SonarQube 8.5 released

Hi all,

SonarSource is proud to announce the release of SonarQube 8.5, which includes many new rules and security analysis improvements. More details in the official announcement.

In addition, there are a few other items to note in the release:

  • We’ve simplified the upgrade, specifically for Docker with languages, Git and SVN now built-in. (MMF-2042)
  • We will now provide Docker images approved by the US Department of Defense in the Platform One repository. (MMF-2131)

You’ll find more details in the upgrade notes and full details in the release notes. Please open new threads for any questions you have about these or other features.

As usual, download is available at sonarqube.org.

 
Chris

5 Likes

The link seems to be broken,

Thanks Mark. The link is now fixed.

I’ve read both the upgrade notes and the release notes. There is no mention (or I missed it) about the change in installing SonarQube as a service on Windows.

Previously you ran UninstallNTService and InstallNTService scripts to update the SonarQube version used for the SonarQube service. Now these scripts are gone. They were there in 8.4.

The new instructions on the web are better in some ways, using a %SONARQUBE_HOME% variable makes it easier since you don’t need to update the service every time a new version is released, just the system variable. But maybe add to those instructions how to add/update a environment variable, for those who don’t know.

SonarQube updated the postgres driver from 42.2.14 -> 42.2.16.
Due changes on the default gssEncMode, this version and therefore SonarQube 8.5 is incompatible on Azure’s PostreSQL offering…

a workaround is to add ?gssEncMode=disable to your connection string.

maybe you would like to notify your users about that - or upgrade the driver to version xxxx.17 in the upcoming version.

Cheers, Adrian

see here too:

2 Likes

Thanks for releasing this, it’s looking good and is able to scan our Java 14 code!

Hi Emil,

Thanks for the suggestion.
I clarified SONAR-13688 so that it explains that the scripts are now gone and are replaced by new instructions.

1 Like

tl;dr Users of Azure PostgreSQL who added gssEncMode=disable to their connection string can remove the workaround with SonarQube 8.8 or later.

The “Limits” documentation (link above) is a wee bit out of date… my testing shows that the connection problem also affects JDBC driver version 42.2.17 (used by SonarQube 8.6) and not just the 42.2.16 used by SonarQube 8.5.

However, SonarQube 8.8 and SonarQube 8.9 LTS uses JDBC driver version 42.2.19. This no longer has a problem with Azure PostgreSQL, meaning that gssEncMode=disable can be removed from the sonar.jdbc.url.

I did not test with SonarQube 8.7