Releases: SonarSource/sonar-java
8.4.0.37032
Release notes - SonarJava - 8.4
Bug
SONARJAVA-4262 S1226 should fail its analysis because the CFG builder cannot recover the yield argument
SONARJAVA-4480 Bug in rule S1066 quickfix: preserve conditional logic when collapsing if by using parentheses
SONARJAVA-4950 S6204: IndexOutOfBoundsException when lombok.val is used
SONARJAVA-4961 S6916: Quickfix suggesting to merge single if into existing pattern guard does not take operators precedence into account
SONARJAVA-4963 Line and column positions are wrong after text blocks using '\' line continuations
SONARJAVA-5059 S6901: ClassCastException when certain thread-related methods are called on `this`
SONARJAVA-5080 S1659: Quickfix breaks syntax when multiple arrays are declared
Documentation
SONARJAVA-5020 Clarify documentation about sonar.java.skipUnchanged (need to notify doc team)
False-Positive
SONARJAVA-3829 S2629 should not report when log level is enabled
SONARJAVA-3882 Don't complain about ImmutableSet.of and ImmutableMap.of in S4738
SONARJAVA-3970 Rule S1989 should consider tokens as case sensitive
SONARJAVA-4022 FP S5960 when analyzing package containing ".it."
SONARJAVA-4061 S2226 should ignore fields assigned in `init` method
SONARJAVA-4238 S2924 should not report on non-private rules declared inside of abstract classes
SONARJAVA-4287 S3012 has a false positive when using either auto boxing or auto unboxing
SONARJAVA-5058 S1144: FP when encountering nested class's private method without semantics
SONARJAVA-5079 S6857 FP when SpEL don't have "#{...}"
SONARJAVA-5089 FP in S1312 for interfaces
SONARJAVA-5091 FP in S6813 when Quarkus is used
SONARJAVA-5096 S1764: FP on expressions with side-effects
SONARJAVA-5098 FP in S3457 when using strings involving \\n
SONARJAVA-5099 FP on S1144 if @MethodSource is used without arguments
SONARJAVA-5115 FP in S5803: issue should not be raised when (otherwise = androidx.annotation.VisibleForTesting.PROTECTED) is specified
SONARJAVA-5116 java:S1105 sometimes falsely requests the curly brace to be moved to the previous line
False Negative
SONARJAVA-5120 S1182: Super call that are not directly in the scope of the method are wrongly taken into account
Task
SONARJAVA-5114 Undo deprecation of SE rules
SONARJAVA-5135 Update rules metadata
Improvement
SONARJAVA-5111 S5838 Improve quickfix to suggest "isEmpty()" when assert is called with "size()" and "isEqualTo(0)"
SONARJAVA-5126 S6916 should not raise when there is a default clause
8.3.0.36747
Release notes - SonarJava - 8.3
Task
SONARJAVA-5102 Remove rules superseded by DBD implementations from Sonar way
8.2.0.36672
8.1.0.36477
Release notes - SonarJava - 8.1
Documentation
SONARJAVA-5050 Update rule metadata with correct scope
Task
SONARJAVA-5055 Update Rules Metadata
Improvement
SONARJAVA-5045 Enable batch of rules for test 1/3 part 2
SONARJAVA-5046 Enable batch of rules for test 2/3 part 2
SONARJAVA-5047 Enable batch of rules for test 3/3 part 2
SONARJAVA-5049 Generate CheckList during build time
8.0.1.36337
8.0.0.36314
Release notes - SonarJava - 8.0
Task
SONARJAVA-4975 Create custom rules plugin around symbolic execution engine
7.35.0.36271
Release notes - SonarJava - 7.35
Task
SONARJAVA-4951 Replace InternalCheckVerifier with JavaCheckVerifier
SONARJAVA-4974 Update custom rule documentation with new CheckVerifier API
SONARJAVA-5021 Update Rules Metadata
Improvement
SONARJAVA-4988 Use SonarLintCache component and make it accessible to custom rules via the caching APIs
7.34.0.35958
Release notes - SonarJava - 7.34
Bug
SONARJAVA-4934 On-demand plugin downloading ignore jsp files
False-Positive
SONARJAVA-4520 Rule S3655: False Positive with JUnit assertions
SONARJAVA-4529 FP on rule S3740 when instanceof with variable is used on raw types
SONARJAVA-4699 FP on S3516 when calling a method using objects from "unknown" packages
SONARJAVA-4741 FP on S6857 for special default values in property placeholders
SONARJAVA-4933 FP on S1068 with lombok @DaTa, @getter, @Setter annotations
SONARJAVA-4937 FP on S1118 when using Lombok generated constructors with private access
SONARJAVA-4943 FP on S1144 if private method is referenced by name in annotations
SONARJAVA-4944 FP on S2699 on SpringBoot sanity test "contextLoads"
Task
SONARJAVA-4936 Allow rules to analyze both main and test code
SONARJAVA-4952 Update Rules Metadata
SONARJAVA-4953 Update External Linters Metadata
SONARJAVA-4956 Update parent pom
Improvement
SONARJAVA-4935 S1192 should not report on individual lines of multi line string literal
SONARJAVA-4939 Enable batch of rules for tests (1/3)
SONARJAVA-4940 Enable batch of rules for tests (2/3)
SONARJAVA-4941 Enable batch of rules for tests (3/3)
SONARJAVA-4942 [S6437] Update list of affected method signatures
Contributors
Assets 2
7.33.0.35775
Release notes - SonarJava - 7.33
False Negative
SONARJAVA-4770 S2438 FN on arguments whose concrete type is Thread
Task
SONARJAVA-4918 Update dependencies + prepare for next development iteration 7.33.0-SNAPSHOT
SONARJAVA-4922 Upgrade sonar-plugin-api and fix IndexedFile issue
SONARJAVA-4924 Remove deprecated method ExpressionUtils.getEnclosingElement
Improvement
SONARJAVA-4858 S5344: Add support for detection of two additional insecure PasswordEncoders
SONARJAVA-4863 S2092: Support detection of missing secure cookie flag for Spring
SONARJAVA-4864 S3330: Support detection of missing http-only cookie flag for Spring
SONARJAVA-4866 S2077: Support detection of formatted SQL queries in Spring
SONARJAVA-4871 S5122: Support detection of Permissive CORS policies for Spring
SONARJAVA-4875 S4502: Support detection of CSRF Protection for Spring
SONARJAVA-4880 S5804: Support detection of User Enumeration for Spring
SONARJAVA-4882 S5876: Support detection of Session Fixation for Spring
SONARJAVA-4883 S4423: Support detection of TLS Protocol Downgrades for Spring programmatically
SONARJAVA-4884 S4507: Support detection of enabled Debug Features in Spring programmatically
SONARJAVA-4885 S5693: Support detection of Excessive File Upload Size Limit for Spring programmatically
SONARJAVA-4921 Update Java parser version to ECJ 3.37.0
7.32.0.35531
Release notes - SonarJava - 7.32
Bug
SONARJAVA-4756 NumberFormatException in AbstractPrintfChecker.getIndex(String param)
SONARJAVA-4873 Wrong quickfix in S1066
SONARJAVA-4909 Missing parentheses in the children() method of RecordPatternTreeImpl
SONARJAVA-4913 S1181 misses issues after unknown symbol
False-Positive
SONARJAVA-4422 S6204 FP on lists used outside their instantiation scope
SONARJAVA-4438 S6204: recommendation not applicable when upcast is required
SONARJAVA-4749 FP in S1170 when field is used in a non-static member
SONARJAVA-4751 FP in S2326 when type parameters are used in the child classes or interface implementations
SONARJAVA-4752 FP in S5665 when \\" and \\' are not intended to be escaped
SONARJAVA-4758 S1113 should cover the finalizer attack
SONARJAVA-4814 S1948 should not raise issues on final fields
SONARJAVA-4816 S1948 should support jakarta.inject.Inject
SONARJAVA-4829 FP in rule S2694 on local classes
SONARJAVA-4835 FP on S3242 forcing user to add unnecessary logic
SONARJAVA-4857 S3457: FP on certain java.util.logging strings with single quotes
SONARJAVA-4865 S6856 should not raise on named regex
SONARJAVA-4904 FP on S1301 when using switch statement with type patterns
SONARJAVA-4907 FP on S1481 when using type pattern matching in case clauses of a switch
SONARJAVA-4908 FP on S131 when using switch statement on type pattern
New Feature
SONARJAVA-4823 S6885 Add clamp methods to Math
SONARJAVA-4825 S6876 SequencedCollection reversed view should be used for reverse iteration order
SONARJAVA-4826 S6880 Use switch instead of if else for pattern matching
SONARJAVA-4827 S6877 SequencedCollection reversed view should be used instead of Collections.reverse for read-only lists
SONARJAVA-4831 S6891: Avoid exact alarms
SONARJAVA-4832 S6881 VirtualThreads should be used for tasks that include heavy blocking operations
SONARJAVA-4837 S6878 Use record pattern instead of explicit field access
SONARJAVA-4838 S6901: Thread.setDaemon(boolean), Thread.setPriority(int) and Thread.getThreadGroup() should not be invoked on VirtualThread
SONARJAVA-4840 S6905: SQL queries should retrieve only necessary fields
SONARJAVA-4841 S6898: Avoid high frame rate
SONARJAVA-4842 S6909: Constant parameters in a PreparedStatement should not be set more than once
SONARJAVA-4843 S6906: Virtual threads should not run tasks that include synchronized or native code
SONARJAVA-4844 S6913 Clamp should be used with correct ranges
SONARJAVA-4845 S6914: Use Fused Location to optimize battery power
SONARJAVA-4848 S6916 Use guard instead of a single if/else in pattern match body
SONARJAVA-4849 S6915 indexOf(char|String, int, int) should be used with correct ranges
SONARJAVA-4851 S6912: Use batch Processing in JDBC
SONARJAVA-4854 S6923: Motion Sensor should not use gyroscope
SONARJAVA-4855 S6926: Bluetooth should be configured to use low power
False Negative
SONARJAVA-4784 S2093 should raise on HttpClient starting on Java 21+ code
Improvement
SONARJAVA-4415 Add parameter to ignore particular annotations in S1068
SONARJAVA-4898 S6218: Improve reporting to no highlight the entire record
SONARJAVA-4900 Provide the resolved method "symbol" in "LambdaExpressionTree"
SONARJAVA-4912 S6204 Update issue message