Newer Release Available
Our current release is available here.
Changelog for Teamscale 7.5
Urgent Security Notice: Teamscale affected by log4shell (CVE-2021-44228)
Teamscale is affected by the widely discussed log4shell (CVE-2021-44228) security vulnerability and its follow-up CVE-2021-45046. A third vulnerability in log4j has been published CVE-2021-45105, but Teamscale is not affected in its default installation. Another log4j vulnerability has been published CVE-2021-44832, which only affects Teamscale if the log4j configuration file can be changed by a third party.
Please update Teamscale to a version released on or after the 4th of January 2022.
Note: The Eclipse/IntelliJ/NetBeans plug-ins are also affected by the security vulnerability. Please make sure to update your plug-ins to the latest versions compatible with your currently deployed Teamscale version.
SNI Hostname Verification (since Teamscale 7.4)
As of Teamscale 7.4, the internal Jetty web server executes SNI hostname verification by default. If you encounter an error "Invalid SNI" when accessing Teamscale, please contact our support
REST XML Interface Removed (since Teamscale 7.0)
As of Teamscale 7.0, its REST XML interface (deprecated since Teamscale v6.0) has finally been removed. This affects only the legacy REST API; the new, versioned API is not affected. You have hence two options:
- The preferred long-term solution is to migrate to the new, versioned REST API, i.e., to use REST endpoints like
…/api/v7.0.0/…
. - A temporary solution is to keep using the legacy REST API but always send an
Accept: application/json
request header and accept JSON rather than XML responses. Note, however, that the legacy REST API will be deprecated and subsequently removed, too.
Changed Voting Behaviour for Bitbucket Server Integration (since Teamscale 6.7)
As of Teamscale 6.7, the Enable Voting option in the Bitbucket Server connector will only add the findings badge to the pull request description. Please enable the Enable pull request review option, if you want Teamscale to also review pull requests.
Changed Permissions when Using Docker Image (since Teamscale 6.3)
As of Teamscale 6.3, Teamscale is no longer executed as the root user in the Docker container, but as user teamscale
(UID=1000). Please make sure to either allow this user to access the mounted directories and files or add a user mapping to your docker-compose file, e.g. user: technical-user
, which refers to a user whose permissions should be mapped to teamscale
.
Java 11 Required (since Teamscale 6.2)
As of Teamscale 6.2, running the Teamscale server requires a Java Runtime Environment, Version 11 or later.
Changed Resolving of Configuration Files (since Teamscale 6.0)
- As of Teamscale 6.0, all configuration files are loaded using the same logic. In particular configuration files in the process working directory take precedence over ones in the Teamscale installation.
- Relative paths specified in configuration files will always be resolved to the working directory. The working directory usually equals the installation directory unless explicitly changed.
- Custom check JAR files can be deployed in a directory relative to the working directory and installation directory.
- Searching for a Teamscale configuration file
teamscale-config.properties
in the installation root directory. Use the fileteamscale.properties
in one of the config directories. - Searching for a license in the installation root directory, or a directory specified by the Java system property
teamscale.license.path
is no longer supported. Use the environment variableTEAMSCALE_CONFIG
to specify a separate configuration directory or pass the license using theTS_LICENSE
environment variable if you cannot place the license in one of the config directories. - The administrative service to read and write configuration files via the Web API (
config-files
) has been removed.
Re-Analysis when Upgrading
- When updating from 7.5.x, drop-in.
- When updating from 7.4.x or earlier, a full re-analysis via backup is required.
Version 7.5.22
Fixes
- Merge request comments were not deleted when comment limit was exceeded
- Gerrit votes were skipped in certain scenarios
Version 7.5.21
Fixes
- Concurrent uploading of multiple external analysis results blocked the creation of other sessions in some circumstances
Improvements
- Artifactory: Improved content retrieval performance for large changesets
Version 7.5.20
Fixes
- Coverage data exported by XCode 13.3 couldn't be parsed
- Metrics for issues or specification items were not reliably updated due to caching
Version 7.5.19
Fixes
- Parsing of nullable variables in Visual Basic did not work correctly
Version 7.5.18
Fixes
- False positive for "Redundant parentheses" check when using generic constructor calls in Python
Version 7.5.17
Fixes
- Incorrect keyboard shortcut displayed for command Add finding to task
- Yellow assessment in Metric Slide in Reports view displayed incorrect information
- Branches without coverable lines were considered as covered
- Branch selector was not scrollable
- Test references became invalid, when test file was changed in the target branch of a merge
- In-line comments on merge requests were sometimes too long
- Analysis results integration were scheduled for the same commit in rare cases, resulting in errors
- New methods in merge requests were sometimes not displayed in the Test Gaps Treemap
- The Execution Status view sent too many update requests
Version 7.5.16
Fixes
- Stack overflow while parsing Typescript for lambdas nested in ternary operator statement
- Using relative dates in project configurations could cause unexpected rollbacks on configuration change
- Stack traces were not rendered correctly in the Test Details view
GerritAnalysisResultUploadTrigger
threwNullPointerException
in rare cases
Improvements
- Enhanced error reporting for S3 connector validation
Version 7.5.15
Fixes
- TFS library version was updated to be compatible with Java 11
- Polarion work items without document stalled complete work item import
- Teamscale sometimes voted on the wrong commit in merge requests
Version 7.5.14
Fixes
- Rollbacks did not work correctly for renamed branches in git
- Parsing issues for regex in Javascript/Typescript template string
- Parsing issues for unconnected lines and colons in Simulink models
Improvements
- Code view: Improved indicators for pending review comments
Version 7.5.13
Fixes
await foreach
expressions in C# were not parsed correctly- Polarion: The work item history was always retrieved for all fields, even when only some were relevant
- Polarion: History could not be retrieved for some work item types
- Code snippets were always considered to be on the default branch when being added to a task
- False positives for check "Object comparison with the same Object" when using XCTest assertions for Objective-C
Version 7.5.12
Fixes
- False positives for "Each variable should be declared in a separate statement" check in Objective-C
- False positives for "Redundant parentheses" check in Python when return statement was a tuple with a single element
- False positives for "Bad assignments" check in Objective-C
- Timeout and out-of-memory issues when showing spec item metric trend on dashboard
- Import of large number of Polarion work items failed
Improvements
- Improved performance of synchronization of test metrics for code files in case of many test report uploads
Version 7.5.11
Fixes
- Parsing of generic type declarations followed by an assignment or arrow operator in TypeScript did not work correctly
- Test coverage partition indicator showed "No test coverage in partition:" even when all partitions had test coverage
- Adding new slides in the Reports view was broken in some cases
- Typing in a callout in the Reports view was offsetting the page to the left
- Tolerated and false positive findings were not correctly transferred between Gerrit branches
- False positives for "Value assigned to variable ... is never read" check when a variable was assigned and read in the same statement
- False positives for the checks "Avoid usage of implicit int" and "A compatible declaration shall be visible with external linkage" for static anonymous structs
Version 7.5.10
Fixes
- Report slide position was not persisted after drag and drop
- Java modules were not parsed correctly
- False positive for "Switch statements should have default case" check for Java
- Impacted Specification Items table in the Merge Request view was too wide for long specification messages or filenames
- Projects with failing connectors could not be imported from backup using the option "skipping project validation"
- ABAP: Issues with coverage recording were sometimes not detected
- AssertionError during export of ABAP code
Improvements
- Polarion connector now supports a start timestamp for the work item history
- Clarified description for "Interface comment missing" check
Version 7.5.9
Fixes
TestClassNamingConventionCheck
did not respect non-default naming patterns- Parsing Visual Basic code did not work correctly for string concatenations over multiple lines
- Incorrect parsing of Kotlin string/character literals containing the unicode literal
\u000a
(linefeed) - Visual Studio Extension did not work with Visual Studio 2017
- Compare view: Issues and specification items were not referenced in code comments when comparing two code snippets
- Findings Churn view broke Delta perspective if alerts were included
- Dependencies in POM file were incorrect for
eu.cqse.check
- Sorting findings in the Findings perspective did not work while the right sidebar was collapsed
NullPointerException
inSimulinkDataTypeResolverFromInput
in case of unconnected signal lines- Requirements Tracing: Spec Item query produced a delay on every keystroke
Version 7.5.8
Fixes
NullPointerException
in Artifactory connector got Teamscale stuck in an endless loop- Web UI did not work for Safari due to unsupported regex construct
- Test Impact Analysis delivered incorrect selection and prioritization
- "No coverage in partitions" message was displayed multiple times in the Code view
- Encoding information in Simulink MDL files was ignored if it was not present at the beginning of the file
- Some HTTP calls did not have a default timeout, causing triggers to get stuck on external API calls
- ABAP Code Exporter created empty commits in some cases
- Markers for multi-line findings in the Code view contained gaps
- Some Simulink checks produced different results with newer Matlab versions
- Method History view did not include a partition selector
Improvements
- Improved execution speed of ESLint
- Better error handling in the Merge Requests view when a merge request could not be found
Version 7.5.7
Fixes
FileNotFoundException
thrown during startup due to "too many open files"- Prometheus metrics could not be parsed
- Filtering in the Findings perspective did not work for finding categories with commas in their name
- "Added methods" merged from feature branches were not always respected for issue-based Test Gap Analysis
- Test Query view treemap broke when resizing the window
IndexOutOfBoundsException
inCLikeConditionExtractor
- IDE Plugins: Pre-commit results were not helpful if the casing of a file differed from the casing on the server
- False positives for "Avoid using ternary operator" check in C# when using null conditional operator
- False positives for "Unused variable or parameter" check for Java if qualified type names contained annotations
- False positives for "Assignment of a variable to itself" check for C++ due to macro expansions
- False positives for "Not all parameter names are specified" check for variadic template functions in C++
- Specification item queries using the
Size()
functionality on custom relationships failed after restart - "Multiple statements in the same line" check flagged instances were a macro would introduce another semicolon at the end after expansion
AssertionError
inLineOffsetConverter
in case of mismatched information from Clang plist reports
Improvements
- Intellij Plugin: Clarified pre-commit dialogue rationale in case of empty pre-commit
Version 7.5.6
Fixes
- File-scoped namespaces were not supported in C#
- Visual Studio plugin: "Open in Web Browser" did not redirect to the correct Code perspective
- Project Edit view was broken in Safari due to calls to "window.requestIdleCallback"
- Clang-Tidy integration was not able to resolve all included files
- Positions of Simulink block annotations were calculated incorrectly for large annotations
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-44832
- ABAP connector was not able to operate with git main branches other than "master"
- Sorting for specification items in the Requirements Tracing perspective did not work correctly for all columns
Version 7.5.5
Fixes
NullPointerException
inEmpty Block
check for C#- Opening the Merge Request view was slow if it contained a lot of commits
- False positives in "Unused import" check for Java when referencing inner classes in Javadoc comments
foreach
construct was not properly parsed for C++- Parse Log entries were sometimes not providing a useful location
- Intellij Plugin: Collapse/expand buttons in Finding window did not work correctly
- Job queue was not updated after changing a project's public ID
- C++ keyword
_Static_assert
was handled differently from the macrostatic_assert
- Polarion: Relationship entries were not displayed in the specification items table
- Errors reading ABAP Code Inspector findings with long include names
Improvements
- New check option for Simulink check
jc_0702
"Check usage of numeric literals in Stateflow" to allow numeric literals as array indices
Version 7.5.4
Fixes
- Prometheus monitoring endpoint was failing with a "500 internal server" error
- Markdown rendering for markdown slides in the Reports view was broken
- False-positives for "Check usage of the Saturation blocks" check in Simulink
- False positives for "Non-void function should return a value" check when using
std::enable_if
- Incorrect message "Coverage data from..." was shown in the Code view, despite deselecting all coverage sources
- Project Edit view was very slow if a single project used a lot of connectors
- Issue findings badge layout was broken if Teamscale was not tracking the issue
- Execution Status view showed an error when viewed during project deletion
- Polarion: Some items were not fetched if the Polarion server timezone was different from the Teamscale server timezone
- Polarion: Spec Items relationships were not updated reliably
OutOfMemoryException
exception in theTestCaseExtractionSynchronizer
SvnChangeRetriever
crashed withNullpointerException
in very rare cases- Instance Comparison view broke in case of large snapshots
- The NetBeans plugin suppressed some notifications incorrectly
- IntelliJ plugin: Fixed timeout when computing auto-created prefix mappings
- Intellij plugin: Fixed possible
AlreadyDisposedException
when working on several project simultaneously - Log4j2 version upgraded to avoid vulnerability due to CVE-2021-45105
Improvements
- Documentation: How-to on collecting coverage of JavaScript applications added
Version 7.5.3
Fixes
- The branch chooser displayed the internal pre-commit branch name
- Eclipse plug-in did not respect baseline settings
- Sorting tolerated or false-positive findings in the Delta perspective by date was done alphanumerically instead
- "Critical System Health" warning made the fields on the header bar inaccessible
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-45046
Version 7.5.2
Fixes
- Log4j2 version upgraded to avoid vulnerability due to CVE-2021-44228
- Connection settings in the Jira connector were sometimes reset when editing a project
- Code reference links in the spec item details view didn't use the correct branch
- False positives in the comment completeness analysis when analyzing first attributes/methods in Kotlin classes
- False positives in the comment completeness analysis when analyzing local named functions in TypeScript
- Postponed Rollbacks column in the projects list view displayed "undefined" during project reanalysis
- The Code tab in the finding details view did not correctly render in case of data-flow findings
- Azure DevOps was not listed as a supported requirements tool in Teamscale's documentation
Version 7.5.1
Fixes
NullPointerException
inTestCaseExtractionSynchronizer
when deleting paths which no longer existedIllegalArgumentException
inAnalysisReportPersister
when processing test names containing forward slashes- "Macro names should consist of uppercase characters and underscores only" check did not allow a trailing underscore
- Boolean fields were not copied correctly when copying a repository connector
- A large white gap was rendered in the System Information page
- Simulink integration ignored some entry types in model workspace and data dictionaries
- False-negatives in "Check unused data in Simulink Model" check
- SVN externals were not properly deleted in some cases
- Line highlighting information was dropped when removing timetravel in the code view
- Code outline caused an error when opened via a file from an architecture path
- False positives in the naming convention analysis for C# when using the
init
keyword - Assignee column values in the issues table were rendered incorrectly
NullPointerException
in theHanaDependencyExtractionHandler
- Findings marked as tolerated or false positives were not correctly filtered according to the selected commits and path in the Findings Churn page in the Delta perspective
- False positives for "Multiple statements in single line" check in TypeScript in case of nested lambdas
Improvements
- Improved the performance of
ExternalAnalysisReportArchiveCleanupTrigger
and reduced its long running time
Version 7.5.0
Major Features
- New Model Advisor Simulink Checks
- New S3 Connector
- New Test Case Selection and Prioritization View
- Support for OpenID Connect for Single Sign On (SSO)
Web UI
- Alternative representations of the Verification Matrix views
- Graph visualization of requirement queries
- Dashboards can now be grouped
- Code snippets in the finding detail view can now be expanded to show the entire file with all findings
- Code snippets in the finding detail view now support macro expansions
- Findings generated by external tools are now marked as such in the findings detail view
- More than one programming language can now be selected in the Rule Browser
- The Rules Browser now shows the quality indicators inside the left pane
- Finding Creation option must now be explicitly set for architectures
Voting Connectors
- New option to limit the number of comments that Teamscale posts to merge requests
- SCM-Manager: Support for updating merge requests' status in the Merge Requests page
Analysis and Tools
- Support for uploading and parsing of jQAssistant reports
- Support for the partial flag in Testwise Coverage V2 reports
- CppCheck rules were updated to the latest 2.6 version
- "Avoid leaving deprecated classes/methods/fields" check now supports Kotlin
New Checks
- "Avoid using a semicolon after a macro definition" check (C/C++)
- Around 90 new checks have been activated for Java and PHP, including security-related checks
Test Case Extraction
- Extraction of JUnit test cases
- Parameterized test executions are now squashed into one test case in the test detail view
IDE Integrations
- Visual Studio Plug-in is now compatible with Visual Studio 2022
Administration
- New option to provide a declaration of accessibility (Barrierefreiheitserklärung) upon login in the configuration directory
- "Missing braces for block statements" check can now allow conditionals/loops without braces in case of one-line statements containing specific keywords (e.g.
break
,continue
,return
, etc)