SonarQube Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Unreleased]
[v9.9.7-1] - 2024-11-04
Changed
- [#114] upgrade SonarQube to 9.9.7
- [#114] upgrade dogu-build-lib to 2.5.0
- [#114] temporarily ignore CVE-2024-1597 until 10LTA
[v9.9.5-5] - 2024-09-25
Changed
- Switch to new CAS service account structure in dogu.json
[v9.9.5-4] - 2024-09-18
Changed
- Relicense to AGPL-3.0-only
[v9.9.5-3] - 2024-08-07
Changed
- Update base image to OpenJDK 17.0.12-1
- Update Alpine to 3.20.2-1
Security
- [#108] close CVE-2024-41110
[v9.9.5-2] - 2024-07-01
Changed
- Update base image to java:17.0.11-3 to use doguctl v0.12.0 (#106)
[v9.9.5-1] - 2024-06-06
Changed
- [#104] upgrade SonarQube to LTS 9.9.5
[v9.9.4-1] - 2024-02-19
Changed
- [#100] upgrade SonarQube to LTS 9.9.4
Security
- Fix CVE-2022-45047 / CVE-2022-45047
[v9.9.3-1] - 2024-02-01
Changed
- [#98] upgrade SonarQube to LTS 9.9.3
- upgrade base image to Java 17.0.9-1
[v9.9.1-7] - 2023-10-23
Fixed
- [#96] Fixed CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-39417 CVE-2023-44487
Changed
- [#96] Update base image to reduce vulnerable packages
[v9.9.1-6] - 2023-06-27
Added
- [#92] Configuration options for resource requirements
- [#92] Defaults for CPU and memory requests
[v9.9.1-5] - 2023-06-12
Fixed
-
Fixed elasticsearch bootstrap error where
vm.max_map_count
is too low (#90)- Set
node.store.allow_mmap
tofalse
and restrict the usage ofmmap
in k8s environments to avoid elasticsearch bootstrap error. This option is used to avoid usage of privileged containers.
- Set
[v9.9.1-4] - 2023-06-05
Fixed
- Temporary user creation during dogu start (#88)
- Permissions of the temporary admin user used to import quality profiles (#88)
- Add admin group to default permission template if it exists (#88)
Changed
- Blocked updates from versions prior to 8.x
Added
- German translations for permission docs
[v9.9.1-3] - 2023-05-15
Changed
- Update CAS plugin to version v5.0.2 (#86)
[v9.9.1-2] - 2023-05-11
Fixed
- Update installed plugins when upgrading to sonar 9.9.1
Changed
- Update Cypress and Integration-Tests-Library to fix integration tests
[v9.9.1-1] - 2023-05-04
Changed
- Upgrade sonar to version 9.9.1.69595 (#80)
- Update sonar-cas-plugin to version 5.0.0 (#80)
[v8.9.8-3] - 2023-04-21
Fixed
- Update installed packages and base image to reduce vulnerable packages (#81)
[v8.9.8-2] - 2022-08-22
Changed
- Update sonar-cas-plugin to version 4.2.1 (#78)
- Add missing makefile content from v6.0.3
[v8.9.8-1] - 2022-07-12
Changed
- Upgrade sonar to version 8.9.8-54436 (#76)
- Update Makefiles to 6.0.3
[v8.9.6-2] - 2022-04-04
Changed
- Upgrade java base image to 11.0.14-3
[v8.9.6-1] - 2021-12-22
Changed
- Upgrade sonar to 8.9.6 to fix jndi vulnerability of version 2.16.0 (#74)
[v8.9.5-1] - 2021-12-20
Changed
- Upgrade sonar to 8.9.5 to fix jndi vulnerability
[v8.9.2-2] - 2021-12-13
Fixed
- disable jndi lookup due to a vulnerability (69, https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721)
[v8.9.2-1] - 2021-11-24
- Re-release of 8.9.0-5 to use correct version
[v8.9.0-5] - 2021-11-23
Added
- Make log level configurable
Changed
- Upgrade to SonarQube 8.9.2; #67
- Upgrade to java base image 11.0.11-2
- Switch to dogu.json format v2
- Switch to Cypress/Cucumber integration tests
- Upgrade to sonar-cas-plugin v4.2.0
[v8.9.0-6] - 2021-12-15
Fixed
- disable jndi lookup due to a vulnerability (69, https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721)
[v8.9.0-4] - 2021-07-28
Added
- Add CAS proxy ticketing (#65)
Changed
- Switch from CAS specification 2.0 to 3.0 (#65)
[v8.9.0-3] - 2021-07-19
Fixed
- Fix CAS authentication error with previously logged-in users during migration (#63)
[v8.9.0-2] - 2021-06-16
Removed
- Removed global proxy mechanism (#61)
[v8.9.0-1] - 2021-06-03
Added
- agent settings for the new version of the community-branch-plugin (1.8.0+)
Changed
- update to new LTS version 8.9 (#59)
- update CAS plugin to version 4.0.0
- any installed versions of the community-branch-plugin will be removed when upgrading to SonarQube 8.9
-
SonarQube inlines a lot of functionality that was previously supplied as plugin. Please refer to the SonarQube documentation for detailed information. The following plugins will be moved to
extensions/deprecated-plugins
if the upgrade script detects them (#59):- C# Code Quality and Security
- CFamily Code Quality and Security
- COBOL Code Quality
- Git
- GitHub Authentication for SonarQube
- JaCoCo
- Java Code Quality and Security
- PHP Code Quality and Security
- Python Code Quality and Security
- RPG Code Quality
- SAML 2.0 Authentication for SonarQube Bundled
- SonarABAP
- SonarApex
- SonarCSS
- SonarFlex
- SonarGo
- SonarHTML
- SonarJS
- SonarKotlin
- SonarPLI
- SonarPLSQL
- SonarRuby
- SonarScala
- SonarSwift
- SonarTS
- SonarTSQL
- SonarVB6
- SonarXML
- Svn
- VB.NET Code Quality and Security
[v7.9.4-4] - 2021-02-18
Changed
- Members of the CES administrator group receive project admin permissions for new projects (#3)
- CESADMIN group can be enabled to administer all projects using the key `amendprojectswithcesadminpermissions
(see
dogu.json` for details) (#3)
[v7.9.4-3] - 2021-02-01
Fixed
- pass truststore as jvm options to compute engine (#56)
Changed
- Update dogu-build-lib to
v1.1.1
- Update zalenium-build-lib to
v2.1.0
- toggle video recording with build parameter (#53)
[v7.9.4-2] - 2020-12-14
Added
- Added the ability to configure the memory limits with
cesapp edit-config
- Ability to configure the
MaxRamPercentage
andMinRamPercentage
for the sonar main/web/search/compute processes inside the container viacesapp edit-conf
(#51)
[v7.9.4-1] - 2020-11-13
Changed
- Upgrade to SonarQube 7.9.4 LTS; #49
- Upgrade java base image to 11.0.5-4
[v7.9.3-3] - 2020-09-07
Changed
-
Changed order of plugin installation and quality profile import (#46)
- Quality profiles may depend on plugins. This change guarantees a restart of SonarQube if quality profiles are about to be imported
- There will be no additional restart if no quality profiles are supposed to be imported
[v7.9.3-2] - 2020-08-14
Changed
- Removed sonarqubedoguadmin
- An admin with a random name is generated at every startup for configuration and removed after startup
[v7.9.3-1] - 2020-06-18
Fixed
- Fixed bug where a new dogu admin user was created on each restart
Added
- Add automated release process
- The pre-Upgrade script now will delete es6 cache when upgrading from 7.9.1-4 or lower
Changed
- Update SonarQube from 7.9.1 to 7.9.3
[7.9.1-4] - 2020-01-29
Added
- Compatibility to community branch plugin
[7.9.1-3] - 2020-01-24
Changed
- Configure update center url before starting sonar
- Restart sonar after installing default plugins
[7.9.1-2] - 2020-01-16
Added
- config key
sonar.plugins.default
which may contain a comma separated list with plugin names that are installed on startup
[7.9.1-1] - 2020-01-02
SonarQube 7.9.1 LTS
Make sure to upgrade ces-commons package to at least v0.2.0 before upgrading to this version.
Changed
- Upgrade to Java 11
- Upgrade to SonarQube 7.9.1
- Upgrade sonar-cas-plugin