SonarSource is proud to announce the release of SonarQube 9.4, which includes detection of security issues in Terraform Google Cloud Platform files, faster and better taint analysis in Java, and much more. Details in the official announcement.
In addition, there are a few other items to note in the release:
- Java 17 is now officially supported to run the scanners.
- We’ve removed the support for SHA1 hashed passwords. For accounts managed entirely in SonarQube, users who haven’t logged in since SonarQube 7.2 will have to ask their SonarQube administrator to reset their password. (SONAR-16204).
- There is a new analysis parameter to support setting the New Code reference of a branch to another branch. (SONAR-16162).
- For users already using a reference branch strategy, we fixed a bug introduced in 9.3 that prevented you from seeing some New Code issues on the Issues page. If you faced this problem, don’t forget to re-analyze after upgrade! (SONAR-16039).
- For more clarity, we’ve removed the “Common” rules from the languages they don’t apply to, and deprecated them for all the other languages. They will be removed in 10.0. (SONAR-16188).
As usual, download is available at sonarqube.org. Docker images should be available soon on Docker Hub.