v25.12.0-5

• [#163] Update Java-Base-Image to 21.0.10.4

v25.12.0-4

Security

• [#161] Fix Go stdlib CVE-2025-68121 used to compile the Sonarcarp binary

v9.9.7-2

Security

• CVE fixed: cve-2025-15467

v25.12.0-3

Security

• [#159] CVE fixed: cve-2025-15467

v25.12.0-2

Fixed

• [#156] Import quality profiles in CES-MN
  • Due to an error while importing quality profiles in CES-VM multiple temporary admin accounts have been created

v25.12.0-1

Changed

• [#148] Update documentation to aid understanding sonarcarp request handling
• [#154] Update SonarQube to v25.12.0.117093

v25.7.0-1

Changed

• [#149] Update SonarQube to v25.7.0.110598
• [#146] Update base image to v21.0.5-1

Fixed

• [#144] Handle unauthenticated API request properly
• [#151] Make remove the need for authentication for the API endpoint /sonar/batch
  • default maven sonar goals must use the property -Dsonar.token to avoid HTTP 401 Unauthenticated results as -Dsonar.login is deprecated

v25.1.0-6

Added

• [#136] Add upgrade validation to only allow upgrades from version 9.9.x to 25.1.x

Changed

• [#136] Use reverse proxy for authentication against CAS-Dogu
  • Implement sonar carp that uses HTTP header authentication
  • Remove Sonar-CAS-Plugin from Sonar
• [#143] disable on-by-default sharing of analysis telemetry data

Fixed

• Remove stale elasticsearch lockfiles after container start
  • left lockfiles may prohibit a proper SonarQube start

v25.1.0-5

Fixed

• [#132] Update sonar-Cas-Plugin to 6.1.0

v25.0.1-5

Fixed

• [#132] Update sonar-Cas-Plugin to