Measures stopped working after updating to 2025.3

Must-share information (formatted with Markdown):
2025.3

  • how is SonarQube deployed: zip

  • what are you trying to achieve
    I am trying to get it to work as intedend

  • what have you tried so far to achieve this
    Adding size to query limits.

Hi everyone, since we update to sonarqube server 2025.3, any measure page (duplication and coverage) display message saying an error has been encountered.

If I open the developer console in Chrome, I get a 400 bad request and in the list of queries a 404 on that link :
http://mysonarqubeserver/api/measures/component?additionalFields=period%2Cmetrics&component=Iterium&metricKeys=accepted_issues%2Cnew_technical_debt%2Cnew_software_quality_maintainability_remediation_effort%2Chigh_impact_accepted_issues%2Cblocker_violations%2Csoftware_quality_blocker_issues%2Cbugs%2Cclasses%2Ccode_smells%2Ccognitive_complexity%2Ccomment_lines%2Ccomment_lines_density%2Cbranch_coverage%2Cnew_branch_coverage%2Cconditions_to_cover%2Cnew_conditions_to_cover%2Cconfirmed_issues%2Ccontains_ai_code%2Csca_count_any_issue%2Cnew_sca_count_any_issue%2Ccoverage%2Cnew_coverage%2Ccritical_violations%2Ccomplexity%2Cduplicated_blocks%2Cnew_duplicated_blocks%2Cduplicated_files%2Cduplicated_lines%2Cduplicated_lines_density%2Cnew_duplicated_lines_density%2Cnew_duplicated_lines%2Ceffort_to_reach_software_quality_maintainability_rating_a%2Ceffort_to_reach_maintainability_rating_a%2Cfalse_positive_issues%2Cfiles%2Cfunctions%2Cgenerated_lines%2Cgenerated_ncloc%2Csoftware_quality_high_issues%2Cinfo_violations%2Csoftware_quality_info_issues%2Cviolations%2Cprioritized_rule_issues%2Cline_coverage%2Cnew_line_coverage%2Clines%2Cncloc%2Clines_to_cover%2Cnew_lines_to_cover%2Csoftware_quality_low_issues%2Csoftware_quality_maintainability_issues%2Csqale_rating%2Csoftware_quality_maintainability_rating%2Cnew_software_quality_maintainability_rating%2Cnew_maintainability_rating%2Cnew_software_quality_maintainability_rating_with_aica%2Cnew_maintainability_rating_with_aica%2Cnew_maintainability_rating_without_aica%2Cnew_software_quality_maintainability_rating_without_aica%2Csoftware_quality_maintainability_rating_with_aica%2Csoftware_quality_maintainability_rating_without_aica%2Cmajor_violations%2Csoftware_quality_medium_issues%2Cminor_violations%2Cncloc_with_aica%2Cncloc_without_aica%2Cnew_accepted_issues%2Cnew_blocker_violations%2Cnew_software_quality_blocker_issues%2Cnew_bugs%2Cnew_code_smells%2Cnew_critical_violations%2Cnew_software_quality_high_issues%2Cnew_info_violations%2Cnew_software_quality_info_issues%2Cnew_violations%2Cnew_lines%2Cnew_software_quality_low_issues%2Cnew_software_quality_maintainability_issues%2Cnew_major_violations%2Cnew_software_quality_medium_issues%2Cnew_minor_violations%2Cnew_software_quality_reliability_issues%2Cnew_security_hotspots%2Cnew_software_quality_security_issues%2Cnew_vulnerabilities%2Copen_issues%2Cprojects%2Calert_status%2Creleasability_rating%2Creleasability_rating_with_aica%2Creleasability_rating_without_aica%2Csoftware_quality_reliability_issues%2Csoftware_quality_reliability_rating%2Creliability_rating%2Cnew_software_quality_reliability_rating%2Cnew_reliability_rating%2Cnew_reliability_rating_with_aica%2Cnew_software_quality_reliability_rating_with_aica%2Cnew_software_quality_reliability_rating_without_aica%2Cnew_reliability_rating_without_aica%2Csoftware_quality_reliability_rating_with_aica%2Creliability_rating_with_aica%2Csoftware_quality_reliability_rating_without_aica%2Creliability_rating_without_aica%2Creliability_remediation_effort%2Csoftware_quality_reliability_remediation_effort%2Cnew_software_quality_reliability_remediation_effort%2Cnew_reliability_remediation_effort%2Creopened_issues%2Csecurity_hotspots%2Csecurity_hotspots_reviewed%2Cnew_security_hotspots_reviewed%2Csoftware_quality_security_issues%2Csecurity_rating%2Csoftware_quality_security_rating%2Cnew_software_quality_security_rating%2Cnew_security_rating%2Cnew_security_rating_with_aica%2Cnew_software_quality_security_rating_with_aica%2Cnew_security_rating_without_aica%2Cnew_software_quality_security_rating_without_aica%2Csecurity_rating_with_aica%2Csoftware_quality_security_rating_with_aica%2Csoftware_quality_security_rating_without_aica%2Csecurity_rating_without_aica%2Csoftware_quality_security_remediation_effort%2Csecurity_remediation_effort%2Cnew_security_remediation_effort%2Cnew_software_quality_security_remediation_effort%2Csecurity_review_rating%2Cnew_security_review_rating%2Cnew_security_review_rating_with_aica%2Cnew_security_review_rating_without_aica%2Csecurity_review_rating_with_aica%2Csecurity_review_rating_without_aica%2Csca_severity_any_issue%2Csca_severity_licensing%2Cnew_sca_severity_any_issue%2Cnew_sca_severity_licensing%2Cnew_sca_severity_vulnerability%2Csca_severity_vulnerability%2Cskipped_tests%2Csqale_rating_with_aica%2Csqale_rating_without_aica%2Cstatements%2Csqale_index%2Csoftware_quality_maintainability_remediation_effort%2Csoftware_quality_maintainability_debt_ratio%2Csqale_debt_ratio%2Cnew_sqale_debt_ratio%2Cnew_software_quality_maintainability_debt_ratio%2Cuncovered_conditions%2Cnew_uncovered_conditions%2Cuncovered_lines%2Cnew_uncovered_lines%2Ctest_execution_time%2Ctest_errors%2Ctest_failures%2Ctest_success_density%2Ctests%2Cvulnerabilities

The parameters do seem to be long.
Would you know why both pages stopped working ?

Thanks,
Regards

Hi,

At a guess:

  • You’re using an IIS proxy. IIS is notorious for having a (relatively small) length limit on the URLs it will handle. It’s quite likely that IIS is chopping off the end of this URL so that what arrives at SonarQube is indeed 400/invalid.
  • You’ve installed one or more 3rd-party plugins that add metrics, thus lengthening this list beyond what it would be OOTB.

I would start by talking to your IIS admins.

 
HTH,
Ann

2 Likes

Thank you for your answer.
I did have a length issue on IIS side.
I had set the request filtering maxquerystring and maxUrl in IIS but failed to add the http runtime.

After setting these values in the sonarqube iis website web.config, it works better :

<configuration>
  <system.web>
    <httpRuntime maxQueryStringLength="40960" maxUrlLength="81920" />
  </system.web>

  <system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxQueryString="40960" maxUrl="81920" />
      </requestFiltering>
    </security>
  </system.webServer>
</configuration>

I now need to tune the values so that they’re not as high and we’ll be all set.
Thanks again.

2 Likes