Release Notes - SonarQube - Version 9.1 - HTML format

Bug

  • [SONAR-13363] - Project overview loaded twice
  • [SONAR-15122] - Fix Monorepo Bitbucket Report Key generation for long SQ Project Keys
  • [SONAR-15123] - Fix FP in CeWorkersTest
  • [SONAR-15133] - Gitlab project onboarding is failing on Gitlab.com
  • [SONAR-15135] - Azure onboarding not showing correct error message
  • [SONAR-15137] - Authentication should not let users create a duplicate account with another Identity Provider
  • [SONAR-15171] - Gitlab authentication group sync returns groups despite user is not a member of it
  • [SONAR-15172] - Fix GitHub Authentication recycling vulnerability
  • [SONAR-15178] - License plugin isn't compatible with Java 8
  • [SONAR-15196] - Fix vulnerability with Tomcat when used behind a reverse proxy
  • [SONAR-15202] - Sub-portfolios aren't properly displayed as favorite
  • [SONAR-15203] - Azure DevOps PR decoration are failing when the scanner is run outside of an Azure context
  • [SONAR-15211] - Updating an issue related to a removed rule fails
  • [SONAR-15225] - Cancelled Project Reload tasks are leading to inappropriate state of issue indexing
  • [SONAR-15233] - Onboarding personal repos - Bitbucket server
  • [SONAR-15240] - Startup fails if rule is moved to a different language
  • [SONAR-15244] - Despite "sonar.log.useJsonOutput" is enabled some logs are still not in a JSON format
  • [SONAR-15275] - Make it explicit in the UI that you cannot bulk comment issues without making any other changes
  • [SONAR-15284] - Background Tasks filter 'Type' contains duplicated entries that mean different things
  • [SONAR-15375] - Fix memory disclosure vulnerability in Elasticsearch
  • [SONAR-15388] - Bitbucket Server Validation fails on missing response body
  • [SONAR-15391] - Typing a colon in the search breaks the UI
  • [SONAR-15393] - Improve Swift analysis: fix regression: should be possible to use non-default rule parameters
  • [SONAR-15405] - Change permissions of "api/views/define" to Administer System
  • [SONAR-15503] - Fix denial of service vulnerability in Elasticsearch

New Feature

  • [SONAR-15138] - Enable users to download a PDF report on projects and apps
  • [SONAR-15139] - Add scheduled email project reports subscription
  • [SONAR-15142] - Store audit logs of security-related operations
  • [SONAR-15143] - Enable users to download audit logs
  • [SONAR-15144] - Add Audit Logs Housekeeping Policy
  • [SONAR-15174] - Added support for C#9 pattern matching for existing rules
  • [SONAR-15205] - Improve Java analysis: Support of Java 16 specific features
  • [SONAR-15210] - Improve Python analysis: it adapts its behavior to your Python runtime to raise more issues
  • [SONAR-15238] - Improve Kotlin analysis: prevent developers from doing mistakes with “coroutines”
  • [SONAR-15322] - Allow SQ DB fit encrypted DevOps Platform values
  • [SONAR-15330] - Improve PHP analysis: rules to make secure WordPress plugins
  • [SONAR-15334] - Add endpoint that extracts all project issues
  • [SONAR-15345] - Add CWE Top 25 2021 in Security Report page
  • [SONAR-15361] - Improve C# analysis - C#9 Lambdas and local functions
  • [SONAR-15389] - Improve JavaScript and TypeScript analysis: write efficient, error-free and safe regular expressions
  • [SONAR-15390] - Improve Injection Rules analysis: execution time divided by two in average, PHP WordPress support and better precision of Python checks
  • [SONAR-15392] - Improve PHP analysis: write efficient, error-free and safe regular expressions
  • [SONAR-15394] - Improve CFamily analysis : 4 more C++20 rules and rules hardening

Task

  • [SONAR-14617] - Remove usages of sonar-ui-common
  • [SONAR-14831] - Exclude unused dataformat module (cbor, smile, yaml) from SonarQube dependencies
  • [SONAR-15146] - Integration Tests for Audit Logs
  • [SONAR-15166] - Update front-end dependency
  • [SONAR-15168] - Update logstash credentials to connect ES cloud
  • [SONAR-15200] - Allow indexation of config files (YAML)
  • [SONAR-15224] - Integration Tests for Project Report
  • [SONAR-15242] - Chaos Test DCE-Resilience in k8s
  • [SONAR-15245] - Compare logs on stdout with logs in files
  • [SONAR-15259] - Refactor storage of Portfolios from XML to DB
  • [SONAR-15285] - Improve CFamily analysis : hotfix of crash in 6.24 and 1 more rule
  • [SONAR-15297] - Clean up sonar-ui-common build
  • [SONAR-15305] - Integration Tests for Audit Logs deletion
  • [SONAR-15325] - Extend ITs to work with encrypted secrets
  • [SONAR-15333] - Bump nodejs version to the latest LTS
  • [SONAR-15336] - Findings Extract Integration Tests
  • [SONAR-15339] - Integration Tests for Filtered Secured Settings
  • [SONAR-15368] - Make sure SVN properties can be configured on Scanner
  • [SONAR-15378] - Migration task to remove existing SVN properties from Database
  • [SONAR-15380] - Remove SVN properties configuration section on Administration
  • [SONAR-15382] - Benchmark Findings Extract Endpoint Performance
  • [SONAR-15402] - Release SonarQube DCE Helm Chart

Improvement

  • [SONAR-10762] - Drop deprecated Custom Measures feature
  • [SONAR-11094] - Add the node name in cluster logs
  • [SONAR-11411] - Detection of inactive projects should take into account branches and PRs
  • [SONAR-11538] - Explain measure bubble charts only take into account the first 500 files
  • [SONAR-12004] - Use of diamond icon for events in Activity graph is not straightforward
  • [SONAR-12018] - Keep users on measure page when drilling down a portfolio project
  • [SONAR-12019] - "projects" instead of "files" in the measures page for portfolios and applications
  • [SONAR-12560] - Better explain the concept of bugs in documentation
  • [SONAR-13060] - Improvement for license page and LOC notification threshold
  • [SONAR-13086] - Improve Security Hotspot comments UI
  • [SONAR-13149] - Verify fields with specific URL formats
  • [SONAR-13150] - Quality Profile with 0 rules can be used by a project
  • [SONAR-13154] - Quality Gate with 0 conditions should not be used by a project
  • [SONAR-13273] - Improve folder exploration
  • [SONAR-13293] - Unsubscribing from a portfolio report should be more straightforward
  • [SONAR-13337] - Improve user feedback when analysis cannot be performed due to full disk
  • [SONAR-13623] - Replace "master/slave" (and more) with a better terminology
  • [SONAR-13736] - Filter on file in the code page should remain when browser back is click
  • [SONAR-13742] - GitHub Onboarding: display GH links and SQ links
  • [SONAR-13798] - Show NCLOC of the analysis when it's over the license's limit
  • [SONAR-13876] - LoC count in project info is not branch aware
  • [SONAR-13879] - Add "Default" badge to the Quality Profile comparison page
  • [SONAR-13888] - Jenkins Tutorial steps order should be adjusted to better match user flow
  • [SONAR-13889] - Jenkins Tutorial should be more accurate and precise
  • [SONAR-13890] - Jenkins/Bitbucket/GitHub tutorial end is blurry and lacking analysis progress feedback
  • [SONAR-13990] - Users struggle to find the review button on the Security Hotspot interface
  • [SONAR-14023] - Make colored ball "System health status" explicit
  • [SONAR-14139] - Prevent users from using a Quality Gate with no conditions
  • [SONAR-14511] - Improve Security Hotspot status change flow
  • [SONAR-14848] - Make long version in overview tab readable
  • [SONAR-15036] - Use monospace font for the license ID
  • [SONAR-15061] - Explain how to set up Java 11 for Azure Pipelines
  • [SONAR-15104] - Add mention to compilation database, multithreading and caching to all CFamily tutorials
  • [SONAR-15106] - More generic build command for Azure+CFamily Tutorial
  • [SONAR-15119] - Tutorials shouldn't always mention that the page will automatically reload
  • [SONAR-15163] - Update Elasticsearch to 7.13.3
  • [SONAR-15173] - Improve VB analysis: performance improvement and minor fixes
  • [SONAR-15175] - Add warnings about requesting license with an embedded DB
  • [SONAR-15177] - Improve code view UI when no file was analyzed
  • [SONAR-15192] - Allow DNS resolution as search nodes cluster discovery mechanism
  • [SONAR-15193] - Security Review Rating contextual help is not correct on Project Home page
  • [SONAR-15194] - Deprecate 'ProfileExporter' and 'ProfileImporter' in the Java API
  • [SONAR-15195] - Mention that quality profile exporters are deprecated
  • [SONAR-15208] - Scanner should distinguish between network and server errors when uploading report
  • [SONAR-15212] - Update Security Categories vs CWE Mapping (Security Reports, Security Hotspots)
  • [SONAR-15228] - Add missing web service response examples
  • [SONAR-15230] - Adjust Hazelcast usage to k8s
  • [SONAR-15231] - Improve Elasticsearch pooling in cluster
  • [SONAR-15234] - DB migrations should always be re-entrant
  • [SONAR-15236] - Persistence of built-in QPs in DB should use the same transaction as ElasticSearch
  • [SONAR-15237] - Improve startup performance of the web process
  • [SONAR-15239] - Dedicated liveness endpoint for K8 liveness probe
  • [SONAR-15243] - Enable json logging for K8s
  • [SONAR-15252] - Improve XML analysis: fix false-positives raised on Android XML files
  • [SONAR-15254] - Update Helm liveness probe to use the api/system/liveness endpoint
  • [SONAR-15258] - Add access to App Settings to configure Report Frequency
  • [SONAR-15261] - Separate SQ Helm Charts latest/lts
  • [SONAR-15279] - Bulk change Rules if edit permissions on single Quality Profile
  • [SONAR-15301] - Ease project creation page comprehension
  • [SONAR-15303] - Improve DevOps Platform configuration screen wording to reduce confusion around personal access token
  • [SONAR-15304] - Adjust alert wording on project creation page
  • [SONAR-15310] - Maven tutorial not aligned with Maven documentation
  • [SONAR-15312] - Jenkins tutorial must guide user to correctly configure pull/merge request discovery
  • [SONAR-15313] - Drop WebAPI endpoints deprecated since 7.X
  • [SONAR-15323] - Decrypt Global DevOps Platform Settings
  • [SONAR-15327] - Inform admin users that DevOps Platform secrets can be encrypted
  • [SONAR-15331] - Improve JavaScript and TypeScript analysis: support wildcards for coverage report paths, drop deprecated TypeScript properties
  • [SONAR-15335] - Avoid returning duplicates when paging through api/findings/extract
  • [SONAR-15338] - Filter SQ secured properties on settings endpoint
  • [SONAR-15340] - Increase form fields size to fit encrypted DevOps Setting Values
  • [SONAR-15344] - Comply with new DockerHub enforcement for latest release
  • [SONAR-15346] - Improve RPG analysis: update documentation to reflect the support of free-form syntax for all specification types
  • [SONAR-15349] - Add warning to SVN Analysis if authentication details are not found
  • [SONAR-15350] - Provide Metadata for ArtifactHub
  • [SONAR-15362] - Improve VB.NET analysis
  • [SONAR-15365] - Improve Java analysis: Quick fixes for SonarLint + Bug fixes
  • [SONAR-15366] - Allow admins to easily find a specific setting
  • [SONAR-15376] - Apply secret input field to all secured properties
  • [SONAR-15377] - Unify Database Overwrite in Helm Charts
  • [SONAR-15395] - Improve C# analysis - Removal of some False Positives
  • [SONAR-15396] - Improve VB.NET analysis - Removal of some False Positives
  • [SONAR-15400] - Replace "ALM" with "DevOps platform"

Documentation

  • [SONAR-15140] - Add information on downloading project reports
  • [SONAR-15141] - Fix Jenkins scanner docs formatting in embedded docs
  • [SONAR-15145] - Explain Audit Logs
  • [SONAR-15188] - Remove "Based on observations from code on SonarCloud" line from Executable Lines docs
  • [SONAR-15199] - Fix Helm Chart build dependency documentation
  • [SONAR-15209] - Add PHPStan and Psalm to external analyzers documentation
  • [SONAR-15213] - Add minimum and maximum inactivity timeout duration to en vars docs
  • [SONAR-15226] - Replace "ALM" with "DevOps platform"
  • [SONAR-15232] - Document usage of DCE helm chart
  • [SONAR-15251] - Document SonarQube Upgrade procedure on Kubernetes
  • [SONAR-15256] - Reorganize upgrading documentation and add missing information
  • [SONAR-15281] - Fix navigation headings in Setup and Upgrade
  • [SONAR-15326] - Add DevOps Platform Secrets to Encryption Documentation
  • [SONAR-15337] - Findings Extract Documentation
  • [SONAR-15341] - Document Helm Repository
  • [SONAR-15343] - [Documentation] Adding Coding Rules has formatting issue
  • [SONAR-15348] - Indicate that .secured properties will be filtered in Upgrade Notes
  • [SONAR-15351] - Update SonarScanner for .NET documentation
  • [SONAR-15381] - Make it clear that users disabled on external identity provider need to be manually disabled on SonarQube

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.