SonarQube 8.4 released

SonarQube Releases
1

Hi all,

SonarSource is happy to announce the release of 8.4, which includes a ton of new security-related rules for multiple languages, hot DB backups, and performance improvements on both the server-side and during the analysis of some languages. More details about these and other juicy new features in the official announcement.

In addition, there are a few other things you probably want to be aware of:

  • You can now set a reference branch as the New Code baseline for a branch. (MMF-1994)
  • SonarScanner Docker image becomes officially supported. (MMF-2003)
  • We no longer include files in the global search index, so re-indexing speeds up significantly. (SONAR-13291)
  • We’ve improved accessibility by making code coverage information available to screen readers. (SONAR-12911)
  • As part of enabling hot DB backups, we’ve made a lot of changes in the database for this version. As a result:
    • There have been a number of deprecations and format changes for id parameters in web services.
    • There’s a breaking change in the plugin API related to rule ids. (SONAR-3420)
    • Migration to 8.4 will be significantly longer than usual.

You’ll find more details about 8.4 in the upgrade notes and full details in the release notes. Please open new threads for any questions you have about these or other features.

As usual, download is available at sonarqube.org.

Since the technical release we’ve discovered three bugs of note. A patch should be available in a few days:

  • SONAR-13590 can prevent startup after migration if two specific conditions are met.
  • SONAR-13594 upgrade to 8.4 fails on MS SQL Server under certain conditions
  • SONAR-13589 causes an irritating but harmless error on every page in a Community Edition.

 
Ann

4 Likes
2

Hi again all,

8.4.1 has been released and is available

In fact, it fixed a total of 4 bugs; the three listed above and another DB migration one related to orphan foreign keys (SONAR-13613).

Despite these fumbles, this is a version we’re proud of, and we hope you enjoy it and get a lot of value out of its improvements.

 
Ann

1 Like
3

Hi,

As a followup, there are a lot of structural changes in the DB for 8.4. Please make sure that for this version, at least, you do the DB maintenance mentioned in the Upgrade Guide.

Specifically,

Oracle Clean-up

Starting with version 6.6, there’s an additional step you may want to perform if you’re using Oracle. On Oracle, the database columns to be dropped are now marked as UNUSED and are not physically dropped anymore. To reclaim disk space, Oracle administrators must drop these unused columns manually. The SQL request is ALTER TABLE foo DROP UNUSED COLUMNS . The relevant tables are listed in the system table all_unused_col_tabs .

Additional Database Maintenance

Refreshing your database’s statistics and rebuilding your database’s indices are recommended once the technical upgrade is done (just before the very last step).

For PostgreSQL, that means executing VACUUM FULL . According to the PostgreSQL documentation:

In normal PostgreSQL operation, tuples that are deleted or obsoleted by an update are not physically removed from their table; they remain present until a VACUUM is done.`

Multiple people have complained of slow analysis performance post-upgrade that has been resolved by this step.

 
:smiley:
Ann

1 Like
4

Hello

For people using Docker and PostgreSQL (12 in our case), here is the command you can run to perform the maintenance, using built-in vacuumdb tool:

echo "PostgreSQL sonar database size *before* cleanup"
docker exec -i <container_db> psql -q -U <postgresql_user> -c '\l+ sonar'

echo "Perform maintenance operation on PostgreSQL database (can take some time...)"
docker exec -i <container_db> vacuumdb -U <postgresql_user> -d sonar -q -f -z

echo "PostgreSQL sonar database size *after* cleanup"
docker exec -i <container_db> psql -q -U <postgresql_user> -c '\l+ sonar'
1 Like
6

8.4.1 SonarQube Download is not existing in the historical download link. Does it got removed due to any know bug or vulnerabilities? Please advise

7

Hi @deepakanto,

Welcome to the community!

The 8.4.1 link was replaced with an 8.4.2 link.

Note that we’re currently in the process of releasing 8.5.

 
HTH,
Ann

1 Like