Cloud June 2022

These release notes are for the Codacy Cloud updates during June 2022.

📢 Visit the Codacy roadmap and let us know your feedback on both new and planned product updates!

Product enhancements

Codacy now supports using expiring access tokens to integrate with GitLab. Users affected by issues connecting to GitLab should re-login on the Codacy UI using their GitLab accounts, or revoke the GitLab integration on Codacy if the issues persist. (CY-6117)
Pull request notification emails now display the diff coverage metric. (CY-5700)

Fixed an issue to allow saving coverage data for the first commit in a repository. (CY-6196)
Fixed an issue that could allow an attacker with an account on the Git provider to do destructive actions on Codacy personal organizations, such as removing members from Codacy or deleting the personal organization on Codacy. The issue didn't allow the attacker to see or change any information on the Git provider organization or repositories. CVSS v3.1 score: 7.9 (High) (CY-6184, CY-6187, CY-6188)
Fixed an issue that could allow an attacker with an account on the Git provider to join a public Codacy organization and know the email addresses of the organization members on Codacy. The issue didn't allow the attacker to see or change any information on the Git provider organization or repositories. CVSS v3.1 score: 5.1 (Low) (CY-6174)
Removed the username field from the Codacy UI and relevant API endpoints since it's no longer used and could be exploited to leak email addresses that are already in use on Codacy. (CY-6173)
Fixed a Codacy Analysis CLI error when running markdownlint on a repository without a .markdownlint.json config file. (CY-6112)
Fixed the parsing of dartanalyzer results containing many issues. (CY-6067)

Codacy Cloud now includes the tool versions below. The tools that were recently updated are highlighted in bold: