Hi all,

With a bit of delay, SonarSource is pleased to inform you of the release of SonarQube 8.9.9, which fixes several bugs and security risks on the LTS.

Release notes are here. Please open new threads for any questions you have.

As usual, download is available at sonarqube.org. Docker images are also available on Docker Hub.

 
Chris

Hi Chris,

i still struggle to access the release notes. The “Release Notes” link on the public LTS download page for 8.9.9 is not working, seems as if the release notes are somewhere in a closed area of Jira. I applied for a Jira account but got rejected.

Then there’s this thread: Security Fixes in SQ 8.9.9 and 9.5 which mentions three security related tickets, but again no details.

Any updates?

Hi Jochen,

We faced some troubles with the ReleaseNotes when migrating our Jira projects to the cloud.
But the problem should now be mitigated.

You may have a problem with the cache of your web browser if you tried to access these links during the last few days.

Chris

Hi,

Is there any release date approximation for the next LTS (version 9.y.x)? Is it again 18 months after this release? Because I saw that there are lots of LTS 8.9.x versions released so I want to make sure the next release.

For information, we currently have a plugin that doesn’t work with 9.x.y versions and we would like to know the next version release date. It is crucial to us to know because we need to make plans to update the plugin beforehand.

Best,

We are estimating Q4 2022 / Q1 2023 for a v9.x LTS release.

We spotted the following CVEs of “HIGH” severity after scanning the official sonarqube:8.9.9-enterprise Docker image using Trivy:
https://nvd.nist.gov/vuln/detail/CVE-2022-30065
https://nvd.nist.gov/vuln/detail/CVE-2022-2097
https://nvd.nist.gov/vuln/detail/CVE-2022-29458

Is it safe to use this image for production?