Bug
- [SONAR-12101] - When a branch is deleted from a project, it's not deleted from applications
- [SONAR-12323] - Cannot clear the GitHub endpoint setting at project level
- [SONAR-12454] - [Azure DevOps] PR decoration is failing with unauthorized status code
- [SONAR-13645] - GitHub binding will be broken when SQ project key get updated
- [SONAR-13709] - When an Application is set as a Local Reference of a Portfolio, the Portfolio computation will be executed, regardless of the computation hours
- [SONAR-13713] - Directory and File facets search is broken on Applications and Portfolios
- [SONAR-13765] - Permission page doesn't behave properly at minimum width
- [SONAR-13849] - handle multi-schema during database upgrade & data migration
- [SONAR-14045] - Deleting an application branch will not remove it from the branch list until the app is recomputed
- [SONAR-14078] - Errors raised because of duplication of notification keys after upgrading to SonarQube 8.4+
- [SONAR-14115] - When an app is in a sub-portfolio there is issue when deleting the app
- [SONAR-14253] - Authenticated JMX remote access not working with the Compute Engine
- [SONAR-14320] - Unable to start SQ when switching admin account from SSO to local
- [SONAR-14322] - api/issues/search returns all issues if provided rule key doesn't exist
- [SONAR-14570] - Email notifications show numerical rating value rather than letter
- [SONAR-14585] - Fix TOC-TOU race conditon in Webhook
- [SONAR-14619] - Azure DevOps PR Decoration not working due to wrong iteration inferral
- [SONAR-14642] - Unescaped HTML in JSON server responses
- [SONAR-14659] - Bitbucket onboarding should not be possible when several bindings are configured
- [SONAR-14660] - Can't download sonar-DATE.log from the web UI
- [SONAR-14668] - Fix XSS via the About page
- [SONAR-14682] - Fix Blind Server-Side Request Forgery (SSRF) in Webhook
- [SONAR-14683] - Cannot delete an ALM configuration (at admin level) in Community
- [SONAR-14684] - Do not disclose sensitive information in the authentication settings form
- [SONAR-14685] - 8.8 installation fails on Oracle with quoted schema name
- [SONAR-14691] - Upgrade #4122 fail on corrupted application structure
- [SONAR-14693] - Setting a new code period reference branch fails when selected branch name is longer than 40 characters
- [SONAR-14697] - Wrong instruction when adding azure DevOps sonar scanner for .Net
- [SONAR-14698] - Live indexation is not using all Compute Engine workers
- [SONAR-14699] - Deletion & purge of project is slow
- [SONAR-14715] - API call errors are shown on the About page when the issue indexation is in progress
- [SONAR-14731] - Fix GitScmProvider logs
- [SONAR-14733] - Duplicate warning about default admin credentials in startup logs
- [SONAR-14734] - Minimum width not respected on Settings page
- [SONAR-14739] - JGit's logs are too verbose with debug enabled
- [SONAR-14746] - BitbucketServer integration: errors are not logged
New Feature
- [SONAR-14770] - Improve CFamily analysis: 16+ rules dedicated to C++20 standard (experimental)
- [SONAR-14774] - Improve SonarJava analysis: new rules specific to Java 9-15 and existing rules adapted to Java 9-15
- [SONAR-14781] - Improve C# analysis: 3 new security rules related to Authentication & Web Access Control
Task
- [SONAR-13468] - Sign publications before publishing to the artifactory
- [SONAR-14571] - Add index on WEBHOOK_UUID to WEBHOOK_DELIVERIES
- [SONAR-14624] - Add external plugin consent information to system info file and support info file
- [SONAR-14675] - Community Edition should have an EditionProvider
- [SONAR-14676] - Shade core jars into a single jar
- [SONAR-14677] - Adjust Server base URL description to include HTTPS
- [SONAR-14729] - Ensure DB migration 7.9->8.9 on PostgreSQL is performant after Hardening on small dataset
- [SONAR-14730] - Ensure DB migration 7.9->8.9 on PostgreSQL is performant after Hardening on big dataset
- [SONAR-14744] - Ensure DB migration 7.9->8.9 on SQL Server is performant after Hardening on big dataset
- [SONAR-14748] - Create an SonarQube Helm Chart Github repository
- [SONAR-14758] - Update dependencies for Flex
- [SONAR-14762] - Update dependencies for VB6
- [SONAR-14763] - Update dependencies for PLSQL
- [SONAR-14764] - Update dependencies for Apex
- [SONAR-14765] - Update dependencies for Scala
- [SONAR-14766] - Update dependencies for Go
- [SONAR-14767] - Update dependencies for Ruby
- [SONAR-14768] - Update dependencies for Kotlin
- [SONAR-14769] - Update dependencies for Python
- [SONAR-14771] - Update dependencies for ABAP
- [SONAR-14775] - Update dependencies for PLI
- [SONAR-14776] - Update dependencies for RPG
- [SONAR-14777] - Update dependencies for COBOL
- [SONAR-14778] - Update dependencies for Swift
- [SONAR-14779] - Update dependencies for JaCoCo XML Import
- [SONAR-14784] - Update dependencies for TSQL
- [SONAR-14787] - Update dependencies for CSS
- [SONAR-14788] - Update dependencies for JS
Improvement
- [SONAR-10485] - Provide a way to always enforce coverage and duplication Quality Gate conditions
- [SONAR-11834] - Add line wrapping to codeviewer
- [SONAR-11958] - Enhance anchors in embedded documentation navigation
- [SONAR-12082] - Adjust keyboard navigation instruction visibility
- [SONAR-12332] - System upgrades should refer to SonarQube Announcements
- [SONAR-12586] - Add back Portfolio Description feature in Portfolio dashboard
- [SONAR-12885] - PostgreSQL 9.3, 9.4, 9.5 end of support / PostgreSQL 13 support
- [SONAR-13123] - No handling of errors on issue search api call
- [SONAR-13141] - Standard code view for issues with a single secondary location on same line
- [SONAR-13217] - Auto scroll to uncovered lines
- [SONAR-13309] - Alt key select the first location for issues with secondary
- [SONAR-13360] - Drop multiple ALM Settings when downgrading from DCE/EE to DE
- [SONAR-13737] - Descriptive errors for GitLab token validation
- [SONAR-13740] - Run GitLab ITs on-premise on latest+minimum supported versions
- [SONAR-13906] - Prevent ALM binding configuration modal from closing when clicking outside
- [SONAR-14132] - Clarify the meaning of the "New quality gate status" notification setting
- [SONAR-14213] - Do not follow redirects when interacting with GitLab API
- [SONAR-14214] - Add the ability to unassign a security hotspot
- [SONAR-14333] - Tooltip hiding the line it is referring to
- [SONAR-14337] - Improve the readability of issue's comment in case of word breaking
- [SONAR-14440] - Better message for Branch Analysis tooltip
- [SONAR-14450] - Improve "add project" button labels
- [SONAR-14557] - Improve Issue resolution tooltip messages
- [SONAR-14572] - Update under maintenance message
- [SONAR-14582] - Update password hashing algorithm from bcrypt to PBKDF2WithHmacSHA512
- [SONAR-14583] - Allow users to enable authentication for Elasticsearch
- [SONAR-14604] - Improve reset password form layout
- [SONAR-14606] - Require risk consent to install plugins
- [SONAR-14618] - Use gender neutral wording on GitHub/GitLab Auth group sync description
- [SONAR-14620] - Update our list of officially supported database versions
- [SONAR-14625] - Upgrade Hazelcast to 4.0+
- [SONAR-14626] - Improve code line permalink
- [SONAR-14628] - ADO integration: Make API endpoint used version-specific
- [SONAR-14632] - Update EE promo on Background Tasks page
- [SONAR-14633] - Update edition promotion on Marketplace page
- [SONAR-14644] - Update Accept header for Github API calls
- [SONAR-14646] - Copy issue state when new issues are merged from a branch to its reference branch
- [SONAR-14647] - Display SonarSource T&Cs in DockerHub
- [SONAR-14661] - Disable plugin installation from marketplace page
- [SONAR-14662] - Redirected sysadmin to consent page after login if consent is required
- [SONAR-14670] - Wrap calls to dompurify
- [SONAR-14671] - Update Github Enterprise supported version to 2.21
- [SONAR-14678] - Heap Size of processes should have sane defaults per edition
- [SONAR-14681] - Improve database upgrade speed for migration 3208
- [SONAR-14686] - Database migration deleting table/PK should not fail when the object don't exist
- [SONAR-14690] - Upgrade Elasticsearch to 7.12.X
- [SONAR-14692] - Add docs reference to 'sonar.branch.target' deprecation message
- [SONAR-14700] - Switch from replica set to stateful set
- [SONAR-14701] - Create meaningful liveness/readiness/startup probes
- [SONAR-14703] - include optional nginx-ingress helm chart dependency
- [SONAR-14704] - include node tenancy option
- [SONAR-14706] - Support and Document secret mounts
- [SONAR-14725] - Remove embedded documentation's calls to the update-center
- [SONAR-14726] - Don't restrict GitHub Actions tutorial to github.com
- [SONAR-14728] - Improve UX around scanner's download from an in-app tutorial
- [SONAR-14735] - Improve logs for Plugin Risk Consent
- [SONAR-14736] - Highlight that installing plugins is manual
- [SONAR-14738] - Use api/alm_settings/list instead of api/alm_settings/list_definitions in tutorials
- [SONAR-14740] - Improve PHP analysis - several improvements and fixes
- [SONAR-14741] - Improve HTML analysis - several improvements
- [SONAR-14745] - Update README in extensions/plugins directory
- [SONAR-14749] - Overwrite DNS TTL on all docker images
- [SONAR-14750] - Improve PR Warning when base branch is not found to identify common ancestor
- [SONAR-14757] - Improve XML analysis - several improvements and fixes
- [SONAR-14761] - Improve JS analysis - many improvements and fixes
- [SONAR-14780] - Improve VB analysis - many improvements and fixes
- [SONAR-14783] - Link to Java upgrade notes in scanner warning
- [SONAR-14785] - Improve Java, JS/TS, PHP, C# taint analysis: 120 improvements and fixes
- [SONAR-14797] - Microsoft SQL Server 2019 support
- [SONAR-14798] - Oracle 11G end of support
Documentation
- [SONAR-14398] - Help users migrate projects analyses to Java 11
- [SONAR-14592] - Don't make Bitbucket Pipelines wait on the Quality Gate by default
- [SONAR-14623] - Add note about accepting plugin risk to docs
- [SONAR-14636] - Include Azure DevOps Server 2020 as supported
- [SONAR-14645] - Update fail the pipeline analysis parameter documentation
- [SONAR-14702] - Document readiness delays
- [SONAR-14705] - Document missing sidecar config
- [SONAR-14707] - Document missing monitoring solution
- [SONAR-14708] - Document missing log collection
- [SONAR-14711] - Finalize Upgrade Notes
- [SONAR-14713] - Reinstalling admin access query need to be updated
- [SONAR-14737] - Use consistent wording for plugin risk consent
- [SONAR-14759] - Database schema upgrade can consume a lot of disk space
Edit/Copy Release Notes
The text area below allows the project release notes to be edited and copied to another document.