Updated SonarQube to 9.2.2 from 9.2.1 for the Log4J fix and now it's "under maintenance"?

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube 9.2.2 Developer Docker on AWS Fargate.
  • what are you trying to achieve
    Upgrade from 9.2.1 in order to get the Log4J fix (in 9.2.2).
  • Read the upgrade, surely SS hasn’t changed a DB on a patch version upgrade? Have they???

Last 3 lines of the log:

2021-12-15T23:33:40.057-07:00	2021.12.16 06:33:40 INFO web[][o.s.s.p.Platform] Database needs to be migrated. Please refer to https://docs.sonarqube.org/latest/setup/upgrading
2021-12-15T23:33:40.090-07:00	2021.12.16 06:33:40 INFO web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.WebServiceFilter@2c1ee760 [pattern=UrlPattern{inclusions=[/api/system/migrate_db.*, ...], exclusions=[/api/components/update_key, ...]}]
2021-12-15T23:33:40.275-07:00	2021.12.16 06:33:40 INFO web[][o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000

Since this is a new installation/product for us, should I just blow away and re-create the Postgresql DB?

Hi @davewolfusa ,

It looks like SonarQube is already telling you what to do, in both the log you posted and the screenshot. You just need to follow it. What happens when you go to http://yourSonarQubeServerURL/setup ?

This is part of most updates, regardless of how minor they may appear.


1 Like

The problem is that there is precious little information regarding the DB at that link. I was really just surprised, shocked that this would happen on a patch release (9.2.1 → 9.2.2).

No need to be shocked about something like this :slight_smile:

Database updates are well handled as part of releases now, and this step mostly just verifies that everything is OK. SonarQube can guess whether DB updates may be necessary with each update, but the better approach is to actually run the DB updater to verify, and to bring the DB version in line with the application version if needed. Rather than doing this in the background like many other applications, SonarQube makes this an explicit step so that you e.g. have a chance to confirm that you took a recent backup, just in case.

Look at this as SonarQube being concerned about your data, which is usually a good thing.

In the 9.2.1->9.2.2 update there are likely no DB updates necessary, so the http://yourSonarQubeServerURL/setup step should be done within a few seconds. Here’s the change log: Release Notes - SonarSource
All that’s needed is likely just an update of the Schema_Migrations table to record that this is now a 9.2.2 database.

Side note: You should do another update to 9.2.3, which has the final fix for the log4j vulnerability. Additional issues were discovered in log4j 2.15 after SonarQube had already released the update, so SQ 9.2.3 contains the fixed-fixed log4j version 2.16.