Changelog for Teamscale 7.3
Newer Release Available
Our current release is available here.
Urgent Security Notice: Teamscale affected by log4shell (CVE-2021-44228)
Teamscale is affected by the widely discussed log4shell (CVE-2021-44228) security vulnerability and its follow-up CVE-2021-45046. A third vulnerability in log4j has been published CVE-2021-45105, but Teamscale is not affected in its default installation.
Please update Teamscale to a version released on or after the 21st of December 2021.
Note: The Eclipse/IntelliJ/NetBeans plug-ins are also affected by the security vulnerability. Please make sure to update your plug-ins to the latest versions compatible with your currently deployed Teamscale version.
REST XML Interface Removed (since Teamscale 7.0)
As of Teamscale 7.0, its REST XML interface (deprecated since Teamscale v6.0) has finally been removed. This affects only the legacy REST API; the new, versioned API is not affected. You have hence two options:
- The preferred long-term solution is to migrate to the new, versioned REST API, i.e., to use REST endpoints like
…/api/v7.0.0/…
. - A temporary solution is to keep using the legacy REST API but always send an
Accept: application/json
request header and accept JSON rather than XML responses. Note, however, that the legacy REST API will be deprecated and subsequently removed, too.
Changed Voting Behaviour for Bitbucket Server Integration (since Teamscale 6.7)
As of Teamscale 6.7, the Enable Voting option in the Bitbucket Server connector will only add the findings badge to the pull request description. Please enable the Enable pull request review option, if you want Teamscale to also review pull requests.
Changed Permissions when Using Docker Image (since Teamscale 6.3)
As of Teamscale 6.3, Teamscale is no longer executed as the root user in the Docker container, but as user teamscale
(UID=1000). Please make sure to either allow this user to access the mounted directories and files or add a user mapping to your docker-compose file, e.g. user: technical-user
, which refers to a user whose permissions should be mapped to teamscale
.
Java 11 Required (since Teamscale 6.2)
As of Teamscale 6.2, running the Teamscale server requires a Java Runtime Environment, Version 11 or later.
Changed Resolving of Configuration Files (since Teamscale 6.0)
- As of Teamscale 6.0, all configuration files are loaded using the same logic. In particular configuration files in the process working directory take precedence over ones in the Teamscale installation.
- Relative paths specified in configuration files will always be resolved to the working directory. The working directory usually equals the installation directory unless explicitly changed.
- Custom check JAR files can be deployed in a directory relative to the working directory and installation directory.
- Searching for a Teamscale configuration file
teamscale-config.properties
in the installation root directory. Use the fileteamscale.properties
in one of the config directories. - Searching for a license in the installation root directory, or a directory specified by the Java system property
teamscale.license.path
is no longer supported. Use the environment variableTEAMSCALE_CONFIG
to specify a separate configuration directory or pass the license using theTS_LICENSE
environment variable if you cannot place the license in one of the config directories. - The administrative service to read and write configuration files via the Web API (
config-files
) has been removed.
Re-Analysis when Upgrading
- When updating from 7.3.x, drop-in.
- When updating from 7.2.x or earlier, a full re-analysis via backup is required.
Version 7.3.14
Fixes
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-45105
Version 7.3.13
Fixes
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-45046
Version 7.3.12
Fixes
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-44228
Version 7.3.11
Fixes
- C++
if constexpr
was considered coverable - Parsing of LLVM coverage reports failed if execution count exceeded range of integer
- Polarion spec items that were created/edited while the
PolarionSynchronizer
ran were not fetched from Polarion - Rollback loop occurred in rare case on certain Git repositories
- Teamscale sometimes added check annotations to unchanged files in GitHub and Azure Dev Ops pull requests
- Security leak in the
SocketTimeoutException
warning logs for the Azure DevOps connectors - False positives for "Use of enclosing braces, partial array initialization, multiple initialization of array elements" check in C++
NullPointerException
inClangTidySynchronizer
Improvements
- New voting connector include/exclude options specifying which files to vote on
Version 7.3.10
Fixes
- False positives in nesting depth analysis in Swift
- Some branch names were missing in case no files were processed since the creation of the branch
- "Multiple subsequent parameters of same type" check was not configurable
- Findings of type "Avoid comparisons to boolean literals" were sometimes incorrectly tracked and adjusted
- Eclipse Plug-in: Having no Teamscale project configured led to an empty pre-commit dialog that did not give the user any indication of the underlying problem
Version 7.3.9
Fixes
- Polarion custom fields were not imported when a project was restored from a backup
- Using
try
as identifier in plain C code caused parsing errors
Improvements
- The LLVM coverage report version 2.0.1 is now supported and respects branch coverage information
Version 7.3.8
Fixes
- Code Review Status was sometimes misleading
- Spec item reference highlighting did not work when an architecture path was used
IndexOutOfBoundsException
in the Method History view for certain branching scenarios
Version 7.3.7
Fixes
- Review rating assessment metric was inconsistent with the review status button
- Findings list in the code view was not updated after a review finding had been added
- Polarion connector did not fetch documents from subfolders
- Project import failure error message was unclear and not meaningful
- False positives for C# naming conventions in case of init-setters
- Login via GitHub failed in case non-Github projects had been imported to Teamscale
NullPointerException
inTgaTrendService
in some cases- Error message when switching between the different views too quickly
Version 7.3.6
Fixes
- Widgets displaying treemaps failed to render in case their dimensions contained fractions
NullPointerException
inSonarLintRunner
- Error in
ExternalAnalysisResultsUpdater
in case the file had its origin on another branch - Parser errors in some Delphi files
- LCOV exclude statements were not recognized correctly in some cases
- Flagged findings were lost when migrating from a version before 7.2
- Reports page took a long time to load in case many reports were present
- Issues table in the Test Gaps perspective didn't display any visual indicator during sorting or filtering operations
- Some Simulink blocks were not rendered correctly
- Stateflow transition labels were truncated when located at the edge of the model
Improvements
- New option in the Artifactory connector allowing the exclusion of ZIP files based on Ant patterns
Version 7.3.5
Fixes
- Swift parser failed for
actor
keyword - Code view showed MC/DC coverage related messages even if no coverage was uploaded
- IntelliJ/NetBeans plugin: Deserialization issue when fetching findings
- Deleting paused projects did not work and led to them being stuck
- Opening the Findings view after the initial project analysis initially still showed the message that the project is being analyzed
AssertionError
inInconsistentCloneChangeAlerter
if language of file changed- Dashboards disappeared when changing the project's primary ids to secondary ids
- "Multiple subsequent parameters of same type" check for C++ did not recognize generic type parameters
- False positives for "Unused variable" check for C, C++ and C# variables named underscore ("_")
- Simulink nesting depth values differed from Model Advisors subsystem depth metric
- False positive findings when using C++ keywords in C code
- Notifications could not be created from a threshold configuration
- C++ parser failed for function-try-blocks
Version 7.3.4
Fixes
- MC/DC coverage was ignored if more than one partition contained coverage data
UTFDataFormatException
inFindingsTracker
in case of very long task or problem tag commentsStackOverFlowError
inGeneralFindingsSynchronizer
in case of very long comments- Projects could not be saved if they already had a set parent project ID
IllegalArgumentException
in C++ dataflow analysis when using unnamed function parameterconst unsigned
- C# members implementing an interface were not parsed correctly
- C++ parser errors when using parentheses in array declaration
- C++ parser errors when using
enum struct
- False positives for "Missing virtual destructor" check in C++
- Python test names were not mapped correctly in JUnit reports, making them appear twice
- Simulink file-level findings in the model view were missing important information
- False positives in "Avoid using C-style arrays" check when using C++ attributes
SonarLintRunner
did not create findingsSimulinkModelBuildingException
inSimulinkOutputDataTypeExtractionStep
when a Simulink file got deleted from the repository- Executed by tab in Method History view was empty when there is no data to show
OutOfMemoryException
in case test paths contained test data
Improvements
- "Unit test classes should be located in the same package as the class under test" check now supports regular expression to identify test classes
Version 7.3.3
Fixes
- Files that were added and copied in the same issue were omitted from Issue Details view
- Non-exported TypeScript types were treated with default visibility by the comment analysis
- Polarion custom fields were not imported when project was restored from backup
ArrayInitializationCheck
failed while parsing numbers greater thanInteger.MAX_VALUE
- C++ parser did not correctly recognize parameter packs with ellipsis
- Test Gap Issues table warning for long loading time was shown in some cases where no expensive operation had been triggered
- Objective-C code was sometimes misidentified as C++
- C# 9 records led to parse errors and false positive findings
ContentIndexSynchronizer
failed when parsing Swift codeNullpointerException
inExternalAnalysisResultsUpdater
in special circumstances- Delphi parser failed for the `- Fix: MC/DC coverage was ignored if more than one partition contained coverage data
- Fix: Support regular expression to identify test classes for the check "Unit test classes should be located in the same package as the class under test"
- Fix: FindingsTracker crashes in case of very long task or problem tag comments
- Fix: StackOverFlowError in GeneralFindingsSynchronizer on very long comment text
- Fix: Could not save a project that already had a parent project id set.
- Fix: IllegalArgumentException in C++ dataflow analysis when using unnamed function parameter const unsigned
- C# members implementing an interface were not parsed correctly
- (C++) Fixed various errors caused by parsing error on parentheses in array declaration
- Fix: False positives in missing virtual destructor check
- Fix: Python test names are now produced without the .py file extensions so that JUnit reports can be mapped without creating duplicates.
- Fix: Parser error when using "enum struct" in C++
- Fix: Simulink file level findings UI did not contain enough information
- Fix: False positives in "Avoid using C-style arrays" check when using C++ attributes
SonarLintRunner
did not create findingsSimulinkModelBuildingException
inSimulinkOutputDataTypeExtractionStep
when a Simulink file got deleted from the repository- Executed by tab in Method History view was empty when there is no data to show
OutOfMemoryException
in case test paths contained test data` character and if negative integers were used
Version 7.3.2
Fixes
- SonarQube Quality Profile import for Java was aborted due to an unsupported rule
- Import of SonarQube Quality Profile for Javascript failed
- Execution Status view showed an error page when opened during project deletion
- Teamscale sometimes failed to analyze merge requests when it could not attribute a commit to the merge request
- Simulink: Some ports in Simscape Multibody (formerly "SimMechanics") models were not processed correctly
- C++ parser failed for constructors starting with an uppercase and certain method parameters
- Editing ABAP connectors always prompted for re-analysis, even if there were no changes
- Spec Item custom fields for Polarion work items were not formatted using the client time zone
- False positives for C# naming conventions in case of expression-bodied members
- Pre-commit jobs were sometimes delayed by repository scanning
Improvements
- Clarified finding description for "If statement without braces" check
Version 7.3.1
Fixes
- False positives for "Unused variable or parameter" check in C++ in case of method output parameters
- Identifier highlighting did not highlight connected macro definitions
- False positives for "Types shall be explicitly specified" check in C++
- False positives for "No write access to SAP standard tables" check in ABAP
- AbapLint failed to run in case no git installation or internet connection was available
- Add as metric button in the Tests page's filter view was not aligned with other input fields in Safari
- Duplicate forks in external analysis uploads sometimes led to unprocessed external analysis data
- Clone detection result was incomplete for Delphi code
- Some Gerrit changes were not included during live analysis
- False positives for "Declarations should be part of namespace" check in C++ in case of
Extern "C"
definitions - Some custom user-enumeration fields in Polarion were not resolved
- MC/DC coverage information was ignored in case it was imported via Artifactory
TestGapSynchronizer
was not executed in parallel for unrelated commits- Imported SonarQube quality profiles were not accessible by the importing user
NullPointerException
inGerritAnalysisResultUploadTrigger
when processing impacted specification items- Changing the selected project for all widgets in a dashboard did not correctly update the selected project in the project selector
- A warning indicating long loading times was sometimes incorrectly displayed in the Issues page in the Test Gaps perspective
Improvements
- Faster loading and updating of Issues and Specification Items tables in the Metrics perspective
Version 7.3.0
Major Features
- New Azure DevOps connector for requirements tracing
- New interaction log shows Teamscale's voting and comment annotation interactions with code collaboration platforms
- Merged merge requests are no longer removed from the Merge Requests page
Web UI
- Test pyramid widget
- Ability to sort the impacted specification items in the merge request detail view
- Columns in the issue and spec item table are now configurable
- Ability to filter findings according to the guideline they belong to (e.g. AUTOSAR C++14)
Analysis
- The newly introduced predicate
extendsType
can now be used in comment completeness analysis
New Checks
- "Repeated subcondition" check (C/C++, C#, Java, JavaScript/TypeScript & Python)