Release Notes - SonarQube - Version 9.5 - HTML format

Bug

  • [SONAR-11401] - Performance hotspot when changing state of issue
  • [SONAR-13822] - Inconsistent behaviour between web and ce processes, when plugin dependency missing
  • [SONAR-16056] - Portfolio refresh error
  • [SONAR-16080] - Git submodules not considered when loading exclusions
  • [SONAR-16157] - Duplicate primary location in issue
  • [SONAR-16177] - Security fix (SSF-206)
  • [SONAR-16214] - issues' bulk change form is not accessible
  • [SONAR-16238] - Quality profile permission delegation search is broken in some cases
  • [SONAR-16240] - Quality gate permission delegation search is broken in some cases
  • [SONAR-16246] - Show correct Project Count in Telemetry and System Info endpoint
  • [SONAR-16248] - Cannot choose a specific Quality Profile for a project using the mouse
  • [SONAR-16250] - Global Health Status should be yellow if there are less than 3 search nodes
  • [SONAR-16251] - Choosing New Code filter on Issues Page fills the logs with error messages
  • [SONAR-16252] - Protobuf serialization in scanner on Solaris cause JVM to crash
  • [SONAR-16285] - Security fix (SSF-253)
  • [SONAR-16288] - Incorrect warning in Portfolio Definition page even though user has global permissions
  • [SONAR-16292] - “PendingCount” ComputeEngineTasks MBean shows 0 pending tasks on DCE
  • [SONAR-16343] - Notification label doesn't adapt to project level
  • [SONAR-16388] - Issue count is not updated when changing the status of a new code issue for reference branch
  • [SONAR-16414] - Fix Keyboard navigation in Coding rules
  • [SONAR-16424] - Sub-portfolio using a specific branch can't be found
  • [SONAR-16429] - Security fix (SSF-259)
  • [SONAR-16431] - Fail to recompute project if it is a part of a large portfolio
  • [SONAR-16447] - Fix AuditLogs download error due to JSONException
  • [SONAR-16464] - ES health check exception handling is broken with internationalization
  • [SONAR-16466] - Maintainability rating always set to 'A' when issues are modified
  • [SONAR-16563] - SonarSwift documentation page is broken

New Feature

  • [SONAR-16227] - Generate identifiable tokens
  • [SONAR-16260] - Run project analysis with Global Analysis Tokens and Project Analysis Tokens
  • [SONAR-16310] - Improve COBOL analysis: support for AcuCOBOL, dropped deprecated APIs
  • [SONAR-16316] - Enable downloading of regulatory report for projects
  • [SONAR-16395] - Activate Analyzers Cache by default
  • [SONAR-16401] - Improve Swift analysis: support Swift 5.6
  • [SONAR-16417] - Improve Java analysis: 6 rules to reduce the complexity regexp, new rule to detect secrets by default (S6418)
  • [SONAR-16450] - Improve CFamily analysis: default incremental analysis - analyse only files impacted by the change set
  • [SONAR-16454] - Improve Taint Security analysis: new description format for XSS rule
  • [SONAR-16459] - Improve JS/TS/CSS analysis: 2 new rules for detecting unsafe command execution and forgotten .only in tests
  • [SONAR-16468] - Java Dataflow Bug Detection Analyzer: 5 new rules that detect critical bugs possibly leading to crashes in your Java application

Task

  • [SONAR-16042] - Move issues box rendering outside of line component
  • [SONAR-16089] - Update SelectLegacy component with Select component inside sonar-web/apps/projects, /projectsManagement
  • [SONAR-16093] - Delete SelectLegacy file and remove it from expose libraries and mocks
  • [SONAR-16133] - Fix 'spacer' class conflict
  • [SONAR-16138] - Improve message in portfolio migration when root/parent cannot be found
  • [SONAR-16191] - Update select legacy related integration test and remove css related to selectlegacy
  • [SONAR-16205] - Improve code sharing with the developer extension
  • [SONAR-16206] - Improve code sharing with the security report extension
  • [SONAR-16207] - Improve code sharing with the governance extension
  • [SONAR-16221] - Update "CreatableLegacy"
  • [SONAR-16225] - Update SelectLegacy component with Select component inside /quality-gates
  • [SONAR-16232] - Extract plugin api from SonarQube to external repository
  • [SONAR-16242] - RTL migration for "account" app
  • [SONAR-16243] - RTL migration for "audit-logs" app
  • [SONAR-16244] - RTL migration for "background-tasks" app
  • [SONAR-16247] - RTL migration for "quality-gate" app
  • [SONAR-16256] - Move issue box rendering outside of line component
  • [SONAR-16295] - Replace React legacy lifecycle methods in Coding Rules
  • [SONAR-16296] - Replace React legacy lifecycle methods in Users App
  • [SONAR-16297] - Replace React legacy lifecycle methods in the global Search
  • [SONAR-16298] - Replace React legacy lifecycle methods in SourceViewer
  • [SONAR-16299] - Replace React legacy lifecycle methods in GraphsHistory
  • [SONAR-16300] - Replace React legacy lifecycle methods in MultiSelect
  • [SONAR-16301] - Replace React legacy lifecycle methods in settings
  • [SONAR-16315] - Replace React legacy lifecycle methods in security hotspots
  • [SONAR-16337] - Replace keymaster by event handling in components
  • [SONAR-16338] - Replace keymaster by event handling in component-measures
  • [SONAR-16339] - Replace keymaster by event handling in issues and security hotspot
  • [SONAR-16340] - Replace keymaster by event handling in coding rules and search
  • [SONAR-16341] - Remove Keymaster
  • [SONAR-16346] - Replace React legacy lifecycle methods in the issue app
  • [SONAR-16350] - Plugin API updated to 9.6.0.104
  • [SONAR-16365] - Rules page now consume the new rule description sections field
  • [SONAR-16368] - Plugin API updated to 9.6.1.114
  • [SONAR-16376] - Hotspot page - Consume rule description from the rule api
  • [SONAR-16413] - Copy of custom rules from a quality profile to another is broken
  • [SONAR-16419] - Merge Rule Metadata into Rule
  • [SONAR-16426] - Drop SonarCloud-specific code from the UI
  • [SONAR-16427] - Drop Short Living Environments
  • [SONAR-16449] - Cleanup all references to SonarCloud in SonarQube codebase

Improvement

  • [SONAR-11995] - Make Footer stick to the bottom of the screen
  • [SONAR-12090] - Add "Create new portfolio" button when portfolio page is empty
  • [SONAR-12185] - Make state messages for portfolios more explicit
  • [SONAR-12498] - Hovering the settings key breaks the display in some cases
  • [SONAR-12782] - Label for using an existing token should be more specific
  • [SONAR-12913] - Animate code snippet expansion
  • [SONAR-13855] - Improve layout of branch name when there's an analysis warning
  • [SONAR-14503] - Drop 'plugin' word when loading them in logs
  • [SONAR-14648] - Handle errors properly when opening hotspots in IDE
  • [SONAR-14654] - Project data reloaded banner can’t be closed
  • [SONAR-15059] - Align the Azure DevOps tutorial field order with what users see on Azure DevOps
  • [SONAR-15064] - Improve AzureDevOps connection logs
  • [SONAR-15132] - Add a Quality Profile changelog on rule deletion
  • [SONAR-15257] - Add aria attributes to code page
  • [SONAR-15321] - Large number of entries in 'issue_changes'
  • [SONAR-15359] - Better differentiate user from system operations in Audit Logs
  • [SONAR-15573] - HTTP 400 when applying bulk permission to more exceed limit without error message
  • [SONAR-15615] - Improve License Page UX
  • [SONAR-16028] - Navigate to Project "Overall Code" from Portfolio Breakdown
  • [SONAR-16079] - Replace parameter 'sinceLeakPeriod' with 'inNewCodePeriod' for 'api/hotspots/search'
  • [SONAR-16118] - Improve Pull/Merge Request sorting in the project dropdown menu
  • [SONAR-16222] - The BIDI rule is no longer in BETA
  • [SONAR-16229] - Improve analysis error messages after we moved to spring
  • [SONAR-16230] - Support PCI DSS in plugin api
  • [SONAR-16239] - Log analysis cache download
  • [SONAR-16245] - The “Others” category on Security Hotspots page should be always the last one
  • [SONAR-16254] - Explicit the context of the Last Analysis warning
  • [SONAR-16257] - Validate Workspace ID when configuring a Bitbucket Cloud configuration
  • [SONAR-16261] - Add an internal API endpoint that allows to search for scannable projects
  • [SONAR-16263] - Add the possibility to generate analysis tokens
  • [SONAR-16264] - Add the possibility to manage analysis tokens
  • [SONAR-16289] - Reduce heartbeat period for SonarLint connexion from 60s to 20s
  • [SONAR-16290] - Use native git to collect blame information
  • [SONAR-16302] - Support definition and storage of well-structured rule description
  • [SONAR-16303] - Display well-structured rule description on issues page
  • [SONAR-16311] - Improve Python analysis: fix FPs
  • [SONAR-16313] - Make the tag description more specific in issues page
  • [SONAR-16359] - Create migration to force rules reloading to fill new DB structure
  • [SONAR-16361] - Handle multiple rule description sections for indexing to be able to search in their content
  • [SONAR-16364] - Update Rule API to support multiple description sections
  • [SONAR-16369] - Deprecate api/batch/issues internal endpoint
  • [SONAR-16370] - Implement new internal endpoint api/issues/pull
  • [SONAR-16372] - Forward IssuesChanged events to connected SonarLint Clients
  • [SONAR-16383] - Revamped secondary issues look'n'feel on the issue page
  • [SONAR-16385] - Always show rule information in issue page
  • [SONAR-16397] - Handle multiple rule description sections when loading rules in DB and adapt Hotspot API
  • [SONAR-16398] - Make tags editable on resolved issues
  • [SONAR-16403] - Add LIBFFI_TMPDIR to ES command on Windows
  • [SONAR-16405] - Manual on-boarding CFamily tutorials now link to "otherci" repository examples
  • [SONAR-16407] - Update GitLab logo
  • [SONAR-16412] - Add link to markdown syntax to documentation of rules API endpoint
  • [SONAR-16423] - Project license usage is available as a standard API
  • [SONAR-16435] - Clarify date - time on Project Overview
  • [SONAR-16448] - Do not display pointer cursor on active issue
  • [SONAR-16451] - Improve SonarC# analysis - Minor improvements and fixes
  • [SONAR-16452] - Improve SonarVB analysis - Minor improvements and fixes
  • [SONAR-16453] - Access api/qualitygates/project_status with Execute Analysis permission
  • [SONAR-16456] - Remove expand button for issue attached to directory
  • [SONAR-16458] - Improve License Manager UI layout for Lines of Code
  • [SONAR-16462] - Improve Taint Security analysis: bug fix to prepare incremental analysis for Java for SonarQube 9.6
  • [SONAR-16463] - Improve rule description hierarchy
  • [SONAR-16472] - Set 'security_hotspots_reviewed_status' and 'security_hotspots_to_review_status' to all components
  • [SONAR-16484] - Fix error in SonarScanner for Jenkins article

Documentation

  • [SONAR-16231] - Remove mention of SONAR_DOTNET_ENABLE_CONCURRENT_EXECUTION from .NET docs
  • [SONAR-16259] - Document the usage of Project Analysis Token and Global Analysis Token
  • [SONAR-16283] - Add redirect for new docs page Scanner Environment
  • [SONAR-16354] - Improve C-Family coverage with new example repos
  • [SONAR-16377] - Remove JS/TS section from Test Execution Analysis Parameters
  • [SONAR-16430] - Update SonarScanner for Gradle docs to avoid ambiguity

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.