A fresh start for a fresh twenty-two. Our December was a bit quieter, apart from that Jira 8.20.1 update which was sparked by the recent discovery of the UTF-8 hidden characters problem. That was then, but this is now wow:

  • Confluence will get an update to version 7.15,
  • Container scanner Anchore Engine gets a bump to v1.1.0,
  • Jenkins gets a bit of modernization with version 2.319.1 LTS,
  • JFrog’s Artifactory and Xray get updated to 7.29.7 and 3.38.2 respectively,
  • SonarQube LTS and Current receive patches to releases 8.9.4 LTS and 9.2.2 alike, and
  • Sonatype Nexus Repository shifts all the way to 3.37.0.

The version update from 7.12 to 7.15 mostly focuses on improving security, performance and stability. Thus it is not as feature-packed as some of the past releases.

Improvements to Data Pipeline

You may already have become familiar with the Data Pipeline feature introduced in our previous Confluence release, 7.12. This release will improve the Data Pipeline functionality by adding the possibility of scheduling regular exports directly from the Confluence UI. 

It is now also possible to change the output path for the export, allowing us to flexibly write the data straight to a network-based storage for example.

Import existing events into Team Calendars

Starting with this release it is now possible to import an existing iCalendar (.ics) file into your team calendar. This is useful if you want to import events from an external calendar, or merge two or more existing team calendars into one.

Personal access tokens with non-REST paths

PATs now work for all URLs within Confluence, not just REST. Previously other URLs such as (/plugins/servlet/...) or (/feeds/...) only worked with basic authentication.

Fixes worth your while

This release of Confluence sorts out a bunch of annoyances with inline comments and merging table cells, such as:

  • Null Pointer Exception after checking/unchecking an inline task on a page. You know, that case where tasks appear to be checked and unchecked at random, without any user input (CONFSERVER-59497).
  • Merging All Table header cells with Subsequent Cells break the Table Format (CONFSERVER-73510)
  • Inline comment is broken if a page contains a hidden Page Properties Macro and/or anchor link (CONFSERVER-57800)
  • Cannot add Inline comment (plain text) (CONFSERVER-40019)
  • Cannot add inline comment in a header which have same content with panel header (CONFSERVER-68024)
  • Copy/paste table cells does not work as expected when header cells are merged (CONFSERVER-66275)
  • In Firefox Merging Two Cells of a Table Does not Work (CONFSERVER-60546)
  • Inconsistent behavior with adding a new row while there are merged cells (CONFSERVER-55929)
  • Unable to add a row to a table after merging cells (CONFSERVER-37148)
  • Inline comment is broken if a page contains a link to another page (CONFSERVER-36415)

And then some:

  • 'Epic Link' column causes longer load time for Jira Issue Macro (CONFSERVER-55926)
  • Epic Link does not display on Jira Issue Macro for Epic if it is first entry (CONFSERVER-68005)
  • Duplicate Content Shown When Editing A Page After Modifying An Attachment (CONFSERVER-69074)

Plus lots more, all of which you can find in the Confluence Release Notes at atlassian.com

News from the Confluence ecosystem

Gliffy Diagrams for Confluence

  • New shapes (including chart shapes)
  • New and updated diagram templates
  • Updated Toolkit templates

Draw.io Diagrams for Confluence

  • It’s now possible Draw.io as a white board using the new board macro!
  • Lucidchart mass migration importer has been deprecated

Include Bitbucket for Confluence

  • List your Git Tags from Bitbucket on any Confluence page

Open API Documentation for Confluence

  • Improved support for private GitLab repositories
  • Link to the API definition JSON/YAML in the info header can now be optionally hidden

ScriptRunner for Confluence

Scroll Viewport for Confluence

  • Support for Freshdesk's Help Widget
  • Support of Cell Colors

Smart Terms for Confluence

  • Enhanced UI when single space restriction for terms creation
  • Highlight performance enhancement



Built-in node name will be changing

Jenkins community in their infinite wokeness have, as part of their terminology cleanup effort, decided to introduce the built-in node name and label changes for the LTS release line as well. Going forward the former “master node” will be called a “built-in node”. Slaves became agents a good while ago already, as we all know. Or maybe they were (secret) agents all along?

While we don’t expect this to really affect anything, as we don’t permit Jenkins jobs to run anything on the master node, it is nonetheless good to be aware of this. We will separately assign the label “master” to the built-in node after the migration is applied, to retain compatibility with any previous master node references.

Check out the Jenkins LTS 2.319.x upgrade guide at jenkins.io for more details on this subject. 

UI modernization

This release of Jenkins also continues the modernization effort which started with the "tables-to-divs" initiative a few months back. There's now a more modern "Manage Jenkins" screen, improved "Build History" search bar, new status icons in build history, more consistent tooltips across the Jenkins GUI and all sorts of UI related fixes and improvements.

 

root blog screenshot

Jenkins 2.303.3 on the left, 2.139.1 on the right.

See the Jenkins LTS Changelog at jenkins.io for more details on the changes for this version. 

Plugins for all

In addition to all this, Jenkins naturally gets the usual monthly plugin treatment with all kinds of stuff going on.

Do not hesitate to contact your ROOT support team for a full list of plugin updates applicable to your ROOT Jenkins instance.

Fixes and updates in Artifactory on-prem

This release of Artifactory includes a bunch of fixes and improvements for your repository management pleasure. All of which can be conveniently found via the Artifactory Release Notes page jfrog.com

Improvements have been made to the performance of the internal garbage collection mechanism.

It is also now possible to resolve locally cached NuGet artifacts from a remote repository in the case the remote repository target is down.

This release of Artifactory also adds support for PyPI public remote registry PyTorch (https://download.pytorch.org/whl/torch_stable.htm).

Xray’s new functionality and enhancements

The new Scan Now REST API enables you to index resources on demand, even if they are not marked for indexing. See the Xray REST API documentation at jfrog.com for details.

This release also introduces a new version 2 of Scan Build REST API. More on this on the same Xray REST API documentation as above.

You can now also get information on the scan status of resources via the “Xray data” tab in Packages, Builds and Release Bundles in Artifactory. 

There are also a host of other improvements and fixes, all of which are listed on the Xray Release Notes page at jfrog.com

Xray Jira integration

Oh, how convenient would it be to automatically get Jira issues for all the potential security threats and violations Xray identifies.

Xray now ships with Jira Integration which allows you to do just this! You can set up your own Jira configuration profile in Xray, which enables you to define the correct criteria for your needs, such as issue type, custom field mappings and issue labels.

Check out the Xray Jira Integration documentation at jfrog.com for the supported features. Please get in touch with your ROOT Support if you would wish to integrate your Xray and Jira. We’ll be more than happy to help you get the most out of your toolchain. 

Anchore Engine’s new integrations

Since our last release of the Docker image analysis tool Anchore Engine a lot has changed. This release of Engine now has both Syft and Grype integrations in place, and it also makes the new Grype-based vulnerabilities provider the default for new deployments.

As a result, we will also switch from the current legacy provider to Grype for all of our instances as well. Legacy provider has been deprecated and will be removed in a future release.

There’s also a good number of other improvements and enhancements, all of which you can find in the Engine Release Notes at anchore.io

New and noteworthy in Nexus Repository

Replication support for multiple new formats

In addition to the existing replication support for raw and Maven repository types, this release will add replication support for Docker, npm, NuGet and PyPI formats. Check out repository replication documentation at sonatype.com for details.

Replicator also now runs continuously by default, so there’s no longer need to run a separate bash script.

Metadata rebuild capability for Maven and NPM

The completely new Repair - Rebuild npm metadata task can rebuild corrupted npm metadata based on the components found in the storage of a hosted repository.

The Repair - Rebuild Maven repository metadata task can now recreate hosted metadata files when it encounters one that is an invalid blob reference. This can be particularly useful for those rare situations where restoring a repository from backup was the only option.

Check out the Nexus Repository 3 release notes at sonatype.com for full disclosure. 

Get Current with SonarQube

SonarQube LTS is the standard issue go-to SAST analysis kit for your typical ROOT Platform. Naturally, as its feature set and stability are appreciated by many organizations.

Whilst stability isn’t exactly a bad thing, it does however mean that any new features introduced for SonarQube will have to be properly polished and refined before they qualify for an LTS status. This scrutiny naturally takes its time and requires the early adopters to find and figure out all the bugs and other such foibles.

SonarQube Current is also available for ROOT Platforms. You’ll get the latest release with all its changes and features as part of the usual monthly update schedule. Sometimes the world will be on fire after an update, sometimes it’s not going to be that bad, possibly quite alright, even. That’s the nature of the beast.

The path we decide to follow is of our own choosing. Sometimes it’s the red pill and seeing how deep the rabbit hole goes. Get in touch with your ROOT Service Manager if you feel like stepping into the SonarQube Current would be just the ticket for your operation.

SonarQube’s level-up patches

SonarQube Current gets an update from 9.2.1 to 9.2.2, which provides further reassurance with the Log4J vulnerability (CVE-2021-44228). No supported version of SonarQube was susceptible to the Log4J attack anyway, but this version makes the mitigating JVM startup flag default for the Elasticsearch component for added peace of mind.

SonarQube LTS update from 8.9.2 to 8.9.4 not only includes the same Log4J related “fix” but also some bug fixes to C/C++/Objective-C analysis feature, GitLab and GitHub integration related correction plus it also addresses another vulnerability in the Elasticsearch backend.

Check out the Release Notes at sonarsource.com for full disclosure on both accounts. 

Published: December 28, 2021

Updated: April 19, 2022

Eficode ROOT