SonarSource is proud to announce the release of SonarQube 9.3, which includes detection of security issues in Terraform Azure Cloud files, taint security analysis for Android and much more. Details in the official announcement.
In addition, there are a few other items to note in the release:
Along with the redesign of the Portfolios overview, we’ve removed from Portfolios and Applications information on projects you don’t have access to. (SONAR-15821).
New Code detection in your branches that compare to a reference branch now better takes into account rebase and merge. (SONAR-15697, SONAR-14929).
We’ve sped up the analysis of Pull Requests by analyzing only changed files for XML, Flex, VB6, PL-SQL, T-SQL, RPG, ABAP. We intend this as a first step. Watch this space.
Elasticsearch is updated to avoid false-positive from vulnerability scanning tools in regards to CVE-2021-44832.
The documentation should be updated soon. Normally, we would send you the upgrade notes for more details but there’s not much this time. You can get the full details in the release notes. Please open new threads for any questions you have about these or other features.
Please make sure to include in the release notes a mention about update MSSQL JDBC driver to latest version if using Integrated Authentication. Found that buried in the sonar.properties file.
I think you are referring to an explanation which was added with SonarQube 8.7. There’s a note for that in the previous Upgrade Notes: Release Upgrade Notes | SonarQube Docs
but it has only [SONAR-15679] - Upgrade jdbc drivers so you need to have a look into
the ticket itself [SONAR-15679] Upgrade jdbc drivers - SonarSource to see that MSSQL is also affected.
But that said, the ticket doesn’t mention the concrete version = sqljdbc_9.4.1.0, has been 9.2.0 before.
the problem is, that the release notes doesn’t mention the concrete version of the mssql jdbc driver.
Also the release of Sonarqube version and the docs SonarQube 10.3 should be synchronous.
And the docs for 9.3 have an error related to the mssql driver (you need to expand the Microsoft SQL Server section), https://docs.sonarqube.org/latest/setup/install-server/ has
Thanks for the response. I fell into the trap since I already had SQ 9.2 installed with mssql-jdbc 9.2. I did a quick file compare between the working 9.2 property file with the new 9.3 and didn’t see any major changes. After upgrading SQ to 9.3, the web server wouldn’t start and found sql related errors in the web.log. That’s when I went back to the properties file and found the jdbc comment about mssql-jdbc 9.4 requirement for integrated authentication.
Hello,
ok, yes.
so my question is will sonar-maven plugin 3.9.1.2184, work with 9.3 ?
We will install 9.3 in the lab asap, and start testing, so good to know.