SonarQube 9.4 released

Hi all,

SonarSource is proud to announce the release of SonarQube 9.4, which includes detection of security issues in Terraform Google Cloud Platform files, faster and better taint analysis in Java, and much more. Details in the official announcement.

In addition, there are a few other items to note in the release:

  • Java 17 is now officially supported to run the scanners.
  • We’ve removed the support for SHA1 hashed passwords. For accounts managed entirely in SonarQube, users who haven’t logged in since SonarQube 7.2 will have to ask their SonarQube administrator to reset their password. (SONAR-16204).
  • There is a new analysis parameter to support setting the New Code reference of a branch to another branch. (SONAR-16162).
  • For users already using a reference branch strategy, we fixed a bug introduced in 9.3 that prevented you from seeing some New Code issues on the Issues page. If you faced this problem, don’t forget to re-analyze after upgrade! (SONAR-16039).
  • For more clarity, we’ve removed the “Common” rules from the languages they don’t apply to, and deprecated them for all the other languages. They will be removed in 10.0. (SONAR-16188).

You’ll find more details in the upgrade notes and full details in the release notes. Please open new threads for any questions you have about these or other features.

As usual, download is available at Docker images should be available soon on Docker Hub.



The official announcement lists sufficient goodies that I will now be motivated to start the process to upgrade our server from current 8.9.x LTS. The support for OWASP Top 2021 will be great but there is lots more beside.

One teeny weeny thing… the announcement currently gives the release date as “April 4st, 2022” :wink:

1 Like

Thanks @msymons! I’ll get that on the list. :slight_smile:

And thrilled to hear that you’re tempted into upgrading. :smiley:


1 Like

A post was merged into an existing topic: Support for Dart?