Release Notes - SonarQube - Version 8.7 - HTML format

Bug

  • [SONAR-12840] - Do not disclose sensitive information in PR Decoration administration form
  • [SONAR-13258] - Changelog version sorting in marketplace is incorrect
  • [SONAR-13312] - Analysis is failing if the project contains the property "sonar.organization"
  • [SONAR-13707] - Portfolio console provides wrong link to an Application dashboard
  • [SONAR-14199] - Project import failure when importing an empty project
  • [SONAR-14256] - Create events not working for branches
  • [SONAR-14269] - ALM configuration's "Learn more" link is broken
  • [SONAR-14285] - Portfolio console provides wrong link to update an Application definition
  • [SONAR-14288] - Missing translation keys for Azure DevOps onboarding UI
  • [SONAR-14289] - Missing translation key for GitLab onboarding UI
  • [SONAR-14291] - Incorrect translation key for GitHub onboarding UI
  • [SONAR-14297] - Migration app from xml to db is not re-entrant
  • [SONAR-14304] - File Issue facet should not higlight path as search happen only for filename
  • [SONAR-14305] - Facet closed is not updated by new search
  • [SONAR-14311] - Make it explicit that /api/issues/bulk_change only sets comments on issues that are changed
  • [SONAR-14316] - Incorrectly referencing non-existent createdSince parameter for /api/issues/search
  • [SONAR-14317] - Fix replacement patterns that can lead to XSS vulnerabilites
  • [SONAR-14321] - Endpoint api/views/list is missing applications since version 8.6
  • [SONAR-14325] - Rule search results no longer sorted by name
  • [SONAR-14332] - Displayed server ID is wrong
  • [SONAR-14361] - WS 'hotspot/search' returns no issue if the 'sinceLeakPeriod' filter is used
  • [SONAR-14388] - Circular portfolio detection
  • [SONAR-14424] - Fix open redirect vulnerability through cookies
  • [SONAR-14430] - Missing translation keys for background tasks
  • [SONAR-14431] - Do not limit password field lengths
  • [SONAR-14439] - Make shortcut help fit in the modal
  • [SONAR-14451] - Portfolios page counter shows "-" instead of "0"

New Feature

  • [SONAR-14146] - Support MS SQL 2019 database
  • [SONAR-14223] - Improve Java analysis - Java 15, new rules dedicated to Text Blocks and Regexp
  • [SONAR-14298] - Improve JavaScript/TypeScript analysis - 7 injection vulnerabilities
  • [SONAR-14307] - Support branch auto-detection for Bitbucket Pipelines
  • [SONAR-14319] - Improve CFamily analysis - new rules dedicated to C++17
  • [SONAR-14334] - Users can flag a SQ project as being part of a mono-repository (EE/Azure only)
  • [SONAR-14339] - Improve Ruby analysis: Ruby 3.0, simplecov 0.20
  • [SONAR-14363] - Enable tutorial selection in CE
  • [SONAR-14364] - Enable ALM project import wizard in CE
  • [SONAR-14366] - Improve C# analysis: 5 cryptography-related security rules
  • [SONAR-14371] - Allow CE users to configure ALM integration
  • [SONAR-14393] - Add configuration for BitBucket Cloud settings
  • [SONAR-14394] - Enable project binding for BitBucket Cloud
  • [SONAR-14395] - Validate permissions for BitBucket PR decoration settings
  • [SONAR-14396] - Decorate PRs in BitBucket Cloud
  • [SONAR-14403] - [Bitbucket] Users can flag a SonarQube project as being part of a mono-repository
  • [SONAR-14404] - [Github] Users can flag a SonarQube project as being part of a mono-repository
  • [SONAR-14405] - [Gitlab] Users can flag a SonarQube project as being part of a mono-repository
  • [SONAR-14425] - Improve PHP analysis - 9 security rules, PHPDoc, Type Hints
  • [SONAR-14427] - Improve Python analysis - Python 3.9
  • [SONAR-14432] - SonarQube support Azure DevOps Services
  • [SONAR-14452] - Improve VB.NET analysis - 17 code quality rules
  • [SONAR-14469] - Improve PLI analysis - 2 code quality rules
  • [SONAR-14474] - Provide Docker Images for the DataCenter Edition
  • [SONAR-14476] - Improve Security analysis

Task

  • [SONAR-9043] - Drop database column PROJECT_MEASURES.DESCRIPTION
  • [SONAR-13657] - Deprecate non-mandatory exposed components
  • [SONAR-13999] - Remove use of organizations in Components, Issues Quality Gate, Webhook and Documentation
  • [SONAR-14221] - Perform DB Migration performance tests for 8.7
  • [SONAR-14245] - Drop organization related tables
  • [SONAR-14309] - Update and fix ESlint
  • [SONAR-14323] - Optimize DB migrations from 7.9 LTS to 8.X LTS
  • [SONAR-14327] - Add ITs for Monorepo Support in Azure
  • [SONAR-14328] - Add ITs for Monorepo Support in Bitbucket
  • [SONAR-14329] - Add ITs for Monorepo Support in Github
  • [SONAR-14330] - Add ITs for Monorepo Support in Gitlab
  • [SONAR-14342] - Deprecate Plugin-Dependencies attribute for plugins
  • [SONAR-14360] - Update jackson dependency to v2.10.0201202

Improvement

  • [SONAR-8714] - Make authorization errors more noticeable
  • [SONAR-10070] - Issues raised by deprecated rules should make it obvious
  • [SONAR-12180] - Add a ARIA role to all global success and error messages
  • [SONAR-12407] - Don't disable facets with 0 results
  • [SONAR-12607] - Update background task's error message once the user reaches the Background Tasks page
  • [SONAR-12786] - Improve startup error message when the TCP port is already taken
  • [SONAR-12872] - Rename Markdown syntax to Formatting
  • [SONAR-12902] - Reword unsufficient coverage issue description
  • [SONAR-13140] - Avoid “Inception-style scrolling” in settings pages
  • [SONAR-13201] - Properly handle token name overflow in Account/Security token's table
  • [SONAR-13308] - Improve GitHub summary comment in case of a failing QG
  • [SONAR-13376] - Update PR status when Hotspot is updated
  • [SONAR-13586] - Specify target pull request with the remote name
  • [SONAR-13764] - Do not display two error messages simultaneously on issue page
  • [SONAR-13781] - Measure project overview bubble chart might be hard to understand
  • [SONAR-13838] - Clean up GitLab project list
  • [SONAR-13887] - Users don’t know how to “Add” and analyze a new project in SonarQube
  • [SONAR-13923] - Remove the mention of Checkstyle in /api/issues/search
  • [SONAR-13930] - Allow migration of authentication system
  • [SONAR-14171] - Show percentage icon for Security Hotspots Reviewed QG condition
  • [SONAR-14207] - Add Ubuntu Mono as a font for the source code viewer
  • [SONAR-14212] - Remove no more used Sonar-Version HTTP header
  • [SONAR-14257] - Pull requests should hide issues that are resolved in the target branch
  • [SONAR-14258] - Pull requests should inherit issue state from the source branch
  • [SONAR-14272] - Make Quality Gate Status on Azure DevOps Server SonarQube Project specific
  • [SONAR-14274] - Make Quality Gate Reports on Bitbucket Server SonarQube Project specific
  • [SONAR-14275] - Make GitHub Checks SonarQube Project specific
  • [SONAR-14276] - Add the SonarQube Project name to the GitHub summary comment
  • [SONAR-14277] - Delete only the GitLab MR notes related to a given SonarQube Project
  • [SONAR-14278] - Add the SonarQube Project name to the GitLab MR note
  • [SONAR-14281] - Remove pre-monorepo PR comments on Azure DevOps Server
  • [SONAR-14286] - Make PR comments on Azure DevOps Server SonarQube Project specific
  • [SONAR-14287] - Remove dependency on Microsoft GitHttpClient
  • [SONAR-14290] - Improve first time visit to project create screen
  • [SONAR-14292] - Allow to directly link to a specific ALM Integration settings tab
  • [SONAR-14306] - Move Developer SearchEvent WS to community edition
  • [SONAR-14310] - Document max issues that can be updated by /api/issues/bulk_change
  • [SONAR-14312] - Hotspots - slow status change breaks the flow
  • [SONAR-14340] - ‘Not authorized’ analysis should prompt for a token, not login/password
  • [SONAR-14344] - Improve PL/SQL analysis
  • [SONAR-14352] - Explain how to set up Azure DevOps Pipelines without branch support
  • [SONAR-14353] - Explain how to set up GitLab CI/CD without branch support
  • [SONAR-14354] - Explain how to set up Jenkins without branch support
  • [SONAR-14368] - Provide link to tutorials for current project in Branch help menu
  • [SONAR-14369] - Send ALM integration info via telemetry
  • [SONAR-14370] - Clear up Sonarqube LoC/License E-Mail Notifications
  • [SONAR-14372] - Allow CE users to create binding for ALMs
  • [SONAR-14397] - Update the Java < 11 warning displayed by SonarQube Scanners
  • [SONAR-14455] - Upgrade to latest opensource version of Elasticsearch 7.X
  • [SONAR-14477] - Improve CSS analysis

Documentation

  • [SONAR-14268] - Settings encryption uses 256 bit keys
  • [SONAR-14280] - Update Azure integration page
  • [SONAR-14308] - Document how to use Bitbucket Pipelines to analyze a project
  • [SONAR-14362] - Describe how to analyze the main branch only for Jenkins
  • [SONAR-14391] - Update Applications docs to include availability in DE
  • [SONAR-14406] - Update Bitbucket Server integration page
  • [SONAR-14407] - Update Github integration page
  • [SONAR-14408] - Update Gitlab integration page
  • [SONAR-14412] - Add instructions for blocking failed PR request merge to BB Server ALM integration page
  • [SONAR-14433] - SonarQube support Azure DevOps Services

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.