Release Notes - SonarQube - Version 9.3 - HTML format

Bug

  • [SONAR-13997] - Elasticsearch bootstrap check can be ignored in docker env
  • [SONAR-14929] - New Code using a 'reference branch' doesn't detect changed code with git merge workflow
  • [SONAR-15672] - Azure PR decoration can fail when there are deleted comments
  • [SONAR-15694] - Security fix (SSF-214)
  • [SONAR-15697] - New code detection when using reference branch and rebasing doesn't detect some commits on branch
  • [SONAR-15760] - Migration #6017 fails because 'selection_expression' column is too short
  • [SONAR-15766] - Import/Export menu item is available for applications & portfolios
  • [SONAR-15779] - l10n plugins prevent the UI from loading
  • [SONAR-15780] - Drop usage of deprecated columns type in MSSQL
  • [SONAR-15819] - Documentation search breaks after 2nd search
  • [SONAR-15824] - Web Service changelog not shown
  • [SONAR-15825] - Issues in unselected projects are shown for a portfolio
  • [SONAR-15828] - Error computing portfolio with >1000 references
  • [SONAR-15833] - Bitbucket tutorial for C/C++/Objective C is incorrect
  • [SONAR-15854] - Metric description not translated on PR and branches overview
  • [SONAR-15866] - Adding a branch to existing application reference and refresh, master branch get deselected
  • [SONAR-15894] - Dashboard links are broken for sub-portfolios
  • [SONAR-15901] - The SelectList component is often not a11y-friendly
  • [SONAR-15906] - Analyis warning documentation links are broken
  • [SONAR-15930] - SonarLint icon in PR decoration points to wrong link
  • [SONAR-15931] - Quality profiles comparison page doesn't properly handle large text
  • [SONAR-15941] - Active state of Component Navigation tabs is lost when interacting with the page
  • [SONAR-15960] - Update description of POST api/applications/remove_project web service
  • [SONAR-15965] - Export findings return duplicates
  • [SONAR-16000] - Security fix (SSF-225)

New Feature

  • [SONAR-15688] - Implement Prometheus endpoint for monitoring
  • [SONAR-15761] - Add a new API to declare Sensors as processing files independently
  • [SONAR-15802] - Portfolio’s administrators can select application’s branches to compute
  • [SONAR-15849] - Improve Ruby analysis: parse Ruby v3.0
  • [SONAR-15850] - Improve Apex analysis: parse Apex v53
  • [SONAR-15851] - Improve Scala analysis: parse Scala v3
  • [SONAR-15852] - Improve Go analysis: parse Go v1.17
  • [SONAR-15936] - Improve Java analysis: parse and analyze Java 17 features + improved precision for 14 rules
  • [SONAR-15940] - Detect Unicode BIDI characters to prevent Trojan Source Attacks
  • [SONAR-15955] - Support Terraform for Azure: detect security issues
  • [SONAR-15957] - Improve Swift analysis: parse Swift 5.5

Task

  • [SONAR-15102] - Check the status of 3rd Party Dependencies
  • [SONAR-15136] - Implement Gitlab.com Integration Tests
  • [SONAR-15655] - Update react-select to 4.3.1
  • [SONAR-15677] - Split the Validate task into parallel tasks
  • [SONAR-15680] - Fail sonar-docs build if documentation cannot be extracted from analyzer
  • [SONAR-15682] - sonar-docs build is no longer extracting the latest analyzer's documentation
  • [SONAR-15690] - Add check verifying if sonar.properties does not have any external input
  • [SONAR-15698] - Add IT for default SQ configuration
  • [SONAR-15743] - Upgrade emotion to v11
  • [SONAR-15781] - Do not ship source-maps for minified private JS code
  • [SONAR-15782] - Move application console and report code to core extensions
  • [SONAR-15837] - Add Integration Tests for Portfolios New Code
  • [SONAR-15847] - Remove unnecessary modules from Elasticsearch distribution
  • [SONAR-15862] - Migrate core-extension-governance build to esbuild
  • [SONAR-15863] - Migrate core-extension-license build to esbuild
  • [SONAR-15864] - Migrate core-extension-securityreport build to esbuild
  • [SONAR-15897] - Add integration test for inaccessible projects in portfolios
  • [SONAR-15942] - Remove the use of `KeyboardEvent.keycode`
  • [SONAR-15945] - Replace "T" typescript namespace by direct imports

Improvement

  • [SONAR-12166] - Add "Show more" functionality to Rules' Repository facet
  • [SONAR-15464] - Allow project admins to easily find a specific setting
  • [SONAR-15678] - Improve Export Findings payload
  • [SONAR-15679] - Upgrade jdbc drivers
  • [SONAR-15681] - Extend RulesDefinition in plugin API to have an Owasp Standard version
  • [SONAR-15686] - Files provided are restricted during PR analysis for selected sensors (XML, CSS and HTML)
  • [SONAR-15702] - Stop showing private project information through an Application
  • [SONAR-15703] - Secure Application Report Submission for users without access to all child projects
  • [SONAR-15725] - Improve portfolio’s administrator experience when they add an application to a portfolio
  • [SONAR-15726] - Inform the user about previously selected projects in any application within the portfolio hierarchy
  • [SONAR-15727] - Deprecate api/views/add_local_view web service
  • [SONAR-15733] - Deprecate api/views/local_views web service
  • [SONAR-15745] - Deprecate the usage of api/views/delete to remove local references
  • [SONAR-15750] - Deprecate "api/views/add_sub_view"
  • [SONAR-15754] - Remove support for application in view WS where it was deprecated
  • [SONAR-15768] - Add Prometheus metrics for web process, compute engine process, and elasticsearch
  • [SONAR-15769] - Add DevOps platforms status metrics
  • [SONAR-15770] - Add Compute Engine related metrics
  • [SONAR-15772] - Add Elasticsearch metrics
  • [SONAR-15773] - Add web_uptime_minutes metrics
  • [SONAR-15776] - Remove deprecation for 'Plugin-Dependencies' attribute declared by plugins
  • [SONAR-15783] - Suggest option to reach out to contact@sonarsource.com when renewing license
  • [SONAR-15788] - Support additional metric for Portfolio new code
  • [SONAR-15789] - Update the Portfolio Dashboard to show new metric
  • [SONAR-15790] - Update portfolio projects page to add new code rating
  • [SONAR-15791] - [DE+] Add sonarqube_license_days_before_expiration_total metric
  • [SONAR-15792] - [DE+] Add sonarqube_license_number_of_lines_remaining_total metric
  • [SONAR-15793] - [DE+] Add sonarqube_license_number_of_lines_total metric
  • [SONAR-15801] - Highlight inaccessible projects for App Admin
  • [SONAR-15811] - Portfolio’s administrators know which application branches are selected in the portfolio hierarchy
  • [SONAR-15814] - Export/Import portfolio application branches
  • [SONAR-15815] - Show a warning if adding an application to a portfolio that is already referenced in the hierarchy
  • [SONAR-15817] - Project Export should not require a license
  • [SONAR-15818] - Improve XML analysis: analyze only changed XML files in PR
  • [SONAR-15821] - Remove applications from portfolio administration
  • [SONAR-15827] - Update of Log4J related to CVE-2021-44228
  • [SONAR-15836] - Language files are not automatically published
  • [SONAR-15838] - Deprecate No Longer Used Portfolio and Application Metrics
  • [SONAR-15840] - Update of Log4J and Elasticsearch related to CVE-2021-45046
  • [SONAR-15853] - Update of Elasticsearch to 7.16.2, update of Log4J to 2.17
  • [SONAR-15859] - Improve Flex analysis: analyze only changed Flex files in PR
  • [SONAR-15861] - Allow UI extensions to provide a static CSS file
  • [SONAR-15865] - New Code/Overall Code ratings on Portfolio Project Search
  • [SONAR-15869] - Update Elasticsearch from 7.16.2 to 7.16.3
  • [SONAR-15871] - Improve SonarPLSQL analysis: analyze only changed PL-SQL files in PR
  • [SONAR-15872] - Improve T-SQL analysis: analyze only changed T-SQL files in PR
  • [SONAR-15873] - Improve ABAP analysis: analyze only changed ABAP files in PR
  • [SONAR-15877] - Flag portfolios that contain inaccessible projects
  • [SONAR-15878] - Show correct number of Failed projects
  • [SONAR-15879] - Indicate in portfolios that not all issues are accessible
  • [SONAR-15880] - api/components/tree should not provide the projects that are not accessible
  • [SONAR-15881] - api/measures/component_tree should not return inaccessible projects
  • [SONAR-15882] - Show message when project is inaccessible on the Measure's page
  • [SONAR-15884] - Highlight inaccessible projects in portfolio's definition (manual slection)
  • [SONAR-15885] - Restrict Web Services to not return info about inaccessible projects
  • [SONAR-15900] - Increase 3rd party login button width to display more text
  • [SONAR-15925] - Improve Python analysis: performance and precision improvements
  • [SONAR-15929] - Tooltip about removal of deprecated web services should reflect new policy
  • [SONAR-15932] - Improve C# analysis - Bug Fixes, FPs & FNs
  • [SONAR-15933] - Improve VB analysis - Bug Fixes, FPs & FNs
  • [SONAR-15939] - Improve Kotlin analysis: performance improvements
  • [SONAR-15944] - Improve VB6 analysis: analyze only changed T-SQL files in PR
  • [SONAR-15946] - Improve RPG analysis: analyze only changed RPG files in PR
  • [SONAR-15949] - Improve PHP analysis: bug fix on "enum"
  • [SONAR-15950] - Improve Injection Vulnerability analysis: Support Android APIs+ New rules for Android + FPs in WordPress
  • [SONAR-15951] - Reintroduce portfolio breakdown
  • [SONAR-15953] - Node.js 12 is deprecated to scan JS, TS or CSS projects
  • [SONAR-15954] - Improve CFamily analysis
  • [SONAR-15958] - Improve HTML analysis: support `.twig` file extension
  • [SONAR-15963] - Improve Config analysis: YAML and JSON languages shouldn't publish all files automatically

Documentation

  • [SONAR-15767] - Document metrics from /api/monitoring/metrics endpoint
  • [SONAR-15786] - Encourage users to use Azure DevOps extension version 5
  • [SONAR-15829] - Update instructions on uninstalling plugins
  • [SONAR-15846] - Add upgrade notes regarding Portfolio New Code
  • [SONAR-15855] - Update documentation portfolio for new layout (new code)
  • [SONAR-15883] - Explain Portfolio's Permissions
  • [SONAR-15908] - Graduate DCE on Kubernetes documentation from beta status
  • [SONAR-15928] - Document new deprecation policy
  • [SONAR-15956] - Docker Compose example not in sync with docker-sonarqube example
  • [SONAR-15959] - loosen documentation about helm chart compatibility

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.