Release Notes - SonarQube - Version 8.8 - HTML format

Bug

  • [SONAR-13357] - Custom hotspot rules' description isn't split into tabs
  • [SONAR-13703] - /api/measures/component_tree returns an SVW qualifier for Applications
  • [SONAR-13998] - Access to background task fail when not an main branch
  • [SONAR-14192] - Deprecating rule keys may break users' exclusion settings
  • [SONAR-14479] - Project settings quality profiles links to incorrect rule filtering
  • [SONAR-14483] - Issue page's "New code" filter isn't supported for portfolios
  • [SONAR-14486] - Security Hotspot updates aren't reflected in the UI
  • [SONAR-14487] - Misleading disabled Activate rule button label, which reads "Deactivate"
  • [SONAR-14496] - Rely on 'sonar.core.serverBaseURL' in the tutorials when configuring CIs
  • [SONAR-14509] - Security hotspot page scroll logic might makes item disappear
  • [SONAR-14541] - Migration 4207 fails if the PK constraint name is unexpected
  • [SONAR-14542] - Migration 4208 fails if the PK constraint name is unexpected
  • [SONAR-14543] - Migration 4209 fails if the PK constraint name is unexpected
  • [SONAR-14549] - Restoring backed up Quality Profile with old rule repositority/key doesn't work

New Feature

  • [SONAR-14436] - Explain how to set up Jenkins with GitLab
  • [SONAR-14442] - Add CWE Top 25 security report
  • [SONAR-14458] - Add an option to enable/disable changing user permissions by project administrator
  • [SONAR-14490] - Improve SonarXML analysis: 7 new security rules targeting android and web applications
  • [SONAR-14499] - Support schema validation for JSON property types
  • [SONAR-14525] - Telemetry - include SCM usage information
  • [SONAR-14531] - Improve C# analysis: 4 new security rules
  • [SONAR-14532] - Improve SonarVB analysis: 4 new security rules
  • [SONAR-14536] - Support exporting Security Reports as PDF
  • [SONAR-14558] - Fetch and update main branch name during Gitlab project onboarding
  • [SONAR-14564] - Fetch and update main branch name during Azure DevOps project onboarding
  • [SONAR-14565] - Fetch and update main branch name during Bitbucket Server project onboarding
  • [SONAR-14566] - Fetch and update main branch name during Github project onboarding
  • [SONAR-14590] - Add new tutorial for Github Action
  • [SONAR-14591] - Auto detect branch and PR when running on GitHub Action
  • [SONAR-14598] - Users can flag a SonarQube project as being part of a Bitbucket Cloud mono-repository
  • [SONAR-14603] - Make Quality Gate Reports on Bitbucket Cloud SonarQube Project specific
  • [SONAR-14610] - Improve Security analysis for JS (Code Inj, OS Command, SSRF, OpenRedirect), PHP (Symfony) + Custom Taint Config on Server-Side
  • [SONAR-14611] - Improve Java analysis: 9 new security rules and more accurate regexp rules
  • [SONAR-14630] - Improve Python analysis: 5 new security rules
  • [SONAR-14634] - Improve TypeScript analysis: support TypeScript 4.2

Task

  • [SONAR-14456] - Add ITs for security report CWE top 25
  • [SONAR-14513] - Add security hotspots e2e tests
  • [SONAR-14516] - Remove hardcoded usage of "master" from webapp
  • [SONAR-14528] - Add ITs for all the added properties to System Information File
  • [SONAR-14533] - Improve SonarPython analysis: +5 security rules

Improvement

  • [SONAR-10681] - Facet content does not have enough contrast with background
  • [SONAR-11748] - Headings hierarchy should be semantically correct on Portfolios, Issues, and Projects pages
  • [SONAR-11751] - Use semantically correct elements for the Portfolios, Issues, and Projects pages
  • [SONAR-11774] - Make Issues more accessible
  • [SONAR-11959] - Colorblind-friendly coverage treemaps
  • [SONAR-12056] - Indicate required fields for forms
  • [SONAR-12434] - Insufficient contrast issue count info
  • [SONAR-12987] - Improve loading's transition in the hotspot page
  • [SONAR-13848] - Remove web API deprecated since version <= 6.7
  • [SONAR-14426] - Add support for AES-GCM encryption
  • [SONAR-14435] - Add project setup wizard for C family for manual setup
  • [SONAR-14443] - Outdate Sans Top 25 security report
  • [SONAR-14468] - Add project setup wizard for C family for azure devops setup
  • [SONAR-14489] - Improve Github summary visual design
  • [SONAR-14493] - Add tutorial .Net Core for Jenkins tutorial
  • [SONAR-14494] - Add tutorial .Net Core for Manual tutorial
  • [SONAR-14495] - Add tutorial .Net Core for Gitlab CI
  • [SONAR-14498] - Support JSON field type in properties
  • [SONAR-14501] - Add telemetry to track whether security engine custom configuration is used (true/false)
  • [SONAR-14514] - Improve COBOL analysis
  • [SONAR-14515] - Telemetry - include external authentication providers
  • [SONAR-14517] - Improve PLSQL analysis
  • [SONAR-14518] - Telemetry - include number of sonarlint users
  • [SONAR-14519] - Add information about ALMs to System Information File
  • [SONAR-14520] - Add information about Default New Code Period to System Information File
  • [SONAR-14523] - Split plugins into two categories - Sonar plugins and 3rd party in System File
  • [SONAR-14526] - Telemetry - include CI usage information
  • [SONAR-14527] - Use 30s write timeout when submitting scanner report
  • [SONAR-14529] - Upgrade Elasticsearch to 7.11
  • [SONAR-14530] - Improve Github summary in case of a failed quality gate
  • [SONAR-14544] - Improve CSS analysis
  • [SONAR-14550] - Show analysis warning when scanner uses Java < 11
  • [SONAR-14581] - Improve error logs when integration with GitLab fails with an unexpected error
  • [SONAR-14586] - Force system administrator to secure the admin user account
  • [SONAR-14631] - Improve PHP analysis
  • [SONAR-14637] - Improve CFamily analysis

Documentation

  • [SONAR-14423] - Update ALM integration pages to include onboarding in CE
  • [SONAR-14437] - Add information about GitLab to the Jenkins documentation
  • [SONAR-14459] - Update docs with CWE Top 25 reports
  • [SONAR-14569] - Document ALM Main Branch detection upon onboarding
  • [SONAR-14575] - Add information about sonar.qualitygate.wait parameter for Bitbucket Pipelines
  • [SONAR-14596] - Add sonar.qualitygate.wait to CI integration Overview page
  • [SONAR-14597] - Update Bitbucket Cloud Integration Page
  • [SONAR-14643] - Update Release Upgrade Notes for 8.8 release

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.