title: Release Upgrade Notes
Elasticsearch update and change in cluster configuration
For non-DCE editions, the Elasticsearch upgrade doesn’t change the configuration. SonarQube automatically binds to the loopback address an additional Elasticsearch port which can be configured optionally.
When running a cluster with Data Center Edition, the configuration of search nodes has changed. The old search properties will now fail. You need to configure two new sets of properties. See Configure and Operate a Cluster for more information.
We recommend only giving external access to the application nodes and to the main port. (SONAR-12686).
GitHub Enterprise compatibility
SonarQube 8.5 only supports GitHub Enterprise 2.15+ for pull request decoration (the previous minimum version was 2.14).
SonarScanner for MSBuild compatibility
Analyzing a C# / VB.NET solution in SonarQube 8.5 requires SonarScanner for MSBuild 4.0+.
Upgrade simplified: Languages, GIT and SVN support now built-in
Languages provided with your edition and support for GIT and SVN version control are now built-in and don’t require plugins. If you were using these plugins, you need to remove them from SonarQube before upgrading. (MMF-2042).
Updated system settings recommendations
In previous versions, the recommended limits regarding threads, file descriptors, and vm.max_map_count were taken from Elasticsearch dependencies. This release can reach these limits occasionally, so we recommend increasing the following settings of your OS when upgrading:
vm.max_map_
count is greater than or equal to 524288fs.file-max
is greater than or equal to 131072For more information, see the Requirements documentation.
Project, Application, and Portfolio availability when rebuilding Elasticsearch indexes
From now on if your upgrade requires the rebuild of Elasticsearch indexes, your projects and Applications will become available as they are reindexed. Portfolios won’t be available until all projects are reindexed. (MMF-2010).
Additionnal SAML checks
SAML authentication adds additional checks for validating SAML responses from the identity provider. This could reveal a non-standard configuration that needs to be updated. Information will appear in the logs upon a failed login attempt in the event that the configuration needs to be tweaked.
Changes in web services and plugin APIs
The format of several IDs exposed in web services changed and their use is deprecated. See SONAR-13248, SONAR-13249, and SONAR-13300.
A related change is introduced in a plugin API method. See SONAR-13420.
Security Hotspots in the built-in Quality Gate
We’ve added a new condition to the built-in “Sonar way” Quality Gate to make sure all Security Hotspots on New Code are reviewed. The Quality Gate fails if the percentage of new Hotspots reviewed is less than 100%. (MMF-1907).
Jenkins automatic branch and Pull Request detection
With Developer Edition and above, Scanners now automatically detect branches and Pull Requests in Jenkins Multibranch Pipelines. You no longer need to pass branch and Pull Request parameters. When upgrading from Community Edition or an old commercial edition version, the branch name in your SonarQube project needs to match the branch name in your code repository to continue writing history to the branch. Because SonarQube names the Main Branch “master” by default, you may have to rename it before running analysis again. See the Jenkins CI Integration page for more information. (MMF-1676).
Updated .NET code coverage
The code coverage for .NET projects now takes into account the branch/condition coverage in addition to the line coverage. The coverage of your projects may decrease to be closer to reality, and it can impact your Quality Gate. (See more details here).
Analysis summary for GitHub Pull Requests
Applications on the Projects page
Applications are now found on the Projects page. You can filter, favorite, and tag applications like you can with projects. (MMF-1382).
Security Hotspots: dedicated space and workflow
New project homepage
The project homepage has been redesigned to focus on New Code. (MMF-1886). Projects details are now tucked into a new “Project information” pane. The project administration menu has been renamed “Project Settings”.
Deprecated configuration
The old way of referencing environment variables in server configuration is deprecated and replaced with the support of default environment variables. (SONAR-13113).
Short-lived and Long-lived branches are now just branches
The concept for branches is now simplified, with a single way to handle all of them. (MMF-1786).
sonar.branch.target
is no longer used and can be removed.Configuration of Pull Request decoration
The configuration of Pull Request decoration changes. Previous settings are replaced by a new configuration in the UI. Also, decoration of Pull Requests now supports multiple instances of a same ALM provider in Enterprise Edition and above. (MMF-1814).
Deprecated web services and parameters dropped
Some Web services and parameters which were deprecated in 6.x versions have been dropped, including some related to Quality Profiles. See Full Release Notes for more info.
GitHub, LDAP, and SAML authentication now built in
GitHub, LDAP, and SAML authentication is now built in. If you were using the authentication plugins (sonar-ldap, sonar-auth-github, and sonar-auth-saml), you need to remove them from SonarQube before upgrading. (SONAR-12471).
GitLab Authentication now available
GitLab OAuth2 authentication is now available in all editions. If you were using the community plugin, you need to remove it from SonarQube before upgrading. The configured variable of the plugin will be migrated, so the authentication will work without having to rewrite the configuration. Due to changes in group mapping, GitLab subgroups mapped using the community plugin will need to be renamed in SonarQube for the mapping to work. (SONAR-12460).
New Code Period values simplified
It’s now easier to set your New Code Period in the UI. With the new settings, specific analysis has replaced setting the New Code Period to a specific date or version. If you were using a specific date or version for your New Code Period, now you’ll need to use a specific analysis. See the Setting Your New Code Period for more info. (MMF-1579).
Upgrade on Microsoft SQL Server fixed
Upgrade failure and performance issues with Microsoft SQL Server have been fixed (SONAR-12260, SONAR-12251).
Pylint execution on Windows fixed
Automatic execution of Pylint during python analysis on Windows has been fixed. Note that automatic execution of pylint during analysis remains deprecated on all OSes. (SONAR-12274).
Upgrade can fail on Microsoft SQL Server
Migration from SonarQube v6.7.x to v7.9 fails on Microsoft SQL Server (SONAR-12260).
MySQL No Longer Supported
SonarQube no longer supports MySQL. To migrate from MySQL to a supported database, see the free MySQL Migrator tool.
Java 11 Required
The SonarQube server now requires Java 11. Analyses may continue to use Java 8 if necessary.
Pylint should be run manually
Running Pylint automatically during python analysis has been deprecated. Additionally, it is broken in this version on Windows. If needed, Pylint must be run ahead of time and the resulting report passed in to analysis.