Skip to content

Latest commit

 

History

History
559 lines (410 loc) · 58.9 KB

CHANGELOG.md

File metadata and controls

559 lines (410 loc) · 58.9 KB

4.12

  • Update CFamily analyzer 6.59 -> 6.60, Clang 19, Support for WindRiver GNU C++ compiler for arm
  • Update Java analyzer 8.1 -> 8.5, support for Java 22, hardening
  • Update XML analyzer 2.10 -> 2.11
  • Update Python analyzer 4.22 -> 4.23
  • Update IaC analyzer 1.36 -> 1.37

4.11

  • Update IaC analyzer 1.33 -> 1.34 -> 1.35 -> 1.36, FP & FN fixes, improved detection logic, support for detecting Micronaut configuration issues in YAML & properties files, parsing improvements for AzureResourceManager
  • Update JS/TS/CSS analyzer 10.14 -> 10.15 -> 10.16, new rules, improvements
  • Update CFamily analyzer 6.58 -> 6.59, improvements, bug fixes
  • Update Go analyzer 1.15 -> 1.15.1 -> 1.15.2 -> 1.16 -> 1.16.1 -> 1.17 -> 1.17.1
  • Update Python analyzer 4.21 -> 4.22 7 new rules related to Pytorch
  • Update Secrets analyzer 2.15 -> 2.16, bug fixes
  • Update PHP analyzer 3.37 -> 3.38, new rule, improvements

4.10

  • Update text and secrets analyzer 2.13 -> 2.14 -> 2.15, FP fixes, improvements
  • Update PHP analyzer 3.36 -> 3.37, FP and bug fixes, improvements
  • Update Python analyzer 3.19 -> 3.20 -> 3.21, FP and bug fixes, improvements, framework detection improvements, performance improvements
  • Update CFamily analyzer 6.57 -> 6.58, support for C23, FP fixes
  • Update C# analyzer 9.30 -> 9.31 -> 9.32, FP fixes, one rule deprecated

4.9

  • Update IaC analyzer 1.32 -> 1.33 -> 1.33.1, new rules for Helm charts

4.8

  • Update IaC analyzer 1.31 -> 1.32, new rules for Kubernetes, improvements and bug fixes
  • Update CFamily analyzer 6.56 -> 6.57, improvements and bug fixes
  • Update text and secrets analyzer 2.12.1 -> 2.13, 34 new secret types
  • Update C# analyzer 9.27 -> 9.28 -> 9.29 -> 9.30, improvements and bug fixes

4.7

  • Allow focusing on New Code for standalone projects. Learn more
  • Automatic token exchange when setting up SonarCloud connection
  • Update text and secrets analyzer 2.10 -> 2.11 -> 2.12 -> 2.12.1, bugfixes, FP fixes
  • Update CFamily analyzer 6.55 -> 6.56, Linux ARM support, c++23 deducing this, rules hardening
  • Update C# analyzer 9.25 -> 9.25.1 -> 9.26 -> 9.27, new rules, FP fixes and improvements
  • Update Python analyzer 4.18 -> 4.19, Improve type inference to detect issues related to collections item types
  • Update PHP analyzer 3.35 -> 3.36, updated rule descriptions
  • Update Java analyzer 7.34 -> 7.35 -> 8.0.1 -> 8.1, provide needed change to run Java Dataflow Bug Detection rules in SonarLint in Connected Mode, custom rules plugin around symbolic execution engine, 20 new rules enabled on test code

4.6

  • Update Java analyzer 7.33 -> 7.34, 21 rules enabled on test sources and 8 FP fixes
  • Update CFamily analyzer 6.54 -> 6.55, hardening
  • Update IaC analyzer 1.27 -> 1.28 -> 1.29 -> 1.30 -> 1.31, analysis of Spring configuration files, new rules for ARM, bug fixes and FP fixes
  • Update Python analyzer 4.17 -> 4.18, 5 new rules, FP fixes
  • Update C# analyzer 9.23.2 -> 9.24 -> 9.25, 8 new rules, improvements
  • Delegate analysis execution to common SonarLint backend

4.5.1

  • Fix an issue with the activation of product telemetry

4.5

  • Allow users to share connected mode settings among contributors
  • Update JS/TS/CSS analyzer 10.12 -> 10.13 -> 10.13.1 -> 10.13.2 -> 10.14, new rules for accessibility, require Node 18, disable type checking for Vue.js, bug fixes and performance improvements
  • Update HTML analyzer 3.14 -> 3.15 -> 3.16, new rules about accessibility, precision improvements
  • Update Python analyzer 4.15 -> 4.16 -> 4.17, new rules about use of date and time, new rules specific to TensorFlow and numpy
  • Update PHP analyzer 3.33 -> 3.34 -> 3.35, bug fixes and precision improvements
  • Update IaC analyzer 1.26 -> 1.27, improvements and bug fixes
  • Update CFamily analyzer 6.53 -> 6.54, support analyzing C++23, remove 3 rules and add 1, performance improvements
  • Update Text analyzer 2.8 -> 2.9 -> 2.10, 1 new rule, improvements and bug fixes
  • Update Java analyzer 7.31 -> 7.32 -> 7.33, support analysis of Java 21 code, new rules about sustainability, improvements for Spring security rules
  • Update C#/VB.Net analyzer 9.20 -> 9.21 -> 9.22 -> 9.23 -> 9.23.1 -> 9.23.2, new rules about logging and ASP.Net, improvements and bug fixes

4.4.2

  • Fix issue that prevents analysis when URI-escaped characters are in a workspace folder's path
  • Fix connected mode with HTTP(S) proxies

4.4.1

  • Update JS/TS/CSS analyzer 10.11.1 -> 10.12, improve top dismissed JS/TS rules; One new rule (S2004)
  • Update CFamily analyzer 6.52 -> 6.53, 9 new C++ rules
  • Update Java analyzer 7.30.1 -> 7.31, Support of Java 21, FP fixes, improvements
  • Update embedded C# analyzer 9.15 -> 9.16 -> 9.17 -> 9.18 -> 9.19 -> 9.20, performance improvements, improved accuracy
  • Update HTML analyzer 3.13 -> 3.14, 17 new rules for accessibility
  • Update Python analyzer 4.14 -> 4.15, 13 FP fixes, 2 new QuickFixes
  • SonarLint backend refactoring

4.3.0

  • Update JS/TS/CSS analyzer 10.10 -> 10.11 -> 10.11.1, support TypeScript 5.3, 5 new adaptability rules, drop support for Node 14
  • Update Java analyzer 7.29 -> 7.30.1, 5 new Sprint Boot rules, improve support for the "jakarta" package, fixes for false positives and bugs
  • Update CFamily analyzer 6.51 -> 6.52, 9 new MISRA 2023 rules for C++
  • Update IaC analyzer 1.23 -> 1.24 -> 1.25 -> 1.26, 8 new Kubernetes rules; fp fixes
  • Update Text analyzer 2.7.1 -> 2.8, fixes for false positives and performance improvements
  • Update HTML analyzer 3.9 -> 3.13, Add new rules; drop deprecated property "sonar.web.file.suffixes"
  • Enable detection of custom secrets in connected mode with SonarQube 10.4+ (Enterprise and Data Center editions)

4.2.0

  • Update JS/TS/CSS analyzer 10.9 -> 10.10, 17 new accessibility rules for JSX
  • Update Java analyzer 7.28 -> 7.29, Update the Java API with methods from JUtils; fix 6 FPs & FNs; Improve rule descriptions and issue messages; 1 new Quick Fix.
  • Update IaC analyzer 1.22 -> 1.23, S6329 should report only one issue for the same location
  • Update CFamily analyzer 6.50 -> 6.51, 1 new C++ MISRA 2023 rule
  • Update Python analyzer 4.11 -> 4.12 -> 4.13 -> 4.14, Added support for FastAPI tooling for 6 rules; Module-level type inference for Python; FP and FN fixes; Security rules improvements.
  • Update embedded C# analyzer 9.13 -> 9.14 -> 9.15, FP and FN fixes, performance improvements
  • Dataflow Bug Detection support for Python in Connected Mode with SonarQube 10.4+ and SonarCloud

4.1.0

  • Support analysis of Azure Resource Manager templates and Bicep files
  • Support analysis of T-SQL files in Connected Mode with SonarCloud or SonarQube Developer edition or higher
  • Update Java analyzer 7.27.1 -> 7.28, 9 new Sprint Boot rules, 1 FP fix
  • Update Python analyzer 4.9 -> 4.10 -> 4.11, Support for Python 3.12 new syntax, implement 5 new rules related to new features of Python 3.12 + 3 new Security Hotspot rules, Fix FPs
  • Update JS/TS/CSS analyzer 10.8.0 -> 10.9.0, FP fixes, improvements, deprecate Node.js 16
  • Update text and secrets analyzer 2.6.1 -> 2.7.0 -> 2.7.1, hardening
  • Update embedded C# analyzer 9.12 -> 9.13, support for .NET 8 & C# 12, fixes and improvements

4.0.5

  • Allow opening PR and branch issues from SonarQube in the IDE

4.0.1

  • Initial support for C# analysis. More info in docs; Please share feedback on our Community Forum.
  • Update Python analyzer 4.8 -> 4.9, 5 new rules for Pandas library
  • Update JS/TS/CSS analyzer 10.6.0 -> 10.7.0 -> 10.8.0, new rules, FP fixes, improved diagnostics for memory issues
  • Update Java analyzer 7.25 -> 7.26 -> 7.27 -> 7.27.1, Add first part of support in rules for jakarta packages, 6 new Spring rules, bugfix and improvements
  • Update PHP analyzer 3.32 -> 3.33, update rule descriptions to include Learn as You Code changes, FP fix.
  • Update IaC analyzer 1.21 -> 1.22, update rule descriptions to include Learn as You Code changes
  • Update text and secrets analyzer 2.5.0 -> 2.6.1, FP fixes, improvements
  • Update CFamily analyzer 6.49 -> 6.50, 1 new C++ MISRA 2023 rule, hardening
  • Bump minimum required Java runtime version to Java 17.
  • Embed Java 21 LTS in platform-specific packages
  • Allow opening issues from SonarQube into the IDE (starting from SonarQube v10.3)

3.22

  • Add possibility to exclude files from analysis when not in Connected Mode. Learn more
  • Add focusing on new code in connected mode Learn more
  • Update JS/TS/CSS analyzer 10.5.1 -> 10.6.0, FP fixes, QuickFix for S6326, remove S2814 for TypeScript, recommendation to use Node.js 20
  • Update CFamily analyzer 6.48 -> 6.49, 2 new C++ MISRA 2023 rules
  • Update text and secrets analyzer 2.3.0 -> 2.4.0 -> 2.5.0, 42 new cloud app secrets, FP fixes, analysis time logging
  • Update Python analyzer 4.7 -> 4.8, 8 Numpy rules and 3 quick fixes, FN fixes
  • Update IaC analyzer 1.20 -> 1.21, 16 new rules for Docker analyzer, improved detection of Dockerfiles
  • Update Go analyzer 1.14 -> 1.15, enable "NOSONAR" commentary in SonarLint, bug fixes and improvements
  • Update Java analyzer 7.24 -> 7.25, [Custom Rules] CheckRegistrar classes can register check instances, default quality profile and AutoScan

3.21

  • Highlight clean code attributes and impacts on software qualities in rule descriptions
  • In connected mode with SonarQube 10.2+, add the ability to silence an issue before the analysis
  • Analysis of COBOL in connected mode with SonarCloud or SonarQube Enterprise Edition is now considered stable
  • Update Java analyzer 7.22 -> 7.23 -> 7.24, improvements and bug fixes
  • Update JS/TS/CSS analyzer 10.3.2 -> 10.4 -> 10.5.1, FP fixes, new JS/TS rules, support Clean Code attributes and software qualities
  • Update text and secrets analyzer 2.1 -> 2.2 -> 2.3, detection of top 50 cloud app secrets, 22 new secret types, reduced FP rate
  • Update XML analyzer 2.9 -> 2.10, support Clean Code attributes and software qualities
  • Update IaC analyzer 1.18 -> 1.19 -> 1.20, support Clean Code attributes and software qualities, bugfixes
  • Update Go analyzer 1.13 -> 1.14, support Clean Code attributes and software qualities
  • Update PHP analyzer 3.30 -> 3.31 -> 3.32, support PHP 8.3, 16 FP fixes, bugfixes, support Clean Code attributes and software qualities
  • Update Python analyzer 4.5 -> 4.6 -> 4.7, support Clean Code attributes and software qualities, 9 new rules, FP fixes
  • Update HTML analyzer 3.7.1 -> 3.8 -> 3.9, support Clean Code attributes and software qualities, new rule description format
  • Update CFamily analyzer 6.47 -> 6.48, support Clean Code attributes and software qualities, new rule description format

3.20.2

  • Contribute a walkthrough feature for new users who install SonarLint
  • Clean up diagnostics on file close
  • Improve UX for untrusted SSL certificates
  • Update Java analyzer 7.20.0 -> 7.21.0 -> 7.22.0, Update 136 rule descriptions to new educational format; Fix 6 FPs
  • Update IaC analyzer 1.17 -> 1.18, Update rule descriptions to new educational format; Bug fixes
  • Update Python analyzer 4.3 -> 4.4 -> 4.5, Migrate 37 rule descriptions to the education format; Improve analysis precision; Fixing FPs and FNs
  • Update XML analyzer 2.8.1 -> 2.9.0, Update rules metadata; SonarXML increases by 2% the TPR on C# SAST Benchmarks; Fixing FNs
  • Update JS/TS/CSS analyzer 10.3.1 -> 10.3.2, A bugfix for performance regression
  • Update CFamily analyzer 6.45 -> 6.46 -> 6.47, 2 new C++ rules, 43 new Misra 2023 rules; Bug fixes and improvements

3.19.2

  • Fix synchronization of taint vulnerabilities in connected mode with SonarCloud

3.19

  • Allow marking known issues and taint vulnerabilities as resolved in Connected Mode
  • Allow changing status of known security hotspots in Connected Mode
  • Beta support for COBOL in Connected Mode with SonarCloud or SonarQube Enterprise Edition
  • Update XML analyzer 2.7.0 -> 2.8.1, Update rule descriptions to educational format; Update documentation for rule S140.
  • Update Go analyzer 1.12.0 -> 1.13.0, Update rule descriptions to new educational format
  • Update Java analyzer 7.19.0 -> 7.20.0, SE engine works with incomplete semantics; FP and FN fixes, bugfixes
  • Update PHP analyzer 3.29 -> 3.30, Update rule metadata to new educational format
  • Update JS/TS/CSS analyzer 10.2.0 -> 10.3.0 -> 10.3.1, Add rules from ESLint core; Support Typescript 5; FP and FN fixes, bugfixes

3.18

  • Enable analysis of all security hotspots in a workspace folder
  • Enable Security Hotspots in Connected Mode with SonarCloud
  • Make code in rule descriptions easier to understand with syntax and diff highlighting
  • Update JS/TS/CSS analyzer 10.1.0 -> 10.2.0, 17 new rules for JS and TS
  • Update Java analyzer 7.18.0 -> 7.19.0, improve support for analysis of Java 19; support for Java 19+ preview features needs to be enabled by setting sonar.java.enablePreview to true in sonarlint.analyzerProperties
  • Update PHP analyzer 3.28 -> 3.29, 2 new rules and precision improvements
  • Update Python analyzer 4.2 -> 4.3, 6 new rules for the Django framework
  • Update IaC analyzer 1.16 -> 1.17, precision improvements and bug fixes
  • Update text and secrets analyzer 2.0.1 -> 2.0.2 -> 2.1.0, new rule descriptions
  • Update CFamily analyzer 6.44 -> 6.45, Bug fixes and improvements

3.17

  • Support analysis of CloudFormation
  • Support analysis of Docker
  • Support analysis of Kubernetes
  • Support analysis of Terraform
  • Display patch instruction specifically tailored for the library or framework in use in the rule description view
  • Update JS/TS/CSS analyzer 10.0.1 -> 10.1.0, 8 new rules available; 14 existing rules improved; ESLint upgraded to 8.36.0
  • Update Java analyzer 7.17.0 -> 7.18.0, 3 new rules available; bug fixes
  • Update Python analyzer 4.1 -> 4.2, New rules related to type hinting and regular expressions; 3 new quick fixes for regular expressions
  • Update CFamily analyzer 6.43 -> 6.44, Bug fixes and improvements

3.16

  • Update Python analyzer 4.0 -> 4.1, initial support for IPython syntax in Jupyter notebooks
  • Update PHP analyzer 3.27.1 -> 3.28, precision improvements
  • Update CFamily analyzer 6.42 -> 6.43, support for tiarmclang compiler
  • Support analysis of Go
  • Support analysis of Python code in Jupyter Documents
  • Add "Help and Feedback" view under SonarLint view container.

3.15.1

  • In Connected Mode, SonarCloud/SonarQube Quality Profile is now being applied for secret detection rules
  • Update JS/TS/CSS analyzer 9.13.0 -> 10.0.0 -> 10.0.1, support for JavaScript analysis inside HTML files, FN and FP fixes, dependency upgrades
  • Update CFamily analyzer 6.41.0 -> 6.42.0, Support for clang-cl and Microchip compilers
  • Update Python analyzer 3.21 -> 3.25 -> 4.0.0, New quick fixes available, FN and FP fixes
  • Update Java analyzer 7.16.0 -> 7.17.0, New quick fixes available, FP and FN fixes, bugfixes

3.14

  • Local detection of Security Hotspots
  • Update PHP analyzer 3.25.0 -> 3.26.0 -> 3.27.0 -> 3.27.1, Fix parsing error on namespaces with reserved words
  • Update CFamily analyzer 6.40.0 -> 6.41.0, 13 new rules on C++20's "std::format"
  • Update Java analyzer 7.15.0 -> 7.16.0, FP fixes, bugfixes, FN fixes
  • Update JS/TS/CSS analyzer 9.12.1 -> 9.13.0, FN and FP fixes, dependency upgrades
  • Update XML analyzer 2.6.1 -> 2.7.0, Bugfix of XPathCheck, bugfix of memory leak

3.13

  • Introduce dedicated "SonarLint" view container
  • Fix usability issues with automatic project binding
  • Update JS/TS/CSS analyzer 9.10 -> 9.11.0 -> 9.12.0 -> 9.12.1, enable support for CSS, add typed rules for JavaScript, support TypeScript 4.9, improve performance and user experience about tsconfig.json files, 6 new rules related to performance in React
  • Update Python analyzer 3.20 -> 3.21, support for Python 3.11, improve performance and accuracy
  • Update HTML analyzer 3.6.0 -> 3.7.0 -> 3.7.1, bug fixes and improvements
  • Update CFamily analyzer 6.39.0 -> 6.40.0, 6 new rules on C++/20 "concepts"

3.12

  • Display all Taint Vulnerabilities for bound projects in Connected Mode, UX improvements
  • Update Python analyzer 3.18.0 -> 3.19.0 -> 3.20.0, 1 new rule, 4 new quick fixes, improved CDK analysis
  • Update XML analyzer 2.5.0 -> 2.6.0 -> 2.6.1, updated dependencies, support OWASP Top 10 2021 metadata tags, read properties in disallowed dependencies rule
  • Update Java analyzer 7.13.0 -> 7.14.0 -> 7.15.0, FP fixes, bugfixes, quick fix suggestions improved
  • Update JS/TS analyzer 9.8.0 -> 9.9.0 -> 9.10.0, FP fixes, improvements, 2 AWS CDK rules
  • Update CFamily analyzer 6.37.0 -> 6.38.0 -> 6.39.0, bug fixes and improvements

3.11

  • Simplify user token generation when configuring connected mode with SonarQube 9.7+
  • Honor sonarlint.ls.javaHome setting for all platforms
  • Update CFamily analyzer 6.36 -> 6.37, bug fixes and improvements
  • Update PHP analyzer 3.23 -> 3.24 -> 3.25, added support for PHP 8.2, improvements and bugfixes
  • Update JS/TS analyzer 9.7 -> 9.8, TypeScript 4.8,deprecation of Node.JS v14, remove support for Node.JS v12
  • Update Python analyzer 3.17 -> 3.18, 9 new rules about Encryption (Rest / Transit) on AWS CDK for Python

3.10

  • Suggest users using SonarLint Connected Mode to configure project bindings with their SonarQube/SonarCloud projects
  • Update Python analyzer 3.15 -> 3.16 -> 3.17, 8 new unit test rules, bugfixes and false positive fixes
  • Update Secrets analyzer 1.1 -> 1.2, remove warning about packaged dependencies

3.9

  • Automatically synchronize issues and taint vulnerabilities in connected mode (with SQ 9.6+)
  • Update JS/TS analyzer 9.4 -> 9.5 -> 9.6 -> 9.7, add React rules, support for JavaScript in YAML, FP fixes for React
  • Update CFamily analyzer 6.35 -> 6.36, bug fixes and improvements

3.8

  • Add views to manage project binding with connected mode

3.7

  • Ship Java 17 runtime with select supported platforms (Windows x86-64, macOS x86-64 and arm-64, Linux x86-64)
  • Update JS/TS analyzer 9.2 -> 9.3 -> 9.4, Support for Typescript 4.7, Upgrade stylelint to 14.9.1, 3 new rules added, FP fixes
  • Update CFamily analyzer 6.34 -> 6.35, 2 new rules, bug fixes and improvements
  • Update Java analyzer 7.12.1-> 7.13, 7 new code quality rules for AWS Cloud functions

3.6

  • Add views to manage connected mode authentication, move authentication tokens to secret storage
  • Update Java analyzer 7.11.0 -> 7.12 -> 7.12.1, new rules + rules improvements, Incremental PR analysis with cache.
  • Update PHP analyzer 3.23 -> 3.23.1, descriptions for rule properties of S1808, FP fix for S6328
  • Update CFamily analyzer 6.33 -> 6.34, 1 new rule, improvements for SonarLint VSCode
  • Update Python analyzer 3.14 -> 3.15 -> 3.15.1, first Quick Fixes for Python

3.5.4

  • Fix an issue with URI-encoded characters in file paths

3.5.3

  • Update Java analyzer 7.8.1 -> 7.9 -> 7.10 -> 7.11, enable parsing of Java 18 preview features, rules fixes.
  • Update JS/TS analyzer 9.1 -> 9.2, Node.js 12.22.0 or later required, improvements and FP fixes
  • Update CFamily analyzer 6.32 -> 6.33, bug-fixes for compilation database
  • Update Python analyzer 3.12 -> 3.13 -> 3.14, fixes for false positives
  • Subscribe to server events to synchronize quality profiles and rule configuration
  • Lots of small bug fixes

3.4.1

  • Fix error during analysis of files not in a Git repo (connected mode only)

3.4.0

  • Support analysis of C and C++ code.
  • Update Python analyzer 3.9 -> 3.10 -> 3.11 -> 3.12, support third-party Typeshed libraries, 9 new "simple" rules (8 code smells + 1 bug), 8 new regex related rules, fixes and improvements
  • Update PHP analyzer 3.22 -> 3.23, 9 new regex rules, bug fix for S3699
  • Update JS/TS analyzer 8.8 -> 8.9 -> 9.0 -> 9.1, support for Quick Fixes, enable 23 rules with quick fixes, support TypeScript 4.6, drop support for Node.js 10 (12.22.0 is the new minimal version), 30 new quick fixes, improvements and FP fixes

3.3.1, 3.3.2, 3.3.3

  • Fix automated deployment to OpenVSX

3.3.0

  • Update JS/TS analyzer 8.4 -> 8.5 -> 8.6 -> 8.7 -> 8.8, 8 new rules about tests, support for TypeScript 4.4, improved resolution of TypeScript compiler settings, deprecate Node 12 (Node 16 is recommended)
  • Update Java analyzer 7.4 -> 7.5 -> 7.6 -> 7.7 -> 7.8, support for new nullability annotations, 4 new vulnerability detection rules about XML processing, bug fixes and improvements
  • Update PHP analyzer 3.21 -> 3.22, support PHP 8.1
  • Update Python analyzer 3.6 -> 3.7 -> 3.8 -> 3.9, 12 new rules about regular expressions, support Python 3.10, improve performance of symbol resolution
  • Update HTML analyzer 3.4 -> 3.5 -> 3.6, support SalesForce Aura Lightning Components and Twig templates, fix false positives
  • Enable analysis of XML files
  • In connected mode, silently synchronize quality profiles at regular intervals

3.2.0

  • Load taint vulnerabilities and issue suppressions from the appropriate branch in connected mode

3.1.0

  • Update Java analyzer 7.3.0 -> 7.4.0, 1 new vulnerability detection rule, improvements in precision
  • Update PHP analyzer 3.20 -> 3.21, 9 new rules about regular expressions
  • Fix protocol issues in connected mode with some HTTP proxies

3.0.0

  • Require JRE 11+ to run the language server

2.3.0

  • Allow analyzers to contribute quick fixes
  • Update Java analyzer 7.2.0 -> 7.3.0, quick fixes for 40 rules, FP and bug fixes
  • Update Secrets analyzer 1.0 -> 1.1, 4 new rules for top cloud providers, multiline secrets detection
  • Update JS/TS analyzer 8.1.0 -> 8.2 -> 8.3 -> 8.4, 19 new rules for regular expressions, fixes for false positives
  • Update PHP analyzer 3.18 -> 3.19.0 -> 3.20.0, 17 new rules on WordPress and regexes, improvements, FP and bug fixes

2.2.0

  • Minor changes for CodeSpaces compatibility

2.1.2

  • Hotfix release
    • Consider file not ignored if git command fails
    • Consider file not ignored if ignore check fails

2.1.1

  • Detect AWS secrets in any file (2 rules)
  • Update JS/TS analyzer 7.4.2 -> 7.4.3 -> 7.4.4 -> 8.0.0 -> 8.0.1, support TypeScript 4.3, bug fixes and improvements
  • Update Java analyzer 6.15.1 -> 7.0 -> 7.1 -> 7.2, 10 new rules, better Java 16 support, many bug fixes and improvements
  • Update PHP analyzer 3.17.0 -> 3.18.0, bug fixes and improvements
  • Update Python analyzer 3.5.0 -> 3.6.0, better analysis for medium-sized projects and other improvements

2.0.0

  • Update Python analyzer 3.4 -> 3.5, improve precision thanks to cross-module resolution of symbols
  • Drop support of SonarQube < 7.9 for connected mode

1.22.0

  • Report "Blocker" and "Critical" issues at the "Warning" level
  • Check at startup and at regular intervals for binding updates in connected mode
  • Update Java analyzer 6.13 -> 6.14 -> 6.15 -> 6.15.1, 6 new rules, fewer FPs and FNs, rule improvements
  • Update JS/TS analyzer 7.1 -> 7.2 -> 7.2.1 -> 7.3 -> 7.4 -> 7.4.1 -> 7.4.2, support for TypeScript 4.2, analyze TypeScript in Vue.js components, fewer FPs and FNs
  • Update PHP analyzer 3.15 -> 3.16 -> 3.17, fewer false positives, dependency upgrades
  • Update HTML analyzer 3.3 -> 3.4, fewer false positives, dependency upgrades
  • Update Python analyzer 3.3 -> 3.4 -> 3.4.1, dependency upgrades

1.21.0

  • Show secondary locations of issues in a dedicated view
  • Highlight taint vulnerabilities in connected mode
  • Update Python analyzer 3.2 -> 3.3, 2 new vulnerability detection rules
  • Update PHP analyzer 3.14 -> 3.15, 3 new vulnerability detection rules
  • Update Java analyzer 6.11 -> 6.12 -> 6.13, support for Java 15, 8 new rules

1.20.0

  • Review a Security Hotspot within its context in connected mode with SonarQube
  • Update JavaScript and TypeScript analyzer 7.0.1 -> 7.1.0, 6 new rules, fewer false positives, formatting improvements
  • Update Java analyzer 6.10 -> 6.11, 3 new rules, introduce sonar.java.jdkHome global variable to control JDK for the analyzer, improvements for Mockito, MongoDB and JDBC, add secondary locations for 13 rules, 9 FP fixes, 3 FN fixes, size optimization, bug fixes
  • Update PHP analyzer 3.13 -> 3.14, 2 FP fixes, bug fixes
  • Update Python analyzer 3.1 -> 3.2, support Python 3.9, improvements and bug fixes

1.19.0

  • Enable server notifications in connected mode with SonarQube or SonarCloud
  • Update JavaScript and TypeScript analyzer 6.5 -> 6.6 -> 6.7 -> 7.0 -> 7.0.1, many new rules related to cryptography, all rules migrated to ESLint parser
  • Update PHP analyzer 3.10 -> 3.11 -> 3.12 -> 3.13, support of PHP 8, improved messages on secondary locations
  • Update HTML analyzer 3.2 -> 3.3, rules improvements
  • Update Java analyzer 6.9 -> 6.10, new rules on regular expressions

1.18.0

  • Update Java analyzer 6.6 -> 6.7 -> 6.8 -> 6.9, lots of new rules, bug fixes, fewer false positives and false negatives
  • Update PHP analyzer 3.6 -> 3.7 -> 3.8 -> 3.9 -> 3.10, 20 new rules, including 13 related to unit tests
  • Update Python analyzer 3.0 -> 3.1, 3 new rules
  • Update JavaScript and TypeScript analyzer 6.3 -> 6.4 -> 6.5, many improvements and bug fixes
  • Provide direct feedback about unmet dependency on JRE and/or Node.js

1.17.0

  • Allow configuration of rule parameters in user settings
  • Display rule severity defined in the quality profile
  • Update Python analyzer 2.11 -> 2.12 -> 2.13 -> 3.0, 12 new rules, 2 FP fixes, bug fixes and improvements
  • Update Java analyzer 6.4 -> 6.5 -> 6.6, 22 new rules, 21 FP fixes, bug fixes and improvements
  • Update JS analyzer 6.2 -> 6.3, bug fixes and improvements
  • Update PHP analyzer 3.4 -> 3.5 -> 3.6, 14 new rules (3 security related), bug fixes and improvements
  • Gracefully wait for the Java Language Server to be started in standard mode before analyzing Java files

1.16.0

  • Update Python analyzer 2.5 -> 2.11, 44 new rules, support for Python 3.8, improved accuracy through use of built-in types, count module-level docstrings as comments
  • Update Java analyzer 6.1 -> 6.4, 14 new rules for Java, 9 of them for tests, fewer false positives
  • Update PHP analyzer 3.3 -> 3.4, fewer false positives
  • Update JS/TS analyzer 5.1 -> 6.2, 8 new rules, 31 JS rules now also available for TS, performance improvements

1.15.0

  • Add support for Java analysis (requires Java extension 0.56.0+)
  • Update SonarPython 2.4 -> 2.5, 3 new vulnerability detection rules, fewer false positives thanks to engine improvements

1.14.0

  • Group 'on change' analysis triggers to lower CPU usage
  • Remove default value for testFilePattern setting. By default all files are now analyzed as application code
  • Update SonarPython 2.3 -> 2.4, engine improvements and bug fixes
  • Automatically offer to download a JRE if none was detected/configured
  • Change connected mode settings to differentiate SonarCloud from SonarQube
  • Add 2 new settings to control SonarLint output verbosity (quiet by default)

1.13.0

  • Update SonarPython 1.15.1 -> 1.16 -> 1.17 -> 2.0 -> 2.1 -> 2.2 -> 2.3, 19 new rules, improvements on existing rules thanks to a new engine
  • Update SonarPHP 3.2 -> 3.3, support PHP 7.4

1.12.0

  • Allow to configure a different binding per workspace folder

1.11.0

  • Add the ability to activate rules that are not enabled by default
  • Show list of available rules in a dedicated view, with ability to activate/deactivate rules from this view
  • Drop support of SonarQube < 6.7 in connected mode
  • Support "Ignore Issues on Files" and "Ignore Issues in Blocks" settings in connected mode
  • Avoid downloading analyzers that are not supported
  • Update SonarPython 1.12 -> 1.15, 3 new vulnerability detection rules
  • Update SonarPHP 3.0 -> 3.1.1 -> 3.2

1.10.0

  • Add a code action and related settings to deactivate rules
  • Update SonarHTML 3.1 -> 3.2 to support Vue.js and enable accessibility-related rules

1.9.0

  • Enable support of PL/SQL in connected mode
  • Support for connected mode on all sub-folders of a same project in a workspace

1.8.0

  • Enable support of Apex in connected mode

1.7.0

  • Update SonarPHP 2.16 -> 3.0 to support PHP 7.3
  • Fix rule description panel on VSCode 1.33+

1.6.0

  • Update SonarPHP 2.14 -> 2.15 -> 2.16
  • Update SonarPython 1.10 -> 1.12
  • Update SonarTS 1.7 -> 1.8 -> 1.9
  • Update SonarJS 4.2 -> 5.0 -> 5.1
  • Add support for HTML and JSP (using SonarHTML analyzer)

1.5.0

1.4.0

  • Update SonarTS 1.6 -> 1.7

1.3.0

  • Add basic support for connected mode
    • Track server issues and hide resolved
    • Add command to update bindings and sync
  • Add basic support for multi-root workspace
  • Update embedded analyzers
    • SonarJS 4.0 -> 4.1
    • SonarTS 1.5 -> 1.6
    • SonarPHP 2.12 -> 2.13
    • SonarPython 1.8 -> 1.10

1.2.0

  • Add support for TypeScript (using SonarTS analyzer)
  • Update SonarJS to version 4.0
    • Support Vue.js single file components
    • Flow syntax support
    • Exclude node_modules folder
    • Many rules improvements
  • Update SonarPHP to version 2.12
    • Support for PHP 7.1 and 7.2
    • Many new rules and rules improvements

1.1.0

  • Update SonarJS to version 3.1
    • 1 new rule
  • Display rule description directly inside VSCode

1.0.0

  • First release
  • On-the-fly analysis of JavaScript, Python and PHP
  • SonarJS 3.0
  • SonarPHP 2.10
  • SonarPython 1.8