Bug
- [SONAR-12840] - Do not disclose sensitive information in PR Decoration administration form
- [SONAR-13258] - Changelog version sorting in marketplace is incorrect
- [SONAR-13312] - Analysis is failing if the project contains the property "sonar.organization"
- [SONAR-13707] - Portfolio console provides wrong link to an Application dashboard
- [SONAR-14199] - Project import failure when importing an empty project
- [SONAR-14256] - Create events not working for branches
- [SONAR-14269] - ALM configuration's "Learn more" link is broken
- [SONAR-14285] - Portfolio console provides wrong link to update an Application definition
- [SONAR-14288] - Missing translation keys for Azure DevOps onboarding UI
- [SONAR-14289] - Missing translation key for GitLab onboarding UI
- [SONAR-14291] - Incorrect translation key for GitHub onboarding UI
- [SONAR-14297] - Migration app from xml to db is not re-entrant
- [SONAR-14304] - File Issue facet should not higlight path as search happen only for filename
- [SONAR-14305] - Facet closed is not updated by new search
- [SONAR-14311] - Make it explicit that /api/issues/bulk_change only sets comments on issues that are changed
- [SONAR-14316] - Incorrectly referencing non-existent createdSince parameter for /api/issues/search
- [SONAR-14317] - Fix replacement patterns that can lead to XSS vulnerabilites
- [SONAR-14321] - Endpoint api/views/list is missing applications since version 8.6
- [SONAR-14325] - Rule search results no longer sorted by name
- [SONAR-14332] - Displayed server ID is wrong
- [SONAR-14361] - WS 'hotspot/search' returns no issue if the 'sinceLeakPeriod' filter is used
- [SONAR-14388] - Circular portfolio detection
- [SONAR-14424] - Fix open redirect vulnerability through cookies
- [SONAR-14430] - Missing translation keys for background tasks
- [SONAR-14431] - Do not limit password field lengths
- [SONAR-14439] - Make shortcut help fit in the modal
- [SONAR-14451] - Portfolios page counter shows "-" instead of "0"
New Feature
- [SONAR-14146] - Support MS SQL 2019 database
- [SONAR-14223] - Improve Java analysis - Java 15, new rules dedicated to Text Blocks and Regexp
- [SONAR-14298] - Improve JavaScript/TypeScript analysis - 7 injection vulnerabilities
- [SONAR-14307] - Support branch auto-detection for Bitbucket Pipelines
- [SONAR-14319] - Improve CFamily analysis - new rules dedicated to C++17
- [SONAR-14334] - Users can flag a SQ project as being part of a mono-repository (EE/Azure only)
- [SONAR-14339] - Improve Ruby analysis: Ruby 3.0, simplecov 0.20
- [SONAR-14363] - Enable tutorial selection in CE
- [SONAR-14364] - Enable ALM project import wizard in CE
- [SONAR-14366] - Improve C# analysis: 5 cryptography-related security rules
- [SONAR-14371] - Allow CE users to configure ALM integration
- [SONAR-14393] - Add configuration for BitBucket Cloud settings
- [SONAR-14394] - Enable project binding for BitBucket Cloud
- [SONAR-14395] - Validate permissions for BitBucket PR decoration settings
- [SONAR-14396] - Decorate PRs in BitBucket Cloud
- [SONAR-14403] - [Bitbucket] Users can flag a SonarQube project as being part of a mono-repository
- [SONAR-14404] - [Github] Users can flag a SonarQube project as being part of a mono-repository
- [SONAR-14405] - [Gitlab] Users can flag a SonarQube project as being part of a mono-repository
- [SONAR-14425] - Improve PHP analysis - 9 security rules, PHPDoc, Type Hints
- [SONAR-14427] - Improve Python analysis - Python 3.9
- [SONAR-14432] - SonarQube support Azure DevOps Services
- [SONAR-14452] - Improve VB.NET analysis - 17 code quality rules
- [SONAR-14469] - Improve PLI analysis - 2 code quality rules
- [SONAR-14474] - Provide Docker Images for the DataCenter Edition
- [SONAR-14476] - Improve Security analysis
Task
- [SONAR-9043] - Drop database column PROJECT_MEASURES.DESCRIPTION
- [SONAR-13657] - Deprecate non-mandatory exposed components
- [SONAR-13999] - Remove use of organizations in Components, Issues Quality Gate, Webhook and Documentation
- [SONAR-14221] - Perform DB Migration performance tests for 8.7
- [SONAR-14245] - Drop organization related tables
- [SONAR-14309] - Update and fix ESlint
- [SONAR-14323] - Optimize DB migrations from 7.9 LTS to 8.X LTS
- [SONAR-14327] - Add ITs for Monorepo Support in Azure
- [SONAR-14328] - Add ITs for Monorepo Support in Bitbucket
- [SONAR-14329] - Add ITs for Monorepo Support in Github
- [SONAR-14330] - Add ITs for Monorepo Support in Gitlab
- [SONAR-14342] - Deprecate Plugin-Dependencies attribute for plugins
- [SONAR-14360] - Update jackson dependency to v2.10.0201202
Improvement
- [SONAR-8714] - Make authorization errors more noticeable
- [SONAR-10070] - Issues raised by deprecated rules should make it obvious
- [SONAR-12180] - Add a ARIA role to all global success and error messages
- [SONAR-12407] - Don't disable facets with 0 results
- [SONAR-12607] - Update background task's error message once the user reaches the Background Tasks page
- [SONAR-12786] - Improve startup error message when the TCP port is already taken
- [SONAR-12872] - Rename Markdown syntax to Formatting
- [SONAR-12902] - Reword unsufficient coverage issue description
- [SONAR-13140] - Avoid “Inception-style scrolling” in settings pages
- [SONAR-13201] - Properly handle token name overflow in Account/Security token's table
- [SONAR-13308] - Improve GitHub summary comment in case of a failing QG
- [SONAR-13376] - Update PR status when Hotspot is updated
- [SONAR-13586] - Specify target pull request with the remote name
- [SONAR-13764] - Do not display two error messages simultaneously on issue page
- [SONAR-13781] - Measure project overview bubble chart might be hard to understand
- [SONAR-13838] - Clean up GitLab project list
- [SONAR-13887] - Users don’t know how to “Add” and analyze a new project in SonarQube
- [SONAR-13923] - Remove the mention of Checkstyle in /api/issues/search
- [SONAR-13930] - Allow migration of authentication system
- [SONAR-14171] - Show percentage icon for Security Hotspots Reviewed QG condition
- [SONAR-14207] - Add Ubuntu Mono as a font for the source code viewer
- [SONAR-14212] - Remove no more used Sonar-Version HTTP header
- [SONAR-14257] - Pull requests should hide issues that are resolved in the target branch
- [SONAR-14258] - Pull requests should inherit issue state from the source branch
- [SONAR-14272] - Make Quality Gate Status on Azure DevOps Server SonarQube Project specific
- [SONAR-14274] - Make Quality Gate Reports on Bitbucket Server SonarQube Project specific
- [SONAR-14275] - Make GitHub Checks SonarQube Project specific
- [SONAR-14276] - Add the SonarQube Project name to the GitHub summary comment
- [SONAR-14277] - Delete only the GitLab MR notes related to a given SonarQube Project
- [SONAR-14278] - Add the SonarQube Project name to the GitLab MR note
- [SONAR-14281] - Remove pre-monorepo PR comments on Azure DevOps Server
- [SONAR-14286] - Make PR comments on Azure DevOps Server SonarQube Project specific
- [SONAR-14287] - Remove dependency on Microsoft GitHttpClient
- [SONAR-14290] - Improve first time visit to project create screen
- [SONAR-14292] - Allow to directly link to a specific ALM Integration settings tab
- [SONAR-14306] - Move Developer SearchEvent WS to community edition
- [SONAR-14310] - Document max issues that can be updated by /api/issues/bulk_change
- [SONAR-14312] - Hotspots - slow status change breaks the flow
- [SONAR-14340] - ‘Not authorized’ analysis should prompt for a token, not login/password
- [SONAR-14344] - Improve PL/SQL analysis
- [SONAR-14352] - Explain how to set up Azure DevOps Pipelines without branch support
- [SONAR-14353] - Explain how to set up GitLab CI/CD without branch support
- [SONAR-14354] - Explain how to set up Jenkins without branch support
- [SONAR-14368] - Provide link to tutorials for current project in Branch help menu
- [SONAR-14369] - Send ALM integration info via telemetry
- [SONAR-14370] - Clear up Sonarqube LoC/License E-Mail Notifications
- [SONAR-14372] - Allow CE users to create binding for ALMs
- [SONAR-14397] - Update the Java < 11 warning displayed by SonarQube Scanners
- [SONAR-14455] - Upgrade to latest opensource version of Elasticsearch 7.X
- [SONAR-14477] - Improve CSS analysis
Documentation
- [SONAR-14268] - Settings encryption uses 256 bit keys
- [SONAR-14280] - Update Azure integration page
- [SONAR-14308] - Document how to use Bitbucket Pipelines to analyze a project
- [SONAR-14362] - Describe how to analyze the main branch only for Jenkins
- [SONAR-14391] - Update Applications docs to include availability in DE
- [SONAR-14406] - Update Bitbucket Server integration page
- [SONAR-14407] - Update Github integration page
- [SONAR-14408] - Update Gitlab integration page
- [SONAR-14412] - Add instructions for blocking failed PR request merge to BB Server ALM integration page
- [SONAR-14433] - SonarQube support Azure DevOps Services
Edit/Copy Release Notes
The text area below allows the project release notes to be edited and copied to another document.