALM Integration Page
  • [SONAR-14026] - Clean up old references to past ALM integration info
  • [SONAR-14101] - Update SonarScanner for .NET documentation
  • [SONAR-14141] - Add Multiple Issue Locations video to documentation
  • [SONAR-14155] - Documentation update for Monitoring and JMX Beans
  • [SONAR-14160] - Raise awarness about enabling authentication by default
  • [SONAR-14167] - Improve the Azure DevOps integration page
  • [SONAR-14170] - Add a section about "Open in IDE" in the security hotspots page
  • [SONAR-14200] - Update Security Hotspot review status

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.