Release Notes - SonarQube - Version 9.4 - HTML format

Bug

  • [SONAR-12592] - External rules are not removed when no more provided by analyzer
  • [SONAR-13125] - Missing information about db migration in sonar.log in console mode when starting SonarQube with jar file
  • [SONAR-13588] - Tags defined on external rules are not propagated to external issues
  • [SONAR-14011] - Docker not detected in System Information when using AWS ECS
  • [SONAR-15974] - Escape special characters on Azure DevOps Platform Project onboarding
  • [SONAR-15987] - Restart should not fail if temp files can't be deleted
  • [SONAR-16001] - Embedded documentation shows placeholder content for superior edition languages
  • [SONAR-16006] - "Keep when inactive" button doesn't preserve changed state in UI
  • [SONAR-16031] - Security fix (SSF-230)
  • [SONAR-16039] - Issues not found on reference branch strategy after migrating from 9.2 to 9.3
  • [SONAR-16050] - Scanner fails with NPE if user doesn't have permission to analyze project
  • [SONAR-16057] - Filesystem tests fail with NPE
  • [SONAR-16100] - Analysis computation errror when a reference branch is used and a file is not under scm control
  • [SONAR-16131] - CWE titles and descriptions are missing in the security report
  • [SONAR-16151] - Some file names are wrongly displayed in the issue's page
  • [SONAR-16158] - Duplicated blocks assigned to the wrong lines of code
  • [SONAR-16159] - Security fix (SSF-235)
  • [SONAR-16165] - Multiselection of authors is broken in the issue page
  • [SONAR-16167] - Security fix (SSF-239)
  • [SONAR-16174] - SonarLint icon in PR decoration missing for some DevOps platforms
  • [SONAR-16178] - Security fix (SSF-241)
  • [SONAR-16179] - Security fix (SSF-240)
  • [SONAR-16181] - Security fix (SSF-227)
  • [SONAR-16189] - Security fix (SSF-217)

New Feature

  • [SONAR-15918] - Create a new web API endpoint to stream events to SonarLint
  • [SONAR-16007] - Display hotspots' secondary locations
  • [SONAR-16013] - Add api endpoint that expose the list of projects with their license usage
  • [SONAR-16032] - Update Executive Report PDF to reflect Clean As You Code practice
  • [SONAR-16101] - Track Security Hotspots which represent real risks to fix later
  • [SONAR-16123] - Display OWASP Top 10 2021 in Security Report
  • [SONAR-16192] - Improve Terraform analysis: support GCP and detect Traceability problems on Azur
  • [SONAR-16208] - Improve Python analysis: 8 rules to help developers reduce the complexity of their regular expressions
  • [SONAR-16209] - Improve JS/TS analysis: support TypeScript 4.6 ; quick fixes support for 30 rules when SonarLint is used in Connected Mode with SQ
  • [SONAR-16213] - Improve Java analysis: enable Java 18 code parsing

Task

  • [SONAR-7496] - Drop unused db columns ISSUES.REPORTER, ACTION_PLAN_KEY and ISSUE_ATTRIBUTES
  • [SONAR-12807] - Put all ALM icons in a single location
  • [SONAR-13672] - Fix Bibucket typo to Bitbucket
  • [SONAR-15845] - Upgrade H2 database dependency
  • [SONAR-15870] - Xoo SCM should support relative dates
  • [SONAR-15909] - Introduce an appState context
  • [SONAR-15910] - Extract "languages" from redux
  • [SONAR-15911] - Extract "Metrics" from redux
  • [SONAR-15912] - Extract "Settings" from redux - part 1: SettingsApp
  • [SONAR-15913] - Extract "users" from redux
  • [SONAR-15914] - Clean up redux
  • [SONAR-15926] - Performance testing of new Server Push API
  • [SONAR-15938] - Improve code sharing with the license extension
  • [SONAR-15962] - Drop the "Suggest dependency upgrades" useless Github Action
  • [SONAR-15966] - Use Spring instead of Pico as dependency injection framework in the scanner-engine
  • [SONAR-15977] - Fix microsoft jdbc docstring in sonar.properties
  • [SONAR-15991] - Update frontend dependencies
  • [SONAR-15992] - Extract "Settings" from redux - part 2: global setting values
  • [SONAR-15994] - Migrate Sonarqube IOC framework from Pico to Spring
  • [SONAR-16005] - Remove appState from the Redux store
  • [SONAR-16047] - Don't start MyBatis in every test
  • [SONAR-16055] - Upgrade github-action_release to v4
  • [SONAR-16073] - Add integration test for Projects License Usage export
  • [SONAR-16081] - Update SelectLegacy component with Select component inside core-extension-governance
  • [SONAR-16082] - Update SelectLegacy component with Select component inside core-extension-developer-server
  • [SONAR-16083] - Update SelectLegacy component with Select component inside core-extension-securityreport
  • [SONAR-16084] - Update SelectLegacy component with Select component inside sonar-web/apps/background-tasks
  • [SONAR-16085] - Update SelectLegacy component with Select component inside sonar-web/apps/coding-rules
  • [SONAR-16086] - Update SelectLegacy component with Select component inside sonar-web/apps/component-measures and /issues
  • [SONAR-16087] - Update SelectLegacy component with Select component inside sonar-web/apps/permissions, /projectBaseline and /projectActivity
  • [SONAR-16088] - Update SelectLegacy component with Select component inside sonar-web/apps/projectQualityGate and /projectQualityProfiles
  • [SONAR-16090] - Update SelectLegacy component with Select component inside sonar-web/apps/quality-profiles
  • [SONAR-16091] - Update SelectLegacy component with Select component inside sonar-web/apps/security-hotspots, /settings and /users
  • [SONAR-16092] - Update SelectLegacy component with Select component inside sonar-web/app/ and sonar-web/components/
  • [SONAR-16113] - Expose Select component to extensions using exposeLibraries
  • [SONAR-16139] - Drop api/users/set_setting and related db table
  • [SONAR-16156] - Write IT to validate new OWASP Top 10 2021 edition
  • [SONAR-16182] - Migrate remaining modules from java 8 to java 11
  • [SONAR-16199] - Correct styling for input in multiselect and other places

Improvement

  • [SONAR-10179] - Add clear start/stop logs in the different log files
  • [SONAR-10930] - Add pagination in WS api/ce/activity
  • [SONAR-11672] - Address display of issues reported above file level
  • [SONAR-11718] - Increase the number of returned tags in web service
  • [SONAR-11767] - Add Server base URL to 'Test Configuration' email
  • [SONAR-12499] - Displaying all SonarSource standards in Security Category facets
  • [SONAR-12693] - Fix wording in scanner success message log
  • [SONAR-12859] - Use new issue icons in pull request decoration
  • [SONAR-13704] - Activity of a project is not updated when quality gate is back to green after an update on an issue
  • [SONAR-14721] - Do not follow redirects when interacting with GitHub API
  • [SONAR-14722] - Do not follow redirects when interacting with Azure DevOps API
  • [SONAR-14723] - Do not follow redirects when interacting with Bitbucket Server API
  • [SONAR-14742] - Project import from GitHub, Bitbucket and Azure can clash with existing project key
  • [SONAR-15554] - Update the Permissions text for Quality Profiles
  • [SONAR-15695] - Better selection behavior for QG admin delegation
  • [SONAR-15857] - Measure page should support ascending and descending sorting for rating and quality gate
  • [SONAR-15919] - Add RuleSetChanged event to events streamed to SonarLint
  • [SONAR-15921] - Add SonarlintClient connected count to system info file, to telemetry and to prometheus monitoring
  • [SONAR-15972] - Improve responsiveness of the portfolio page
  • [SONAR-15975] - Change Portfolio overview wording to be more precise
  • [SONAR-15979] - Make Rating charts in Portfolio Overview Clickable
  • [SONAR-15985] - Validate user's permission and deactivated/active status before pushing an event
  • [SONAR-15989] - Fix typo in archived docs warning
  • [SONAR-15999] - Remove ability to see list of projects as bubble charts
  • [SONAR-16008] - Improve the hotspot page UX
  • [SONAR-16012] - Export project license usage from the license page
  • [SONAR-16015] - Reorganize the license page to better explain how license is being used
  • [SONAR-16026] - Retry lock on cached analyzers to run multiple scans on the same machine
  • [SONAR-16058] - Replace parameter 'sinceLeakPeriod' with 'inNewCodePeriod' for 'api/issues/search'
  • [SONAR-16059] - Add the "Permission" security category
  • [SONAR-16064] - Add a new API in SensorContext to indicate possibility to skip unchanged files
  • [SONAR-16066] - Improve executive PDF report
  • [SONAR-16069] - Scroll to primary location when clicking on the hotspot primary location
  • [SONAR-16071] - Hotspots UI improvements
  • [SONAR-16078] - Tag “Removed” displayed on issue is misleading
  • [SONAR-16095] - Improve the layout of the "Why is this an issue" button
  • [SONAR-16096] - Create webservices to get and clear scanner plugin cache
  • [SONAR-16097] - Add plugin cache to the Sensor API
  • [SONAR-16098] - Improve SonarC# analysis - minor bug fix
  • [SONAR-16099] - Improve SonarVB analysis - minor bug fix
  • [SONAR-16112] - Improve Java analysis: minor fix of FPs
  • [SONAR-16115] - Store plugin's scanner cache in SonarQube
  • [SONAR-16119] - Enable documentation page for the IaC analyzer
  • [SONAR-16124] - Add OWASP Top 10 2021 categories to standards.json
  • [SONAR-16126] - Add CWE Top 25 2021 data to Security Report PDF
  • [SONAR-16127] - Update the "Authentication" security category
  • [SONAR-16128] - Update Security Report PDF with OWASP Top 10 2021 data
  • [SONAR-16129] - Create new facet in Issues search 'OWASP Top 10 - 2021'
  • [SONAR-16130] - Create new facet in Rules search 'OWASP Top 10 - 2021'
  • [SONAR-16141] - Security hotspots status and confirmation modal related improvements
  • [SONAR-16147] - Allow users to assign acknowledged security hotspot
  • [SONAR-16152] - Do not follow redirects when interacting with Bitbucket Cloud API
  • [SONAR-16153] - Bitbucket Cloud integration should support custom connection timeout and read timeout
  • [SONAR-16155] - Allow Security Hotspots to be filtered by OWASP Top 10 2021
  • [SONAR-16160] - Improve CFamily analysis
  • [SONAR-16162] - Enable New Code based on "reference branch" with a scanner parameter
  • [SONAR-16163] - Process reference branch set by the scanner in the CE
  • [SONAR-16180] - API should validate email address for portfolio reports
  • [SONAR-16187] - Analysis cache gets cache from different branch when needed
  • [SONAR-16188] - Deprecate Common Rules and deactivate them for a set of languages
  • [SONAR-16190] - Improve Java analysis: faster raw analysis (avg: 30% up to 67%)
  • [SONAR-16196] - Improve PHP analysis: improve S1808 and S6328 regexp rules
  • [SONAR-16204] - Drop SHA1 legacy hash method
  • [SONAR-16224] - Improve Java Security analysis: better display messages of vulnerabilities involving dependencies

Documentation

  • [SONAR-13505] - Document how to use SQ Docker image with self-signed certificates
  • [SONAR-13574] - Add reference to required Java version in docs
  • [SONAR-14331] - Update note on Linux file ownership
  • [SONAR-15892] - Document the behavior of users/search
  • [SONAR-15976] - Mention Microsoft JDBC driver update in the Release notes of 9.3
  • [SONAR-16072] - Explain License Usage in relation to Lines Of Code
  • [SONAR-16125] - Update Security Reports page to mention support for OWASP Top 10 2021
  • [SONAR-16142] - Add Oracle database requirement for max_string_size
  • [SONAR-16154] - Fix incorrect explanation about VS xml coverage file format for CFamily
  • [SONAR-16164] - Document new scanner parameter 'sonar.newCode.referenceBranch'
  • [SONAR-16186] - Add Oracle SQL query for resetting admin password
  • [SONAR-16203] - Mention Java 17 support in documentation
  • [SONAR-16210] - Add instruction to verify which branches to keep before exporting project in Project Move

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.