Release Notes - SonarQube - Version 8.9 - HTML format

Bug

  • [SONAR-12101] - When a branch is deleted from a project, it's not deleted from applications
  • [SONAR-12323] - Cannot clear the GitHub endpoint setting at project level
  • [SONAR-12454] - [Azure DevOps] PR decoration is failing with unauthorized status code
  • [SONAR-13645] - GitHub binding will be broken when SQ project key get updated
  • [SONAR-13709] - When an Application is set as a Local Reference of a Portfolio, the Portfolio computation will be executed, regardless of the computation hours
  • [SONAR-13713] - Directory and File facets search is broken on Applications and Portfolios
  • [SONAR-13765] - Permission page doesn't behave properly at minimum width
  • [SONAR-13849] - handle multi-schema during database upgrade & data migration
  • [SONAR-14045] - Deleting an application branch will not remove it from the branch list until the app is recomputed
  • [SONAR-14078] - Errors raised because of duplication of notification keys after upgrading to SonarQube 8.4+
  • [SONAR-14115] - When an app is in a sub-portfolio there is issue when deleting the app
  • [SONAR-14253] - Authenticated JMX remote access not working with the Compute Engine
  • [SONAR-14320] - Unable to start SQ when switching admin account from SSO to local
  • [SONAR-14322] - api/issues/search returns all issues if provided rule key doesn't exist
  • [SONAR-14570] - Email notifications show numerical rating value rather than letter
  • [SONAR-14585] - Fix TOC-TOU race conditon in Webhook
  • [SONAR-14619] - Azure DevOps PR Decoration not working due to wrong iteration inferral
  • [SONAR-14642] - Unescaped HTML in JSON server responses
  • [SONAR-14659] - Bitbucket onboarding should not be possible when several bindings are configured
  • [SONAR-14660] - Can't download sonar-DATE.log from the web UI
  • [SONAR-14668] - Fix XSS via the About page
  • [SONAR-14682] - Fix Blind Server-Side Request Forgery (SSRF) in Webhook
  • [SONAR-14683] - Cannot delete an ALM configuration (at admin level) in Community
  • [SONAR-14684] - Do not disclose sensitive information in the authentication settings form
  • [SONAR-14685] - 8.8 installation fails on Oracle with quoted schema name
  • [SONAR-14691] - Upgrade #4122 fail on corrupted application structure
  • [SONAR-14693] - Setting a new code period reference branch fails when selected branch name is longer than 40 characters
  • [SONAR-14697] - Wrong instruction when adding azure DevOps sonar scanner for .Net
  • [SONAR-14698] - Live indexation is not using all Compute Engine workers
  • [SONAR-14699] - Deletion & purge of project is slow
  • [SONAR-14715] - API call errors are shown on the About page when the issue indexation is in progress
  • [SONAR-14731] - Fix GitScmProvider logs
  • [SONAR-14733] - Duplicate warning about default admin credentials in startup logs
  • [SONAR-14734] - Minimum width not respected on Settings page
  • [SONAR-14739] - JGit's logs are too verbose with debug enabled
  • [SONAR-14746] - BitbucketServer integration: errors are not logged

New Feature

  • [SONAR-14770] - Improve CFamily analysis: 16+ rules dedicated to C++20 standard (experimental)
  • [SONAR-14774] - Improve SonarJava analysis: new rules specific to Java 9-15 and existing rules adapted to Java 9-15
  • [SONAR-14781] - Improve C# analysis: 3 new security rules related to Authentication & Web Access Control

Task

  • [SONAR-13468] - Sign publications before publishing to the artifactory
  • [SONAR-14571] - Add index on WEBHOOK_UUID to WEBHOOK_DELIVERIES
  • [SONAR-14624] - Add external plugin consent information to system info file and support info file
  • [SONAR-14675] - Community Edition should have an EditionProvider
  • [SONAR-14676] - Shade core jars into a single jar
  • [SONAR-14677] - Adjust Server base URL description to include HTTPS
  • [SONAR-14729] - Ensure DB migration 7.9->8.9 on PostgreSQL is performant after Hardening on small dataset
  • [SONAR-14730] - Ensure DB migration 7.9->8.9 on PostgreSQL is performant after Hardening on big dataset
  • [SONAR-14744] - Ensure DB migration 7.9->8.9 on SQL Server is performant after Hardening on big dataset
  • [SONAR-14748] - Create an SonarQube Helm Chart Github repository
  • [SONAR-14758] - Update dependencies for Flex
  • [SONAR-14762] - Update dependencies for VB6
  • [SONAR-14763] - Update dependencies for PLSQL
  • [SONAR-14764] - Update dependencies for Apex
  • [SONAR-14765] - Update dependencies for Scala
  • [SONAR-14766] - Update dependencies for Go
  • [SONAR-14767] - Update dependencies for Ruby
  • [SONAR-14768] - Update dependencies for Kotlin
  • [SONAR-14769] - Update dependencies for Python
  • [SONAR-14771] - Update dependencies for ABAP
  • [SONAR-14775] - Update dependencies for PLI
  • [SONAR-14776] - Update dependencies for RPG
  • [SONAR-14777] - Update dependencies for COBOL
  • [SONAR-14778] - Update dependencies for Swift
  • [SONAR-14779] - Update dependencies for JaCoCo XML Import
  • [SONAR-14784] - Update dependencies for TSQL
  • [SONAR-14787] - Update dependencies for CSS
  • [SONAR-14788] - Update dependencies for JS

Improvement

  • [SONAR-10485] - Provide a way to always enforce coverage and duplication Quality Gate conditions
  • [SONAR-11834] - Add line wrapping to codeviewer
  • [SONAR-11958] - Enhance anchors in embedded documentation navigation
  • [SONAR-12082] - Adjust keyboard navigation instruction visibility
  • [SONAR-12332] - System upgrades should refer to SonarQube Announcements
  • [SONAR-12586] - Add back Portfolio Description feature in Portfolio dashboard
  • [SONAR-12885] - PostgreSQL 9.3, 9.4, 9.5 end of support / PostgreSQL 13 support
  • [SONAR-13123] - No handling of errors on issue search api call
  • [SONAR-13141] - Standard code view for issues with a single secondary location on same line
  • [SONAR-13217] - Auto scroll to uncovered lines
  • [SONAR-13309] - Alt key select the first location for issues with secondary
  • [SONAR-13360] - Drop multiple ALM Settings when downgrading from DCE/EE to DE
  • [SONAR-13737] - Descriptive errors for GitLab token validation
  • [SONAR-13740] - Run GitLab ITs on-premise on latest+minimum supported versions
  • [SONAR-13906] - Prevent ALM binding configuration modal from closing when clicking outside
  • [SONAR-14132] - Clarify the meaning of the "New quality gate status" notification setting
  • [SONAR-14213] - Do not follow redirects when interacting with GitLab API
  • [SONAR-14214] - Add the ability to unassign a security hotspot
  • [SONAR-14333] - Tooltip hiding the line it is referring to
  • [SONAR-14337] - Improve the readability of issue's comment in case of word breaking
  • [SONAR-14440] - Better message for Branch Analysis tooltip
  • [SONAR-14450] - Improve "add project" button labels
  • [SONAR-14557] - Improve Issue resolution tooltip messages
  • [SONAR-14572] - Update under maintenance message
  • [SONAR-14582] - Update password hashing algorithm
  • [SONAR-14583] - Allow users to enable authentication for Elasticsearch
  • [SONAR-14604] - Improve reset password form layout
  • [SONAR-14606] - Require risk consent to install plugins
  • [SONAR-14618] - Use gender neutral wording on GitHub/GitLab Auth group sync description
  • [SONAR-14620] - Update our list of officially supported database versions
  • [SONAR-14625] - Upgrade Hazelcast to 4.0+
  • [SONAR-14626] - Improve code line permalink
  • [SONAR-14628] - ADO integration: Make API endpoint used version-specific
  • [SONAR-14632] - Update EE promo on Background Tasks page
  • [SONAR-14633] - Update edition promotion on Marketplace page
  • [SONAR-14644] - Update Accept header for Github API calls
  • [SONAR-14646] - Copy issue state when new issues are merged from a branch to its reference branch
  • [SONAR-14647] - Display SonarSource T&Cs in DockerHub
  • [SONAR-14661] - Disable plugin installation from marketplace page
  • [SONAR-14662] - Redirected sysadmin to consent page after login if consent is required
  • [SONAR-14670] - Wrap calls to dompurify
  • [SONAR-14671] - Update Github Enterprise supported version to 2.21
  • [SONAR-14678] - Heap Size of processes should have sane defaults per edition
  • [SONAR-14681] - Improve database upgrade speed for migration 3208
  • [SONAR-14686] - Database migration deleting table/PK should not fail when the object don't exist
  • [SONAR-14690] - Upgrade Elasticsearch to 7.12.X
  • [SONAR-14692] - Add docs reference to 'sonar.branch.target' deprecation message
  • [SONAR-14700] - Switch from replica set to stateful set
  • [SONAR-14701] - Create meaningful liveness/readiness/startup probes
  • [SONAR-14703] - include optional nginx-ingress helm chart dependency
  • [SONAR-14704] - include node tenancy option
  • [SONAR-14706] - Support and Document secret mounts
  • [SONAR-14725] - Remove embedded documentation's calls to the update-center
  • [SONAR-14726] - Don't restrict GitHub Actions tutorial to github.com
  • [SONAR-14728] - Improve UX around scanner's download from an in-app tutorial
  • [SONAR-14735] - Improve logs for Plugin Risk Consent
  • [SONAR-14736] - Highlight that installing plugins is manual
  • [SONAR-14738] - Use api/alm_settings/list instead of api/alm_settings/list_definitions in tutorials
  • [SONAR-14740] - Improve PHP analysis - several improvements and fixes
  • [SONAR-14741] - Improve HTML analysis - several improvements
  • [SONAR-14745] - Update README in extensions/plugins directory
  • [SONAR-14749] - Overwrite DNS TTL on all docker images
  • [SONAR-14750] - Improve PR Warning when base branch is not found to identify common ancestor
  • [SONAR-14757] - Improve XML analysis - several improvements and fixes
  • [SONAR-14761] - Improve JS analysis - many improvements and fixes
  • [SONAR-14780] - Improve VB analysis - many improvements and fixes
  • [SONAR-14783] - Link to Java upgrade notes in scanner warning
  • [SONAR-14785] - Improve Java, JS/TS, PHP, C# taint analysis: 120 improvements and fixes
  • [SONAR-14797] - Microsoft SQL Server 2019 support
  • [SONAR-14798] - Oracle 11G end of support

Documentation

  • [SONAR-14398] - Help users migrate projects analyses to Java 11
  • [SONAR-14592] - Don't make Bitbucket Pipelines wait on the Quality Gate by default
  • [SONAR-14623] - Add note about accepting plugin risk to docs
  • [SONAR-14636] - Include Azure DevOps Server 2020 as supported
  • [SONAR-14645] - Update fail the pipeline analysis parameter documentation
  • [SONAR-14702] - Document readiness delays
  • [SONAR-14705] - Document missing sidecar config
  • [SONAR-14707] - Document missing monitoring solution
  • [SONAR-14708] - Document missing log collection
  • [SONAR-14711] - Finalize Upgrade Notes
  • [SONAR-14713] - Reinstalling admin access query need to be updated
  • [SONAR-14737] - Use consistent wording for plugin risk consent
  • [SONAR-14759] - Database schema upgrade can consume a lot of disk space

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.