This is going to be yet another feature-packed month for Eficode ROOT, with updates to Atlassian’s Confluence, the JFrog platform, Eficode ROOT Team Management and more.

TL;DR:

  • Confluence gets an update to version 7.12.5 along with a bunch of add-on updates.
  • GitLab +1 with the bump to a new major release 14.2.
  • Eficode Root Team Management version 1.8.0 brings improvements for LDAP and Synchronizer.
  • JFrog Artifactory and Xray are updated to 7.24.3 and 3.31.1, respectively.
  • Jenkins receives a bump to a fresh LTS release of 2.303.1 along with a good number of plugin updates.
  • SonarQube’s “Better than ever” LTS just got even better with the update to 8.9.2.
  • Sonatype Nexus IQ is freshened up to the latest release 121.

More insight into your site with Data pipeline

Data Center only

A Confluence Administrator can now export the current state data of Confluence and feed it into a business intelligence platform (such as Tableau). The raw data includes things like titles, URLs, users, and creation and modification dates for pages, attachments and comments.

Using this data, you can, for example:

  • create visualization and reporting on the user activity.
  • gain a better understanding of how your users use Confluence.

Learn more about Data pipeline at atlassian.com

What’s new in the Confluence ecosystem?

Draw.io Diagrams for Confluence 

  • Fixes XML External Entity (XXE) injection vulnerability. This vulnerability allows authenticated users with attachment permissions to send an XXE attack.

Page Tree Creator (formerly known as Space Tree Creator)

  • The Space Tree Creator becomes the Page Tree Creator and can not only create spaces but also pages!

MultiExcerpt

  • Adds the capability to enable/disable inline comments per macro. The setting is in the MultiExcerpt macro and affects whether or not inline comments on content in the body of the MultiExcerpt will be rendered in MultiExcerpt Includes
  • Adds the capability for an admin to separately control the global setting for inline comment rendering in MultiExcerpt Includes vs Confluence Excerpt Includes.

SAML Single Sign On (Confluence SSO)

New User Sync 2.0:

  • Overhauled user interface for easier configuration
  • Improved setup for Google Cloud Identity (formerly known as G Suite)
  • New attribute mapping with presets and transformations for common cases
  • Groovy transformations for advanced use cases
  • Linchpin User Profiles integration
  • Integrated tutorial videos
  • Experimental support for SCIM 2.0 and custom Groovy-driven connectors

PHP Composer repositories receive some love

Artifactory now supports PHP Composer V2, and starting with Artifactory 7.24, Local PHP repositories will automatically be created in V2. Your existing Composer repositories, however, will remain unchanged and Composer V1 will be set as the default for them.

In addition to this, you can also upload Drupal version 7 and 8 packages to remote repositories.

Identity tokens for secure scoped access

You can now create identity tokens in your user profile. Compared to the usual API tokens, which can permit access to everything a user has access to, identity tokens are scoped tokens, which means that they can be used to provide limited access to a certain, defined scope only. Check out User profile documentation at jfrog.com to learn more. 

Numerous feature enhancements in Artifactory

Improved Docker experience

The Docker Remote Repository flow has been improved by reducing the number of requests made towards the remote repository.

There’s also support for Docker Buildx, which allows you to easily build and push multi-architecture images.

Helm Virtual Repositories get namespace support

Namespaces can now be assigned to local and remote repositories in Helm Virtual Repositories, allowing you to explicitly state which of the aggregated repositories to use for fetching a chart. Before, requesting a chart via a Helm Virtual Repository would have simply returned the first chart that matched the requested name, which may or may not have been the one you actually wanted.

Other enhancements

  • The Native artifacts browser - the plain HTML structured tree view into a repository - is now available via the artifact URL or via the artifact’s Action menu. And there’s no need to re-authenticate anymore when accessing it!
  • The Priority Resolution feature has been extended to support Puppet package as well.
  • Metadata retrieval performance has been improved for remote repositories.

And much more, all of which you can find in Artifactory Release Notes at jfrog.com! Be sure to check it out. 

Ensure your dependencies are up to par with the Xray Dependencies Scan

Xray now provides the capability for verifying your Maven, Gradle and npm dependencies. You can scan for possible security and license violations in the dependency packages even before you check in any code. Using the JFrog CLI command line tool, you can simply point it to your source directory and have Xray scan through it -- without having to build or publish the code first.

Using JFrog CLI, you can have Xray scan through the dependencies in your source tree in the same way it would, when run against published artifacts in Artifactory repositories. The CLI utility returns a detailed scan results report that contains all the details of the possible problems discovered in your dependency tree.

Learn more about Xray Dependencies Scan at jfrog.com

On-demand binary scan for files outside Artifactory

You can also use JFrog CLI to Xray scan through your local binaries when needed, without having to first upload or publish them to Artifactory! You can point JFrog CLI to a binary on your local file system and receive an Xray report that contains a list of vulnerabilities and licenses pertinent to that binary.

JFrog CLI has a built-in (proprietary closed-source) logic for extracting the binary and composing a component graph of it, similar to how Xray scans your binaries in Artifactory repositories. After a successful scan, the CLI will return a detailed scan results report that contains details of the vulnerabilities, violations and licenses discovered in the binary.

Learn more about Xray On-Demand Binary Scan at jfrog.com

GitLab is turned all the way up to 14

With the new major version of GitLab, there are more than a few noteworthy things happening.

Breaking changes

As you might expect, a major upgrade is not without some breaking changes. You probably want to check out the complete list of breaking changes at gitlab.com to see if there's something that applies to your use case.

One thing you will certainly notice, is the name of the default branch in Git. Keeping in line with the Git project and broader community, the default branch name for new projects in GitLab will now be main.

Helm charts

This release of GitLab adds support for building, publishing and sharing Helm charts by introducing Helm Registry to its repertoire of supported package manager formats.

Streamlined navigation

Given GitLab’s ever expanding functionality, it was time to make some changes to the way you access all of it.

gitlab_topnavigation

GitLab 14 introduces a new streamlined top navigation menu to help you get to where you’re going faster and with fewer clicks. This new menu consolidates the previous Projects, Groups and More menus into one.

gitlab_leftnavigation

The left sidebar has also been restructured and redesigned to improve its usability. Features in the Operations menu have been split into three distinct menus. It's also more accessible thanks to the improved visual contrast and optimized spacing of the items.

Lots and lots more

As is the case with GitLab, they have published their release notes with such exhaustive detail, it would be pointless for us to try and list everything here.

Just take a deep dive into GitLab’s release notes for version 14.0, version 14.1 and version 14.2 to see everything that’s coming up with the next scheduled update for your GitLab. 

Jenkins’ monthly level-up

As usual, Jenkins gets a round of updates to both Jenkins Core and its plugin. Jenkins itself is updated to the fresh LTS release 2.303.1, along with fixes and enhancements for Pipelines, Blue Ocean and many others.

Please contact your ROOT support team for a full list of plugin updates applicable to your ROOT Jenkins instance.

Nexus IQ

This release of Nexus IQ includes various enhancements to features and overall performance, and addresses a few bugs discovered. 

On the analysis front, IQ Server can now be used to evaluate policies against:

  • Python components defined in poetry.lock files.
  • components from the dependency file of a Swift application.

A new Continuous Risk Profile feature of Nexus IQ for SCM keeps default branch policy evaluations up to date by executing policy evaluations periodically, and whenever a change is detected on a default branch. See the documentation for Continuous Risk Profile - Nexus IQ for SCM at sonatype.com for more details.

Also check out the overall Release Notes for Nexus IQ Server at sonatype.com for details on all changes introduced by this update to release 121.  

Eficode ROOT Team Management

RTM’s latest release is focused on making the LDAP interface and Synchronizer better.

Last login timestamps for LDAP

RTM LDAP service can now be configured to log the last successful logins towards the LDAP interface. This can be useful information for tracking user activity in other tools, which implement their authentication using RTM LDAP. This information can be easily retrieved for every user using the RTM REST API.

Stability and performance improvements

Both RTM LDAP and RTM Synchronizer have received multiple updates, improving on the overall stability of both services and making things happen quicker than before, thanks to various optimizations made to both.

RTM 1.8.0 Release Notes at docs.eficode.io 

SonarQube

Core update

SonarQube LTS is updated from the original LTS release 8.9.0 to the latest version 8.9.2.46101. This is a bugfix release, which corrects faults discovered in the initial release.

Navigate to Version 8.9.1 Release Notes at sonarsource.com and Version 8.9.2 Release Notes at sonarsource.com for the complete list of bugs fixed.

Community plugin updates

SonarQube Community Branch Plugin version 1.8.1

  • Plugin is updated from version 1.8.0 to 1.8.1
  • Allows decorating GitLab Mono Repositories and Azure DevOps Mono Repositories
  • Allows multiple configurations to be defined for each ALM in SonarQube global settings
  • Fixes the bug in saving project level new code settings (#272#379)
  • See Version 1.8.1 notes at github.com for more details

SonarQube C++ Community plugin version 2.0.4

ZAP Plugin for SonarQube

Published: Sep 1, 2021

Updated: Nov 5, 2024

Eficode ROOTrelease notes