Release Notes - SonarQube - Version 9.2 - HTML format

Bug

  • [SONAR-14315] - Cannot paginate /api/project_tags/search
  • [SONAR-15070] - Setting sonar.search.host and sonar.web.host causes SQ to fail at start
  • [SONAR-15309] - Sometimes portfolio is empty even if the project is not
  • [SONAR-15311] - Analyzer Documentation is not up to date in static documentation
  • [SONAR-15397] - Tags aren't filtered by branch
  • [SONAR-15398] - Project is not removed from application_projects table when deleted
  • [SONAR-15404] - Documentation tooltip links don't work when sonar.web.context is defined
  • [SONAR-15406] - Issue change log is not sort by createdDate
  • [SONAR-15413] - Artifacthub shows outdated security rating
  • [SONAR-15418] - Suppress Elasticsearch timeout exception when waiting for it to be UP
  • [SONAR-15422] - Portfolios 'selection_expression' column is too short
  • [SONAR-15424] - Compute Engine fails with NPE when analysing PR without main branch
  • [SONAR-15425] - 'api/rules/repositories' is empty for new instances
  • [SONAR-15430] - GitHub Actions tutorial for C/C++/Objective C is incorrect
  • [SONAR-15471] - File list on Code page broken if long file names
  • [SONAR-15484] - Missing translation parameter when adding a sub-portfolio
  • [SONAR-15485] - Licenses of third-party libraries are not available
  • [SONAR-15488] - Gitlab onboarding can fail in case of thousands of projects
  • [SONAR-15496] - Application branch failure
  • [SONAR-15501] - Fix response example for api/project_analyses/search endpoint
  • [SONAR-15509] - System Upgrade modal will not promote latest LTS if just released
  • [SONAR-15515] - Language distribution isn't displayed properly on the line of code measure page
  • [SONAR-15517] - User details update causes issues for downloading Audit logs
  • [SONAR-15519] - Setting a projectKey in pom.xml doesn't work for multi-module Maven projects
  • [SONAR-15530] - Portfolio PDF doesn't take "sonar.core.baseUrl" value into account without a server restart
  • [SONAR-15575] - Keyboard navigation is broken in hotspots page
  • [SONAR-15594] - Possibility of infinite portfolio computation
  • [SONAR-15654] - liveness endpoint not whitelisted with force authentication

New Feature

  • [SONAR-13426] - Users can expose badges of a private project
  • [SONAR-13427] - Project administrators can revoke a previously exposed badge of a project
  • [SONAR-15408] - Custom config for security analysis supports validators
  • [SONAR-15412] - Add CodeMagic to the list of supported CI for branch and pull-request detection
  • [SONAR-15428] - Support Bitbucket Cloud authentication
  • [SONAR-15468] - Improve Kotlin analysis: offer the same security rules than the Java analyzer
  • [SONAR-15483] - Improve C# analysis: more C#9 support and new rules
  • [SONAR-15498] - When using manual project selection, portfolio's administrator can select which branches of a project to take into account
  • [SONAR-15499] - When using tags/regex/remaining project selection, portfolio's administrator can specify which branch name to take into account
  • [SONAR-15502] - Improve PHP analysis: 8 rules to write efficient, error-free and safe regular expressions
  • [SONAR-15507] - Prompt system admins to update their system
  • [SONAR-15521] - Improve CFamily analysis: 7 new C++20 rules, 1 new C rule
  • [SONAR-15526] - Analyze CloudFormation and Terraform for AWS files
  • [SONAR-15529] - Improve XML analysis: detect misconfiguration security issues on Android applications
  • [SONAR-15564] - Improve Kotlin analysis: detect misconfiguration security issues on Android applications
  • [SONAR-15567] - Add the possibility to export projects to the Community Edition
  • [SONAR-15600] - Improve JS/TS analysis: support TypeScript 4.4 + 8 rules to write better unit tests using Mocha and Chai
  • [SONAR-15624] - Improve Kotlin analysis: rules to write efficient, error-free and safe regular expressions
  • [SONAR-15625] - Improve Python analysis: rules to write efficient, error-free and safe regular expressions
  • [SONAR-15643] - Improve SonarC# analysis - C# 10 language features can be parsed without failure
  • [SONAR-15657] - Improve Terraform/CloudFormation analysis for AWS: Traceability and Encryption at Transift rules
  • [SONAR-15659] - Improve SonarC# analysis - Support scoped namespaces in C# 10
  • [SONAR-15662] - Improve Python analysis: support Python 3.10

Task

  • [SONAR-14907] - Update WebAPI docs for with up-to-date parameters and response examples
  • [SONAR-15201] - Enable new sonar-config plugin for SonarQube
  • [SONAR-15307] - Run Audit Purge operation in batches
  • [SONAR-15417] - Bump version of org.owasp.dependencycheck
  • [SONAR-15429] - Write an IT to validate Bitbucket Cloud authentication
  • [SONAR-15469] - Stop using deprecated Gradle API in SonarQube
  • [SONAR-15470] - Do not declare Gradle build dependencies using compile and runtime configurations
  • [SONAR-15474] - Upgrade java-saml version to 2.8.0
  • [SONAR-15482] - VB.NET release, no changes
  • [SONAR-15534] - Improve Java analysis: Promotion of Quick fixes in SQ
  • [SONAR-15542] - Add UI ITs for QG delegation feature
  • [SONAR-15547] - Add Backend ITs for QG delegation feature
  • [SONAR-15570] - Create/Update Integration Test for checking export project in Community Edition
  • [SONAR-15572] - Upgrade Tomcat to 8.5.72
  • [SONAR-15623] - Update netty from 4.1.65 to 4.1.70
  • [SONAR-15642] - Improve SonarVB analysis - No significant changes
  • [SONAR-15653] - Promotion of SonarLint in SonarQube
  • [SONAR-15663] - Improve CSS analysis: now the CSS analyzer is part of the JS/TS analyzer
  • [SONAR-15676] - SonarQube ES binds to a unknown NIC

Improvement

  • [SONAR-13434] - Improve documentation on project visibility change
  • [SONAR-14658] - Clarify "Additional security-related rules are available" in security reports
  • [SONAR-14694] - Fix api/project_dump/status API permissions
  • [SONAR-15086] - Link C/C++ sample projects to tutorials
  • [SONAR-15352] - Reopened closed hotspots should bring back their previous state
  • [SONAR-15360] - Deprecate old built-in JS/TS quality profile
  • [SONAR-15387] - Import of Generic Tests data shouldn't fail if a file has no recognized language
  • [SONAR-15423] - Download 'access.log' in the system administration page
  • [SONAR-15426] - Put Bitbucket Cloud Authentication settings under DevOps Platform Integration
  • [SONAR-15440] - Manage QualityGate user permissions
  • [SONAR-15441] - Manage QualityGate group permissions
  • [SONAR-15442] - Deactivate an user should remove its permission on Quality Gate
  • [SONAR-15443] - Removing a group should also remove its permission on Quality Gate
  • [SONAR-15450] - Take pull requests into account when counting instance's NLOC
  • [SONAR-15458] - Promote SonarLint in branch and pull request with failed condition
  • [SONAR-15459] - Promote SonarLint on dev ops platform PR/MR with failed condition
  • [SONAR-15467] - Promote SonarLint on the GitHub summary comment
  • [SONAR-15473] - Add SonarLint Promotion on issues when Quick Fix can apply
  • [SONAR-15480] - Update `api/issues/search` to include isQuickFixAvailable
  • [SONAR-15487] - Add isQuickFixAvailable information in Scanner report
  • [SONAR-15506] - Update "System Upgrade" modal heading to "New update available"
  • [SONAR-15508] - Strongly encourage sysadmins to update when running a EOL version of SonarQube
  • [SONAR-15511] - Return LTS version information in /api/system/upgrades
  • [SONAR-15523] - Support quickFixAvailable feature with Oracle and MSSQL databases
  • [SONAR-15528] - Import/Export portfolios supports branches
  • [SONAR-15539] - Removing a Quality Gate should also remove its user and group permissions
  • [SONAR-15546] - Add patch version in the update info box
  • [SONAR-15548] - Extend permission on Quality Gate actions to selected users and groups
  • [SONAR-15574] - Move `Export Project` feature from EE submodules to OS codebase
  • [SONAR-15577] - Improve PHP analysis: fix regex parsing errors
  • [SONAR-15579] - Show an accurate error message when template key matching collides
  • [SONAR-15587] - Show promotion of SonarLint on the first login of SQ
  • [SONAR-15588] - Able to dismiss the SonarLint promotion advertisement
  • [SONAR-15601] - Clarify that the QG permission can be delegated to a group
  • [SONAR-15602] - Add Audit logs for Quality Gate Permission actions.
  • [SONAR-15603] - Add Audit logs for Quality Profile Permission actions.
  • [SONAR-15604] - Make wording on quality gate permission removal more explicit
  • [SONAR-15605] - Make wording on quality profile permission removal more explicit
  • [SONAR-15611] - Deprecate portfolio XML web services
  • [SONAR-15613] - Settings search results are not very accurate
  • [SONAR-15614] - Remove the About Page
  • [SONAR-15622] - Change Exclusions subcategory order to reflect everyday usage
  • [SONAR-15627] - System Administration page message should be aligned with the banner content
  • [SONAR-15630] - Improve CFamily analysis: bug fixes
  • [SONAR-15644] - Integrate CSS analysis in JS plugin
  • [SONAR-15650] - Improve PHP analysis: improvements on the regexp rules - less FPs
  • [SONAR-15658] - Improve SonarVB analysis - FP's Fixed
  • [SONAR-15661] - Add a link to the source Plugin Matrix directly in the documentation
  • [SONAR-15669] - Improve RPG analysis: copy-paste detection considers free-form format
  • [SONAR-15670] - Improve performance of Kotlin analysis: up to 10x less time
  • [SONAR-15671] - Improve Command Injection rule: distinguish the cases of Command vs Arguments injection

Documentation

  • [SONAR-14343] - Improve documentation on Coverage
  • [SONAR-15180] - Document support for Azure DevOps Server 2020 Express editions
  • [SONAR-15354] - Replace dead links in SonarQube Documentation
  • [SONAR-15409] - Homogenize Description of helm charts
  • [SONAR-15410] - README on DCE helm chart points to the wrong documentation
  • [SONAR-15411] - Fix glitch in sonarqube-cluster-on-kubernetes Overview
  • [SONAR-15421] - Document upgrading version and edition simultaneously
  • [SONAR-15427] - Document how to enable authentication using Bitbucket Cloud
  • [SONAR-15431] - Make info on rebuilding indexes more prominent
  • [SONAR-15436] - Upgrade note about removing the plugin & the upgrade path
  • [SONAR-15449] - Document CodeMagic CI instructions
  • [SONAR-15462] - Document SonarLint Connected Mode with SonarQube
  • [SONAR-15466] - Display information about SonarLint in the (?) menu
  • [SONAR-15532] - Document delegating Quality Gate permissions to users or groups
  • [SONAR-15545] - Document project branches selection for portfolio
  • [SONAR-15551] - Add Elasticsearch authentication environment variables
  • [SONAR-15571] - Update the Project Move page to add export starting with Community Edition
  • [SONAR-15582] - Update SonarScanner for .NET documentation
  • [SONAR-15618] - Update Portfolio documentation on permissions and sub-portfolios
  • [SONAR-15621] - Update Azure Devops Extension Compat changes
  • [SONAR-15626] - Provide recommendations how to secure the traffic with SonarQube
  • [SONAR-15656] - Document ES Keystore/Truststore pitfalls

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.