Release upgrade notes

This page contains notes about breaking changes and important updates to be aware of before upgrading. We recommend reading the notes for all the versions between your current version and the version you're upgrading to. For the release notes, see the Release notes page. For deprecations and removals, see Deprecations and removals.

See the SonarQube Server upgrade guide for more details about breaking changes and important updates to be aware of before upgrading.

SonarQube Community Build 25.1.0.102122

SAML configuration update required

When configuring SAML on your SonarQube Server instance with assertion encryption, response signature must be enforced. You might need to update your SAML configuration:

• If you use SAML with Microsoft Entra, make sure you sign the response by selecting Sign SAML response or Sign SAML response and assertion as the sign-in response. See Step 2 > If you use encryption, enforce response signature in Setup of security features.
• If you use SAML with PingID, make sure you sign the response by selecting Sign Response or Sign Assertion & Response as the sign-in response. See Step 2 > To enable the encryption of SAML assertions in Setup of security features.

In addition, the assertion decryption now requires that you store also the public key certificate in SonarQube Community Build (not only the private key). Make sure the certificate is stored in SonarQube as follows:

1. In SonarQube Community Build, go to Administration > Configuration > General Settings > Authentication > SAML.
2. In SAML Configuration > SAML, select Edit. The Edit SAML configuration dialog opens.
3. In Service provider certificate, enter the certificate.