Here we are again with the amazingly cool stuff in Eficode ROOT:

  1. Confluence 7.x updated with refreshed plugins
  2. GitLab 15.8 with SCIM
  3. JFrog platform level-up
  4. SonarQube Current 9.8 and the upcoming 9.9 LTS
  5. Monthly updates for Jenkins

While gearing up for the Confluence 8.x major upgrade in the background, Eficode ROOT brings a refresher for the current Confluence 7.x with our February release.

Are we nearly there yet?

Even though Confluence 8.0 was released a bit earlier than we anticipated – at the time of writing this, the first Confluence 8.x release has been out for approximately two months – we’ve decided to stay with 7.19.x for the time being. 

There are a couple of reasons for this. First of all, Eficode ROOT has always been geared towards providing consistent, continuous quality. A solid foundation. That’s why we tend to lean towards a more conservative approach to version selection, preferring long-term stability over a new bleeding edge feature set. Whilst Atlassian have already fixed a number of bugs in 8.0.x patch releases, the vast amount of changes under the hood could still possibly result in unwanted behavior and unnecessary headache. All of which will end up being fixed eventually, of course.

The changes to Confluence internals have also necessitated changes to various plugin implementations. Some plugins that are in use in Eficode ROOT have yet to be confirmed to be fully compatible.

We expect all of this to be well sorted for Confluence 8.x rollout on Eficode ROOT before the summer.

That update for Confluence 7.x

In our February release, Confluence gets an update to version 7.19.5 along with a full set of refreshed plugins.

This version of Confluence patches some annoying bugs, such as:

Check out the Confluence 7.19 release notes on atlassian.com for a complete overview of fixes contained in this version.

News from the Confluence ecosystem

An Atlassian update wouldn’t be complete without a healthy dose of new plugins. Check out these highlights for our carefully curated Q1/2023 selection.

Cenote Lockpoint - Attachment Check-out

Cenote lockpoint receives a major update to version 3.0.1 with major architectural changes. Frontend and backend architectures have been revised, with numerous upgrades to various components for improved stability and performance. This release includes a storage format change and the corresponding automated one-time migration/upgrade task.

Also, the Space Attachments macro now displays the user's display name, rather than the username, when displaying a list of locks in a space.

See the Lockpoint Server 3.0 release notes on cenotelabs.com for a detailed list of changes included in this major upgrade.

draw.io Diagrams & Whiteboards

Draw.io plugin gets a level-up to release 11.0.9 which ships with a load of new features and enhancements.

There’s an option to mark a diagram with a sensitive label, which will prevent it from being listed as a recent diagram or appearing in the diagram search results. Check out the instructions for using sensitive label on diagrams.net for more details on this one.

The other feature additions include a new integrity checker utility in the draw.io admin section, which can be used to scan and check all draw.io macros, and this release also adds support for tags in lightview view.

In addition to the new features, this release also

  • Fixes custom templates order to match Confluence page tree order.
  • Fixes links following and tooltips when embedded in the expand macro.
  • Fixes label jumps when exporting from lightbox viewer.
  • Improves on macro alignments when embedding within other containers.
  • Fixes issue with certain vsdx diagrams erroring on import.

ScriptRunner for Confluence

Our Jira received the ScriptRunner major update from 6.x to 7.x along with the Jira’s major bump to 9. Now it’s the turn for Confluence to get the same ScriptRunner update to the latest in the 7.x line, version 7.9.0.

The new features and breaking changes are - for all intents and purposes - same as they were with Jira. ScriptRunner updates its internals to Groovy 3. The language parser has been reimplemented in Groovy 3, which brings a number of syntax improvements that bring the syntax closer to that of modern Java. There are also additional operators, for example !in and !instanceof, === and !=== for identity comparison and null safe subscript operators, respectively.

But there are also known breaking changes in Groovy 3. Some classes have been relocated to different packages (see the details at groovy-lang.org). And there are some additional breaking changes carried by the Groovy 3 release, for which details can also be found on groovy-lang.org, on the Release notes for Groovy 3.0. Be sure to check out ScriptRunner 7.x Release Notes on adaptavist.com as well.

Refined for Confluence | Sites & Themes

Refined is updated from the current 7.0.x to the latest and greatest version 7.2.3.

This release brings the first version of Refined for Jira integration, which allows you to bring more content from your linked Jira and Jira Service Management installations with Refined for Jira to your Confluence. In this first phase you can include sites from Jira directly in your Site Switcher in Confluence, allowing direct navigation to the sites linked via the integration.

Additional integration features, such as configurable User Menu and integration with Layout Modules from Refined for Jira are already in the works. Check out the Integrations page on refined.atlassian.net for more details on current and future integrations. 

There’s also a new Theme Editor 2.0 with major improvements to performance and usability, a new Image Bank feature, possibility to import themes from Refined for Jira and JSM into Confluence and a new Announcement type of banner to announcement banners. There are also a host of other fixes, improvements and enhancements, all of which you can conveniently find on the Version 7.x release notes page on help.refined.com

GitLab 15.8 arrives on the Eficode ROOT Platform in February.

SCIM support for user provisioning

This release of GitLab ships with GitLab’s first version of SCIM (System for Cross-domain Identity Management) provisioning support, which allows you to automatically create and deactivate user accounts with an SCIM-capable identity provider, such as Azure Active Directory or Eficode ROOT Team Management.

Unfortunately there’s no support for SCIM-based provisioning of groups yet, which would be pretty awesome especially when combined with RTM. But we’re keeping our fingers crossed for this one!

Everybody loves queueing, right?

You’ve started your CI/CD job, but it’s going nowhere. Stuck in the queue. That’s fine, queueing is fine. But today you’ve got things. How much longer?

If you’re a GitLab Ultimate user, it’s your lucky day! You can now use science to get a median estimated wait time for all your runners right here, right now. Not only can you use it to guesstimate when the job for the day is done, but also it will allow you to identify potential bottlenecks in your CI/CD runner fleet.

Check out the Runner documentation on gitlab.com to see how it works. 

Guess what? There’s more!

As always, you can find the complete and very detailed list of changes for GitLab 15.8 on the GitLab 15.8 release announcement on gitlab.com.

Artifactory and Xray get updated to 7.49 and 3.65, respectively. Find out our highlights of the new features below.

API key deprecation process stage 1

This release of Artifactory will officially begin the API key deprecation process in favor of more secure authentication methods.

Stage 1 of the deprecation process – this release – is about identifying the problem. It is now possible to log users’ authentication methods. This will allow you to identify those users who are using an API key for authentication, thus making it possible to warn them in advance and help them migrate to other authentication methods before it’s too late.

Upcoming stage 2 (planned for the end of Q3, 2023) will block the usage and creation of API keys by default. There will still be an option to re-enable them in case something solid ends up hitting the fan.

And finally, stage 3 some time in late 2023 will remove the API key functionality altogether. Option to use them for authentication will cease to exist.

Artifactory npm enhancements

Our Artifactory for February also ships with various npm related improvements many NodeJS developers undoubtedly have been waiting for.

First of all, the npm authentication API and the “Set me up” feature have been updated to support the new authentication method used by  npm login in version 9.x. Things should return back to being smooth as they were with this new Artifactory.

There’s also support added for npm-audit bulk REST API commands, which will allow using  npm audit fix with Artifactory again.

npm deprecation flow handling has also been simplified. Now, npm deprecations will be reflected in the package.json file, and in case of lacking permissions, npm client will also return an appropriate error message to indicate this.

Enhancements for Xray Jira integration

Version 3.65 of Xray delivers functional enhancements to the Xray Jira integration feature, making it easier to track the progress of mitigating identified vulnerabilities and problems.

There’s now support for creating Jira tickets manually for any violation from Xray UI. The other feature enhancements include:

  • An icon that is displayed next to all of the security violations as an indication of a Jira issue being assigned to it.
  • Jira tickets can be easily accessed from the Xray UI.
  • Enhanced Jira ticket structure to include the following: Operational Risk, License Violations, Regular and High profile Security Vulnerabilities

For more information on the Jira integration overall, please refer to Xray Jira Integration documentation on jfrog.com

Assorted Xray improvements

There are also a number of other improvements delivered with our Xray for February, such as:

  • Support for on-demand scans of OCI image tarballs using the JFrog CLI jf scan command. It can scan Docker and OCI image tarballs built with Kaniko and Podman.
  • Exported reports now include ignore rule status and notes.
  • The user experience of the Scans List page has been improved; there’s the ability to expand or collapse the tree in one click, and the ability to search in all hierarchies of the tree.

Be sure to check out the JFrog Xray Release Notes on jfrog.com for full list of changes in this Xray update. 

Since our previous blog, SonarSource has announced that SonarQube 9.9 will be the new LTS! And that it’s going to be out very soon. There’s also a new SonarQube Current version 9.8 on Eficode ROOT this month.

SonarQube Current 9.8 is faster and better

PR analysis speed & accuracy improvements continue

Following the improvements already made to Java, JavaScript and Typescript, it’s now the turn of Kotlin developers to reap the benefits of the new server-side caching mechanisms. And similar to the earlier implementations, Kotlin scanning will only analyze the changed files in a PR.

Enterprise edition users also receive enhanced parallel processing for all languages. The Compute Engine implementation has been updated so that branches will no longer block PR analysis reports from the same project, and different PRs from the same project no longer block each other.

Ensure your cloudy JavaScript with AWS CDK is up to snuff

Continuing from the AWS CDK improvements for Python in the previous SonarQube Current release, this one will add similar set of rules for JavaScript on AWS CDK, with nine new rules on the topic of encryption at rest and in transit, three rules around public access, networking, and firewalls and four rules to cover permission and access control.

C++20 concepts, better taint analysis presentation and other new features

This release of SonarQube will deliver support of the highly-anticipated C++20 concepts, in the form of six new rules to help you use them well.

As part of SonarSource's ongoing initiative to offer deeply educational security content, they've rewritten taint analysis rule descriptions for Python, PHP, JavaScript and TypeScript to provide developers deep context and framework-sensitive patch advice.

Taint analysis rule implementations have also been improved for all languages to provide clearer reporting on the paths through the code that led to the issues raised by the analysis.

Navigate to SonarQube 9.8 Release Announcement on sonarsource.com to learn more about SonarQube 9.8 and its other new features!  

On the upcoming 9.9 LTS

In our previous release blog we hypothesized on the next SonarQube LTS – and it turns out we weren't too far off with our guesses. On January 13th SonarSource officially announced the release of 9.9 LTS for February.

This means you can expect to see all the exciting new features of SonarQube 9.x in LTS guise on your Eficode ROOT platform in April or May. More news to follow. Watch this space!

If you would like to get a sneak peek of the new LTS, SonarSource has got you covered with a live release webinar on February 16th. You can find the registration form at https://www.sonarsource.com/products/sonarqube/downloads/lts/lts-9-9-is-coming/ 

A new LTS (2.375.x) saw the light of day on Eficode ROOT in January, which gets a traditional follow-up this month with a patch to 2.375.2 LTS. As always, there’s the usual round of plugin updates, an assortment of enhancements here and there with no breaking changes indicated.

Since all Jenkins deployments have a certain level of uniqueness to them, please check in with your friendly Eficode ROOT support team for a list of updates specific to your Jenkins instance.

Published: Feb 9, 2023

Updated: Jul 19, 2024

Eficode ROOTrelease notes