SonarSource is proud to announce the release of SonarQube 9.3, which includes detection of security issues in Terraform Azure Cloud files, taint security analysis for Android and much more. Details in the official announcement.
In addition, there are a few other items to note in the release:
- Along with the redesign of the Portfolios overview, we’ve removed from Portfolios and Applications information on projects you don’t have access to. (SONAR-15821).
- New Code detection in your branches that compare to a reference branch now better takes into account rebase and merge. (SONAR-15697, SONAR-14929).
- We’ve sped up the analysis of Pull Requests by analyzing only changed files for XML, Flex, VB6, PL-SQL, T-SQL, RPG, ABAP. We intend this as a first step. Watch this space.
- Elasticsearch is updated to avoid false-positive from vulnerability scanning tools in regards to CVE-2021-44832.
The documentation should be updated soon. Normally, we would send you the upgrade notes for more details but there’s not much this time. You can get the full details in the release notes. Please open new threads for any questions you have about these or other features.
As usual, download is available at sonarqube.org. Docker images are also available on Docker Hub.
Please make sure to include in the release notes a mention about update MSSQL JDBC driver to latest version if using Integrated Authentication. Found that buried in the sonar.properties file.
Thanks for everyone’s hard work on this! I appreciate the BIDI character recognition - that was a quick turnaround on Highlight Unicode BIDI characters as Security Hotspot
The date parser on the announcement page may need a small update though:
I think you are referring to an explanation which was added with SonarQube 8.7. There’s a note for that in the previous Upgrade Notes: Release Upgrade Notes | SonarQube Docs
Thanks for your kind words!
And good catch. I reported the glitch internally.
it’s part of the release notes, see
but it has only
[SONAR-15679] - Upgrade jdbc drivers so you need to have a look into
the ticket itself [SONAR-15679] Upgrade jdbc drivers - SonarSource to see that MSSQL is also affected.
But that said, the ticket doesn’t mention the concrete version = sqljdbc_184.108.40.206, has been 9.2.0 before.
So yes it’s a gotcha, as SonarQube Documentation | SonarQube Docs still points to Sonarqube 9.2
edit = right now the doc latest points to 9.3 finally, but there are errors in the doc.
Hi @Chris ,
the problem is, that the release notes doesn’t mention the concrete version of the mssql jdbc driver.
Also the release of Sonarqube version and the docs SonarQube Documentation | SonarQube Docs should be synchronous.
And the docs for 9.3 have an error related to the mssql driver (you need to expand the Microsoft SQL Server section),
To use integrated security:
- Download the Microsoft SQL JDBC Driver 9.2.0 package and copy
mssql-jdbc_auth-9.2.0.x64.dll to any folder in your path.
Download the Microsoft SQL JDBC Driver 9.4.1 package and copy
mssql-jdbc_auth-9.4.1.x64.dll to any folder in your path
this is wrong
this is right
Thanks for clarifying @Rebse .
We overlooked this part of the documentation. We’ll clarify the requirement.
Thanks for the response. I fell into the trap since I already had SQ 9.2 installed with mssql-jdbc 9.2. I did a quick file compare between the working 9.2 property file with the new 9.3 and didn’t see any major changes. After upgrading SQ to 9.3, the web server wouldn’t start and found sql related errors in the web.log. That’s when I went back to the properties file and found the jdbc comment about mssql-jdbc 9.4 requirement for integrated authentication.
Will 9.3 require a newer sonar-maven plugin, than 220.127.116.114 ?
As long as you haven’t pinned the Scanner version in your pom file, the latest & correct version should be used automatically.
so my question is will sonar-maven plugin 18.104.22.1684, work with 9.3 ?
We will install 9.3 in the lab asap, and start testing, so good to know.
Can i upgrade from 8.9.6 to 9.3 directly ?
Yes! You can always upgrade directly from the current LTS to the Latest version.