Changelog for Teamscale 7.4
Newer Release Available
Our current release is available here.
Urgent Security Notice: Teamscale affected by log4shell (CVE-2021-44228)
Teamscale is affected by the widely discussed log4shell (CVE-2021-44228) security vulnerability and its follow-up CVE-2021-45046. A third vulnerability in log4j has been published CVE-2021-45105, but Teamscale is not affected in its default installation. Another log4j vulnerability has been published CVE-2021-44832, which only affects Teamscale if the log4j configuration file can be changed by a third party.
Please update Teamscale to a version released on or after the 4th of January 2022.
Note: The Eclipse/IntelliJ/NetBeans plug-ins are also affected by the security vulnerability. Please make sure to update your plug-ins to the latest versions compatible with your currently deployed Teamscale version.
SNI Hostname Verification (since Teamscale 7.4)
As of Teamscale 7.4, the internal Jetty web server executes SNI hostname verification by default. If you encounter an error "Invalid SNI" when accessing Teamscale, please contact our support
REST XML Interface Removed (since Teamscale 7.0)
As of Teamscale 7.0, its REST XML interface (deprecated since Teamscale v6.0) has finally been removed. This affects only the legacy REST API; the new, versioned API is not affected. You have hence two options:
- The preferred long-term solution is to migrate to the new, versioned REST API, i.e., to use REST endpoints like
…/api/v7.0.0/…. - A temporary solution is to keep using the legacy REST API but always send an
Accept: application/jsonrequest header and accept JSON rather than XML responses. Note, however, that the legacy REST API will be deprecated and subsequently removed, too.
Changed Voting Behaviour for Bitbucket Server Integration (since Teamscale 6.7)
As of Teamscale 6.7, the Enable Voting option in the Bitbucket Server connector will only add the findings badge to the pull request description. Please enable the Enable pull request review option, if you want Teamscale to also review pull requests.
Changed Permissions when Using Docker Image (since Teamscale 6.3)
As of Teamscale 6.3, Teamscale is no longer executed as the root user in the Docker container, but as user teamscale (UID=1000). Please make sure to either allow this user to access the mounted directories and files or add a user mapping to your docker-compose file, e.g. user: technical-user, which refers to a user whose permissions should be mapped to teamscale.
Java 11 Required (since Teamscale 6.2)
As of Teamscale 6.2, running the Teamscale server requires a Java Runtime Environment, Version 11 or later.
Changed Resolving of Configuration Files (since Teamscale 6.0)
- As of Teamscale 6.0, all configuration files are loaded using the same logic. In particular configuration files in the process working directory take precedence over ones in the Teamscale installation.
- Relative paths specified in configuration files will always be resolved to the working directory. The working directory usually equals the installation directory unless explicitly changed.
- Custom check JAR files can be deployed in a directory relative to the working directory and installation directory.
- Searching for a Teamscale configuration file
teamscale-config.propertiesin the installation root directory. Use the fileteamscale.propertiesin one of the config directories. - Searching for a license in the installation root directory, or a directory specified by the Java system property
teamscale.license.pathis no longer supported. Use the environment variableTEAMSCALE_CONFIGto specify a separate configuration directory or pass the license using theTS_LICENSEenvironment variable if you cannot place the license in one of the config directories. - The administrative service to read and write configuration files via the Web API (
config-files) has been removed.
Re-Analysis when Upgrading
- When updating from 7.4.x, drop-in.
- When updating from 7.3.x or earlier, a full re-analysis via backup is required.
Version 7.4.18
Fixes
- Polarion: The work item history was always retrieved for all fields, even when only some were relevant
- Polarion: History could not be retrieved for some work item types
- Code snippets were always considered to be on the default branch when being added to a task
- False positives for check "Object comparison with the same Object" when using XCTest assertions for Objective-C
Version 7.4.17
Fixes
- False positives for "Redundant parentheses" check in Python when return statement was a tuple with a single element
- False positives for "Bad assignments" check in Objective-C
- Timeout and out-of-memory issues occurred when showing specification item metric trends on a dashboard
- Polarion: Import failed if a very large number of work items were updated
Version 7.4.16
Fixes
NullPointerExceptioninSimulinkDataTypeResolverFromInputin case of unconnected signal lines- Requirements Tracing: Specification item query produced a delay on every keystroke
Version 7.4.15
Fixes
- Method History view did not include a partition selector
Improvements
- Improved execution speed of ESLint
Version 7.4.14
Fixes
- Specification item queries using the
Size()functionality on custom relationships failed after restart - "Multiple statements in the same line" check flagged instances were a macro would introduce another semicolon at the end after expansion
AssertionErrorinLineOffsetConverterin case of mismatched information from Clang plist reports- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-44832
Improvements
- Intellij Plugin: Clarified pre-commit dialogue rationale in case of empty pre-commit
Version 7.4.13
Fixes
- ABAP connector was not able to operate with git main branches other than "master"
- Sorting for specification items in the Requirements Tracing perspective did not work correctly for all columns
Version 7.4.12
Fixes
- C++ keyword
_Static_assertwas handled differently from the macrostatic_assert - Polarion: Relationship entries were not displayed in the specification items table
- Errors reading ABAP Code Inspector findings with long include names
Version 7.4.11
Fixes
- Execution Status view showed an error when viewed during project deletion
- Polarion: Some items were not fetched if the Polarion server timezone was different from the Teamscale server timezone
- Polarion: Spec Items relationships were not updated reliably
OutOfMemoryExceptionexception in theTestCaseExtractionSynchronizerSvnChangeRetrievercrashed withNullpointerExceptionin very rare cases- Instance Comparison view broke in case of large snapshots
- The NetBeans plugin suppressed some notifications incorrectly
- IntelliJ plugin: Fixed timeout when computing auto-created prefix mappings
- Intellij plugin: Fixed possible
AlreadyDisposedExceptionwhen working on several project simultaneously - Log4j2 version upgraded to avoid vulnerability due to CVE-2021-45105
Version 7.4.10
Fixes
- Sorting tolerated or false-positive findings in the Delta perspective by date was done alphanumerically instead
- "Critical System Health" warning made the fields on the header bar inaccessible
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-45046
Version 7.4.9
Fixes
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-44228
- Code reference links in the spec item details view didn't use the correct branch
- False positives in the comment completeness analysis when analyzing first attributes/methods in Kotlin classes
- Postponed Rollbacks column in the projects list view displayed "undefined" during project reanalysis
- The Code tab in the finding details view did not correctly render in case of data-flow findings
- Azure DevOps was not listed as a supported requirements tool in Teamscale's documentation
Version 7.4.8
Fixes
- Entering a space in the project selector selected the active element
- False positives in the naming convention analysis for C# when using the
initkeyword - Assignee column values in the issues table were rendered incorrectly
NullPointerExceptionin theHanaDependencyExtractionHandler- Findings marked as tolerated or false positives were not correctly filtered according to the selected commits and path in the Findings Churn page in the Delta perspective
- False positives for "Multiple statements in single line" check in TypeScript in case of nested lambdas
Version 7.4.7
Fixes
- Link to the Delta perspective from a Findings Churn widget did not apply the selected filters
- Opening a link provided by Copy Link did not highlight the selected source code in the Findings perspective
- Summary counts in the findings list view did not respect baseline settings
- Findings export did not contain all findings properties
- Branch selector did not show the correct pre-commit branch name
- Permission list was shown outside the viewport in the Edit Role Permissions dialog
- Validation of SVN projects did not work if the start revision was newer than the latest commit but there was a commit after the start revision at the repository root
- Adding custom fields caused validation errors for the Jira connector
TestExecutionMergerrequired excessive memory in some cases- Rollbacks were postponed even during the initial analysis phase or when executing force rollbacks
- False positives for "Declarations should be part of a namespace" check
- False positives for unused variable analysis in C# when using generics
- IDE plugins constantly requested unavailable pre-commit results in case the Teamscale license was expired
- IntelliJ plug-in: IntelliJ logged gratuitous warnings
Improvements
- In the architecture editor, the enablement state of policy buttons is now easier to discern
Version 7.4.6
Fixes
- "Shortening overly long finding message" errors were thrown when tracking some external Clang-Tidy findings
- Import backup service required JSON Accept header when using the versioned API
- "Path entry value was null" error was sometimes thrown in
NameBasedElementHistoryMatcherunder special circumstances UnsupportedOperationExceptionsometimes occurred inJiraIssueUpdatePostAnalysisTrigger- Review findings with similar messages and/or same location were not handled properly
- Metric treemaps contained unexpected entries in case some folder names were prefixes of other folder names
NullPointerExceptionwhen parsing C++ template parameters- Artifactory repository preview sometimes failed with an error
- Eclipse plug-in sometimes did not display findings after pre-commit analysis
- Eclipse plug-in failed to load findings
- Marking findings as false-positive from the IDE plug-ins resulted in an error
Version 7.4.5
Fixes
- C++
if constexprwas considered coverable - Parsing of LLVM coverage reports failed if execution count exceeded range of integer
- Polarion spec items that were created/edited while the
PolarionSynchronizerran were not fetched from Polarion - Rollback loop occurred in rare case on certain Git repositories
- Teamscale sometimes added check annotations to unchanged files in GitHub and Azure Dev Ops pull requests
- Security leak in the
SocketTimeoutExceptionwarning logs for the Azure DevOps connectors - False positives for "Use of enclosing braces, partial array initialization, multiple initialization of array elements" check in C++
NullPointerExceptioninClangTidySynchronizer- Teamscale could not read external report files larger than
50 MB - Teamscale did not accept relative working directories
- LCOV's exclude directives for branch coverage were not taken into account
- Qt's
foreachloop was not correctly handled by certain checks SourceCodeDownloadServiceonly supported downloads for media typeapplication/octet-stream- Project Backup Import view did not report the correct processing state when uploading large backup files
- Teamscale did not support some Matlab keywords
NullPointerExceptionoccurred when creating support request- Cache Hit percentage bar in System Information view showed wrong value
- Link to architecture for violations in the Findings Details view were hardly clickable
- Findings paths in the Findings perspective were rendered incorrectly
- Description for check "forbidden memory management functions" was incomplete
- Eclipse plug-in: Context menu actions on findings were not displayed
- IntelliJ plug-in: IntelliJ logged gratuitous warnings
Improvements
- New voting connector include/exclude options specifying which files to vote on
Version 7.4.4
Fixes
- Requests to Teamscale's versioned API with a wildcard request returned 406 Not Acceptable error
- "Non-empty switch clauses have to be terminated unconditionally" check did not support Qt's fallthrough annotation
Q_FALLTHROUGH - User links in the issue detail view did not work
- Issue history trend chart started at January 1, 1970
- Backup export options did not correctly handle multiple partitions
ABAPLintFindingsSynchronizerdid not log full details in case of errors- Importing backups containing test execution queries sometimes failed under certain circumstances
- False positives in nesting depth analysis in Swift
- Some branch names were missing in case no files were processed since the creation of the branch
- "Multiple subsequent parameters of same type" check was not configurable
- Findings of type "Avoid comparisons to boolean literals" were sometimes incorrectly tracked and adjusted
- Eclipse plug-in could not optionally be installed without the Equinox Dynamic Tracing Enablement UI (
org.eclipse.ui.trace) - Eclipse plug-in did not respect file encoding for marker creation
- Eclipse plug-in: Having no Teamscale project configured led to an empty pre-commit dialog that did not give the user any indication of the underlying problem
Version 7.4.3
Fixes
- Findings for Simulink Data Dictionary files could not be displayed
- Checks for newly activated tools were not added with their default enablement for existing analysis profiles
GitChangeRetrieverwould repeatedly log warnings for the same postponed rollback- A Task slide could slow down the entire report if it contained a lot of code snippets
- Review status change commits were not shown in the Resource History view
- Global constant variables in JavaScript were not treated as constants when checking naming conventions
- Simple guard clauses in Swift were treated as multiple statements per line
- Commonly used empty constructors in C# were reported as empty blocks
- C# Records were parsed incorrectly
- Polarion custom fields were not imported when a project was restored from a backup
- Using
tryas identifier in plain C code caused parsing errors
Improvements
- The LLVM coverage report version 2.0.1 is now supported and respects branch coverage information
Version 7.4.2
Fixes
- Code Review Status was sometimes misleading
- Spec item reference highlighting did not work when an architecture path was used
IndexOutOfBoundsExceptionin the Method History view for certain branching scenarios- Commit view was broken when project threshold profile was incorrectly set
ClassCastExceptioninSimulinkDataDictionaryIndex- Login with GitHub failed when GitHub application was set up for any GitHub instance other than github.com
- Interaction log didn't show timestamps of the commits in a human readable format
- False positives for "Avoid using 'out' on parameters" check in C# in case of
externdeclarations - Eclipse plugin crashed while loading stored preferences
Version 7.4.1
Fixes
- Project reanalysis led to fatal inconsistencies in the Test Gap data
- IntelliJ plug-in:
ExceptionInInitializerErrorwhen starting the plug-in - Test metrics table did have the option to abbreviate long values
- C# comment analysis did not correctly interpret internal classes and methods
- Spec item reference highlighting was not working with architecture paths
- False positives for "Non-empty switch clauses have to be terminated unconditionally" check in C++ in case an assert was used as a terminating statement
- Project permissions that were assigned to a secondary project ID were not shown in the UI
- Review rating assessment metric was inconsistent with the review status button
- Findings list in the code view was not updated after a review finding had been added
- Polarion connector did not fetch documents from subfolders
- Project import failure error message was unclear and not meaningful
- False positives for C# naming conventions in case of init-setters
- Login via GitHub failed in case non-Github projects had been imported to Teamscale
NullPointerExceptioninTgaTrendServicein some cases- Error message when switching between the different views too quickly
Improvements
- Improved documentation for NGINX reverse proxy
Version 7.4.0
Major Features
- Analysis Support for Transact-SQL (T-SQL)
- Rule Browser now shows which rulesets (e.g. MISRA) a check belongs to
Web UI
- Test page: Test detail view now shows related commits for failed tests
- Ability to filter impacted tests by partitions in the Delta perspective
- Requirements Tracing perspective now persists the selected tab in the URL
- Metric Scatter Plot widget now supports test queries, spec items and issue metrics
- Pyramid widget was renamed to Stacked Bar Chart and now allows metric selection for paths
Analysis
- Support for spec items and test queries in threshold profiles
- Basic support for Testwise Coverage V2
New Checks
- "Object comparison with the same Object" check (C++, C#, Java, JavaScript, Objective C & Python)
- "Test for
NaNcorrectly" check (C++, C#, Java, JavaScript & Python)
Administration
- New option to prevent/postpone rollbacks that would set the analysis too far back