7.6.0.28201

    Release Notes - SonarJava - Version 7.6

Bug

• [SONARJAVA-4020] - S5869(DuplicatesInCharacterClassCheck): Fix false-negative and crash on regex spanning low and upper case ranges

Task

• [SONARJAVA-3987] - Move all rules targeting XML from SonarJava to SonarQube XML Analyzer
• [SONARJAVA-3988] - Drop XmlFileSensor from Java Analyzer
• [SONARJAVA-4087] - Advertise minimal required JRE version
• [SONARJAVA-4088] - Update rules metadata

Improvement

• [SONARJAVA-4069] - Improve Nullability annotations support in S2638 (ChangeMethodContractCheck)
• [SONARJAVA-4078] - Improve Nullability annotations support in S2789 (NullShouldNotBeUsedWithOptionalCheck)
• [SONARJAVA-4079] - Improve Nullability annotations support in S4682 (PrimitivesMarkedNullableCheck)
• [SONARJAVA-4080] - Improve Nullability annotations support in S2637 (NonNullSetToNullCheck)
• [SONARJAVA-4081] - Improve Nullability annotations support in S4454 (EqualsParametersMarkedNonNullCheck)
• [SONARJAVA-4082] - Improve Nullability annotations support in S2447 (BooleanMethodReturnCheck)
• [SONARJAVA-4083] - Improve Nullability annotations support in S1168 (ReturnEmptyArrayNotNullCheck)
• [SONARJAVA-4084] - Improve Nullability annotations support in S4449 (ParameterNullnessCheck)
• [SONARJAVA-4085] - Improve Nullability annotations support in S2259 (NullDereferenceCheck)
• [SONARJAVA-4089] - Improve Nullability annotations support in Exploded graph walker
• [SONARJAVA-4091] - Use of Java 17 feature should not lead to a warning message

7.5.0.28054

    Release Notes - SonarJava - Version 7.5

Bug

• [SONARJAVA-4068] - S2118-S2441: Fix StackOverflowError raised for self assigned variables

Task

• [SONARJAVA-4052] - Provide quick fix availability to SQ
• [SONARJAVA-4075] - Update rules metadata

Improvement

• [SONARJAVA-4048] - Update ECJ to 3.27.0 and require Java 11

False-Positive

• [SONARJAVA-4047] - S2699: Fix FP with "andExpectAll" introduced in recent version of Spring Test
• [SONARJAVA-4064] - S2055: Fix FP when the semantic is incomplete
• [SONARJAVA-4073] - S3751 should accept protected and package scope modifiers

7.4.0.27839

    Release Notes - SonarJava - Version 7.4

Bug

• [SONARJAVA-4021] - Wrong message in S1128 with unused imports from a sub-package

New Feature

• [SONARJAVA-4029] - Rule S6301: Mobile database encryption keys should not be disclosed
• [SONARJAVA-4030] - Rule S6291: Using unencrypted databases in mobile applications is security-sensitive
• [SONARJAVA-4031] - Rule S6300: Using unencrypted files in mobile applications is security-sensitive
• [SONARJAVA-4034] - Rule S4507: Add WebView debug settings
• [SONARJAVA-4036] - Rule S6362: Enabling JavaScript support for WebViews is security-sensitive
• [SONARJAVA-4037] - Rule S6363: Enabling file access for WebViews is security-sensitive

Task

• [SONARJAVA-4018] - Deprecate S2039 for Java
• [SONARJAVA-4045] - Update rules metadata

Improvement

• [SONARJAVA-3866] - Rule S6293: Using a biometric authentication independent of a cryptographic solution is security-sensitive
• [SONARJAVA-3868] - Rule S6288: Authorizing non-authenticated users to use keys in the Android KeyStore is security-sensitive
• [SONARJAVA-4039] - Rule S5332: support Android WebView insecure mixed content policy
• [SONARJAVA-4046] - Avoid unnecessary TextEdit in quick fixes
• [SONARJAVA-4049] - S2647: remove CWE-311 from "securityStandards" to match the "See" section

False-Positive

• [SONARJAVA-2250] - FP on S2695 when the query is built in multiple statements
• [SONARJAVA-3953] - S2095 should ignore ByteArrayOutputStream from apache.commons
• [SONARJAVA-4014] - S1214 should not report interface with a parent
• [SONARJAVA-4015] - FP in S1641 when the initializer is a ternary expression
• [SONARJAVA-4016] - FP in S6206 when the return type of the getter is not the same as the one from the field
• [SONARJAVA-4025] - FP in S2637 with non-null primitive field not initialized
• [SONARJAVA-4040] - S1612 should not suggest casting though method reference for generic classes
• [SONARJAVA-4041] - S1166 should not ignore whitelist when union type is used in catch

Documentation

• [SONARJAVA-4042] - Document the quick fix metadata

False Negative

• [SONARJAVA-4011] - S2119: Random() not detected when used directly in MemberSelectExpression
• [SONARJAVA-4019] - FN in S2695 when the integer argument is coming from a constant
• [SONARJAVA-4032] - S5322 should raise on Activity or any sub classes of Context
• [SONARJAVA-4033] - S5320 should raise on Activity or any sub classes of Context
• [SONARJAVA-4038] - S5324 should raise on Activity or any sub classes of Context

7.3.0.27589

    Release Notes - SonarJava - Version 7.3

Sub-task

• [SONARJAVA-3909] - Add quick fixes for S1481 (UnusedLocalVariableCheck)
• [SONARJAVA-3910] - Add quick fixes for S2293 (DiamondOperatorCheck)
• [SONARJAVA-3911] - Add quick fixes for S1155 (CollectionIsEmptyCheck)
• [SONARJAVA-3913] - Add quick fixes for S1130 (RedundantThrowsDeclarationCheck)
• [SONARJAVA-3915] - Add quick fixes for S1124 (ModifiersOrderCheck)
• [SONARJAVA-3916] - Add quick fixes for S1128 (UselessImportCheck)
• [SONARJAVA-3917] - Add quick fixes for S1161 (OverrideAnnotationCheck)
• [SONARJAVA-3918] - Add quick fixes for S1186 (EmptyMethodsCheck)
• [SONARJAVA-3919] - Add quick fixes for S5786 (JUnit5DefaultPackageClassAndMethodCheck)
• [SONARJAVA-3921] - Add quick fixes for S1905 (RedundantTypeCastCheck)
• [SONARJAVA-3922] - Add quick fixes for S3415 (AssertionArgumentOrderCheck)
• [SONARJAVA-3923] - Add quick fixes for S1068 (UnusedPrivateFieldCheck)
• [SONARJAVA-3925] - Add quick fixes for S1197 (ArrayDesignatorOnVariableCheck)
• [SONARJAVA-3926] - Add quick fixes for S1125 (BooleanLiteralCheck)
• [SONARJAVA-3927] - Add quick fixes for S3252 (StaticMemberAccessCheck)
• [SONARJAVA-3928] - Add quick fixes for S1319 (CollectionImplementationReferencedCheck)
• [SONARJAVA-3929] - Add quick fixes for S1172 (UnusedMethodParameterCheck)
• [SONARJAVA-3930] - Add quick fixes for S1612 (ReplaceLambdaByMethodRefCheck)
• [SONARJAVA-3931] - Add quick fixes for S1168 (ReturnEmptyArrayNotNullCheck)
• [SONARJAVA-3933] - Add quick fixes for S5411 (BoxedBooleanExpressionsCheck)
• [SONARJAVA-3934] - Add quick fixes for S1144 (UnusedPrivateMethodCheck)
• [SONARJAVA-3939] - Add quick fixes for S1116 (EmptyStatementUsageCheck)
• [SONARJAVA-3940] - Add quick fixes for S1858 (StringToStringCheck)
• [SONARJAVA-3941] - Add quick fixes for S1659 (OneDeclarationPerLineCheck)
• [SONARJAVA-3942] - Add quick fixes for S2209 (StaticMembersAccessCheck)
• [SONARJAVA-3943] - Add quick fixes for S5838 (AssertJChainSimplificationCheck)
• [SONARJAVA-3944] - Add quick fixes for S2325 (StaticMethodCheck)
• [SONARJAVA-3945] - Add quick fixes for S1107 (RightCurlyBraceSameLineAsNextBlockCheck)
• [SONARJAVA-3946] - Add quick fixes for S1488 (ImmediatelyReturnedVariableCheck)
• [SONARJAVA-3948] - Add quick fixes for S2153 (ImmediateReverseBoxingCheck)
• [SONARJAVA-3949] - Add quick fixes for S2446 (NotifyCheck)
• [SONARJAVA-3950] - Add quick fixes for S2200 (CompareToResultTestCheck)
• [SONARJAVA-3951] - Add quick fixes for S5164 (ThreadLocalCleanupCheck)
• [SONARJAVA-3952] - Add quick fixes for S2111 (BigDecimalDoubleConstructorCheck)
• [SONARJAVA-3955] - Add quick fixes for S4973 (CompareStringsBoxedTypesWithEqualsCheck)
• [SONARJAVA-3958] - Add quick fixes for S3984 (UnusedThrowableCheck)
• [SONARJAVA-3960] - Extends CheckVerifier to support testing of Quick-fixes
• [SONARJAVA-3961] - Add quick fixes for S3986 (DateFormatWeekYearCheck)
• [SONARJAVA-3962] - Add quick fixes for S3020 (ToArrayCheck)
• [SONARJAVA-3998] - Add quick fixes for S1195 (ArrayDesignatorAfterTypeCheck)

Bug

• [SONARJAVA-3969] - CheckVerifier expect too many issues when a //Noncompliant comment is placed after a multi-variable declaration
• [SONARJAVA-3990] - S1120 should not crash on code containing line breaking control characters
• [SONARJAVA-3993] - S6073 should not produce a NullPointerException when trying to read the body of an abstract method
• [SONARJAVA-4003] - Fix Deadlock on ProgressMonitor

New Feature

• [SONARJAVA-3854] - Rule S5329: Collection constructors should not be used as java.util.function.Function
• [SONARJAVA-3906] - Quick fixes for CODE SMELLS requiring trivial changes without compilation impact
• [SONARJAVA-3936] - Quick fixes for BUGS requiring trivial changes without compilation impact

Task

• [SONARJAVA-4004] - Extend QuickFixHelper with nextVariable and previousVariable
• [SONARJAVA-4005] - Update rules metadata
• [SONARJAVA-4006] - Update SonarLint core version to use the new version of the API

Improvement

• [SONARJAVA-3864] - Missing arguments in Deprecated annotation should be reported in its own rule
• [SONARJAVA-3867] - S2479 Add a flag to allow tabs in string literals
• [SONARJAVA-3881] - Change message of S3655 to mention isEmpty and improve rule description
• [SONARJAVA-3907] - Add support for SonarLint quick fixes in the Java analyzer
• [SONARJAVA-3947] - Typo in S6216 issue description
• [SONARJAVA-3965] - Provide a new extensible API for issue reporting
• [SONARJAVA-3989] - Remove overlap between S2638 and S4454 with "nonnull" argument of "equals" method
• [SONARJAVA-4001] - Compute the end position of multi-line token only once
• [SONARJAVA-4002] - S1659 should report only one issue per line

False-Positive

• [SONARJAVA-3905...

7.2.0.26923

    Release Notes - SonarJava - Version 7.2.0.26923

Bug

• [SONARJAVA-3872] - "JSymbol.convertMetadata" should not throw an Exception when ecj fails
• [SONARJAVA-3897] - Fix S1845(MembersDifferOnlyByCapitalizationCheck) duplicated issues
• [SONARJAVA-3904] - Java 16's record keyword and sealed classes-related keywords should be highlighted as keywords

New Feature

• [SONARJAVA-3745] - Implement rule S6204: Use Stream.toList() instead of collectors
• [SONARJAVA-3748] - Implement rule S6206: Use records to represent immutable data structures
• [SONARJAVA-3752] - Implement rule S6207: Avoid redundant constructors/methods in records
• [SONARJAVA-3754] - Implement rule S6209: Ignored members during record serialization
• [SONARJAVA-3758] - Implement rule S6211: Prefer overriding default record's getter
• [SONARJAVA-3768] - Implement rule S6216: Reflection should not be used to update record's field value
• [SONARJAVA-3771] - Implement rule S6218: Equals should be overridden in the record with array fields
• [SONARJAVA-3773] - Implement rule S6219: Don't set 'serialVersionUID' to '0L' in records

Task

• [SONARJAVA-3894] - [AutoScan] batchMode should support multi-modules scope
• [SONARJAVA-3903] - Update rules metadata

Improvement

• [SONARJAVA-3740] - Extend rule S1481 to report on unused variables in pattern matching on instanceof
• [SONARJAVA-3746] - Extend rule S2201 to support 'Stream' non-void terminal methods
• [SONARJAVA-3755] - Update rule S2057 to not report on 'Serializable' records
• [SONARJAVA-3760] - Improve rule S2094: 'Classes should not be empty' to support Records
• [SONARJAVA-3763] - Support Records in rules targeting Classes
• [SONARJAVA-3769] - Remove record fields from reporting in S3011: Reflection fields update
• [SONARJAVA-3902] - Use secondary locations in S1845 (Members differs only by capitalization)

False-Positive

• [SONARJAVA-3892] - Exclude "com.sun.jersey" and "com.sun.faces" from S1191 by default
• [SONARJAVA-3898] - Don't apply S5838 for calls to equals in methods with "equals" in the name
• [SONARJAVA-3901] - FP in S2245 (PseudeRandomCheck) when passing a SecureRandom object as parameter

7.1.0.26670

    Release Notes - SonarJava - Version 7.1.0.26670

Bug

• [SONARJAVA-3799] - Visit records' members correctly
• [SONARJAVA-3876] - S3986 produces an IndexOutOfBoundsException on calls to super
• [SONARJAVA-3883] - Semantic API Symbol#type() is not @nullable but return 'null'
• [SONARJAVA-3885] - NPE in S1176 (UndocumentedApiCheck) when analyzing Java 16's records

New Feature

• [SONARJAVA-3739] - Implement rule S6201: Use Pattern Matching on instanceof to substitute instanceof + cast
• [SONARJAVA-3775] - Implement rule S6220: Functional interfaces should not be sealed
• [SONARJAVA-3869] - Provide CFG for the body of a lambda

Task

• [SONARJAVA-3718] - Stop release process when performance score is exceeds threshold
• [SONARJAVA-3827] - Remove unused annotations "@DependsUpon", "@DependedUpon"
• [SONARJAVA-3871] - Enable experimental batch mode for analysis
• [SONARJAVA-3884] - Update rules metadata

Improvement

• [SONARJAVA-3738] - Upgrade ECJ to 3.26.0
• [SONARJAVA-3742] - Extend S3457 and S2275 to support String “formatted” method from Java 15
• [SONARJAVA-3870] - Remove S6212 from default quality profile.
• [SONARJAVA-3873] - Order rules based on execution time to make the best of issue streaming

False-Positive

• [SONARJAVA-3784] - FP in S3958 when Java 16 "toList()" terminator operation is used
• [SONARJAVA-3865] - Deprecate rule RSPEC-4604
• [SONARJAVA-3874] - FP in S1168 when using classes with the same unqualified name as collections

7.0.0.26422

    Release Notes - SonarJava - Version 7.0.0.26422

Bug

• [SONARJAVA-3856] - S1643 ClassCastException on parentheses

Task

• [SONARJAVA-3723] - Expose latest peach analysis performance score to Java bubble
• [SONARJAVA-3724] - Compute performance score of upcoming release
• [SONARJAVA-3816] - Update rules metadata
• [SONARJAVA-3818] - Add an example of rules targeting TEST in our custom rules plugin example
• [SONARJAVA-3820] - Add missing remediation functions
• [SONARJAVA-3823] - Move java-checks-testkit's 'InternalJavaCheckVerifier' into internal package
• [SONARJAVA-3825] - Drop deprecated methods from API
• [SONARJAVA-3828] - Drop deprecated rules
• [SONARJAVA-3833] - Update tutorial to add support of new LTS SQ 8.9

Improvement

• [SONARJAVA-3777] - Improve S1128 (Unused imports) rule precision by relying on compiler warnings
• [SONARJAVA-3791] - Use jdk 16 for our builds
• [SONARJAVA-3794] - Improve S1905 (Redundant cast) rule precision by relying on compiler warnings
• [SONARJAVA-3806] - Improve S1656 (Self Assignment) rule precision by relying on compiler warnings
• [SONARJAVA-3807] - Improve S4970 (Unreachable Catch) rule precision by relying on compiler warnings
• [SONARJAVA-3840] - Regex rules should support concatenating pattern objects
• [SONARJAVA-3858] - S5838 should support "length()"/"size()" followed by "isPositive()" simplification
• [SONARJAVA-3859] - Update description for 'sonar.java.file.suffixes'
• [SONARJAVA-3860] - Map ECJ Warnings to syntax trees
• [SONARJAVA-3862] - Rework "MethodTree.isOverriding()" to match the contract in case of unknowns in hierarchy

False-Positive

• [SONARJAVA-3822] - S6073 should not report on method invocation arguments that actually return an argument matcher
• [SONARJAVA-3836] - S5786 should not raise issue on a class visibility if it contains public static method(s)
• [SONARJAVA-3844] - Rules targeting tests should work with incomplete semantic
• [SONARJAVA-3845] - Rules targeting unused elements should work with incomplete semantic
• [SONARJAVA-3846] - Rules targeting returns should work with incomplete semantic
• [SONARJAVA-3847] - Rules targeting parameters should work with incomplete semantic
• [SONARJAVA-3848] - Rules targeting types should work with incomplete semantic
• [SONARJAVA-3849] - Rules targeting control flow should work with incomplete semantic
• [SONARJAVA-3850] - Rules targeting class members should work with incomplete semantic
• [SONARJAVA-3851] - Rules targeting methods calls should work with incomplete semantic
• [SONARJAVA-3852] - Rules targeting methods should work with incomplete semantic
• [SONARJAVA-3857] - FP S131 for a switch on an unknown symbol

False Negative

• [SONARJAVA-3841] - FN in S5998 (regex stackoverflow) for possessive quantifiers

6.15.1.26025

    Release Notes - SonarJava - Version 6.15.1.26025

Bug

• [SONARJAVA-3808] - NPE in JMethodSymbol.overriddenSymbol
• [SONARJAVA-3812] - Analysis should stop without logging when a CancellationException is thrown

Task

• [SONARJAVA-3815] - Update rules metadata
• [SONARJAVA-3817] - Remove rules resulting in failing tests from default quality profile
• [SONARJAVA-3821] - Do not ship "sonar-plugin-api" implementation class with the analyzer components

Improvement

• [SONARJAVA-3801] - Rule S4423 should support okhttp library
• [SONARJAVA-3805] - Rule S5332 should support okhttp library

False-Positive

• [SONARJAVA-3797] - FP in S1854 for effective-final assignment of variables used in a lambda
• [SONARJAVA-3798] - FP in S1258 and S3749 when using Lombok "@DaTa" annotation
• [SONARJAVA-3804] - FP in S3077 when volatile is used with @immutable and @threadsafe annotations
• [SONARJAVA-3809] - S5979 should not report on objects initialized with `MockitoJUnit.rule()` followed by options
• [SONARJAVA-3811] - Rule S5542 should not be triggered when using CBC mode
• [SONARJAVA-3814] - S6212 should not suggest to use "var" when the initializer is a lambda or a method reference

False Negative

• [SONARJAVA-3785] - Rule S4605 is not detected with @SpringBootApplication
• [SONARJAVA-3810] - S5547 should report on some more weak algorithms
• [SONARJAVA-3813] - Rule S4790 should support more weak hash algorithms

6.15.0.25849

    Release Notes - SonarJava - Version  6.15.0.25849

Bug

• [SONARJAVA-3786] - Delete rule RSPEC-4603
• [SONARJAVA-3788] - Fix IndexOutOfBoundsException in S1166 (CatchUsesExceptionWithContextCheck:307)
• [SONARJAVA-3789] - Fix ClassCastException in S6202 (IsInstanceMethodCheck:70)
• [SONARJAVA-3790] - Fix ClassCastException in S5411 (BoxedBooleanExpressionsCheck:158)
• [SONARJAVA-3792] - Compilation of custom rule project fails due to missing metadata files

New Feature

• [SONARJAVA-3716] - Provide a user property to produce performance metrics
• [SONARJAVA-3741] - Rule S6202: Operator "instanceof" should be used instead of "A.class.isInstance()"
• [SONARJAVA-3743] - Rule S6203: Text blocks should not be used in complex expression
• [SONARJAVA-3749] - Rule S6205: Switch arrow labels should not use redundant keywords
• [SONARJAVA-3753] - Rule S6208: Comma-separated labels should be used in Switch with colon case
• [SONARJAVA-3759] - Rule S6212: Local-Variable Type Inference (var) should be used
• [SONARJAVA-3761] - Rule S6213: Restricted Identifiers should not be used as Identifiers

Task

• [SONARJAVA-3714] - Collect SquidSensor runtime data
• [SONARJAVA-3717] - Increase reliability of cirrus-ci nightly analyses by restarting some failed jobs
• [SONARJAVA-3720] - Push internal CI performance metrics to repository
• [SONARJAVA-3721] - Enable performance measurement for ruling
• [SONARJAVA-3722] - Compute measurement cost in performance metrics
• [SONARJAVA-3726] - Update tutorial with SQ 8.8 and latest embedded release of SonarJava
• [SONARJAVA-3728] - Update rules metadata
• [SONARJAVA-3793] - Drop usage of deprecated internal method "hasSemantic()" in our rules

Improvement

• [SONARJAVA-3666] - Add text block support for regex rules
• [SONARJAVA-3715] - Add size of file to slowest files analyzed output
• [SONARJAVA-3732] - Execute the move of the regex parser into analyzer-commons
• [SONARJAVA-3736] - Support Text Block in rules relying on String literals from expressions
• [SONARJAVA-3737] - Improve rules relying on String literals to support identifier from a final or effectively final variable.
• [SONARJAVA-3744] - Extend existing rules to support Switch Expression
• [SONARJAVA-3751] - Extend S4738 to suggest Java 9 "List.of", "Map.of", "Set.of" instead of Guava
• [SONARJAVA-3762] - S5838 should support Java 11 "String.isBlank()"
• [SONARJAVA-3766] - Improve rule description for ReDoS
• [SONARJAVA-3778] - Fix performance hotspots in S103 due to slow regex
• [SONARJAVA-3781] - All method overrides should be returned instead of only the first one
• [SONARJAVA-3787] - Children of Switch Statement should not be a Switch Expression
• [SONARJAVA-3796] - Fix possible Catastrophic backtracking in regex for S3518: Division by zero rule

False-Positive

• [SONARJAVA-3731] - S5786 should not report on abstract classes or overridding test methods
• [SONARJAVA-3734] - FP in S5979 when "ExtendWith" annotation is coming from a meta-annotation
• [SONARJAVA-3750] - S1199 should not report an issue for any Switch case containing a block
• [SONARJAVA-3772] - FP in S1943: Do not report an issue on any usage of Java 11 FileWriter and FileReader
• [SONARJAVA-3774] - S2755 should not raise when a non null resolver is set with XMLInputFactory.setXMLResolver
• [SONARJAVA-3776] - Fix FPs in S4276 when the generic argument left is a primitive wrapper

False Negative

• [SONARJAVA-3757] - "Nullable" from eclipse should be considered as a Strong Nullable.

6.14.0.25463

    Release Notes - SonarJava - Version  6.14.0.25463

Task

• [SONARJAVA-3702] - Rule S3066: change rule type to Code-Smell
• [SONARJAVA-3703] - Add custom rules examples from tutorial in repository
• [SONARJAVA-3708] - Rule S3751: change rule type to Code-Smell
• [SONARJAVA-3709] - Deprecate S3369
• [SONARJAVA-3727] - Update rules metadata

Improvement

• [SONARJAVA-3215] - S1166 add heuristics to support custom log frameworks
• [SONARJAVA-3558] - Issue filter should extends its filter to IDE-specific suppressed warnings
• [SONARJAVA-3568] - S5852 should use automata to increase its accuracy
• [SONARJAVA-3624] - Regex FP/FN with Supplementary Multilingual Plane
• [SONARJAVA-3629] - Improve S6002 RegexLookaheadCheck to support negative lookahead
• [SONARJAVA-3636] - Improve secondary message for regex rules when issues are reported across different string literals
• [SONARJAVA-3689] - Improve rule S110 to not report when hierarchy is too big already in library code
• [SONARJAVA-3701] - Prepare the move of the regex parser into its own project
• [SONARJAVA-3729] - Change S4434 to a security-hotspot
• [SONARJAVA-3730] - Add an exception to rule S121 for early returns
• [SONARJAVA-3733] - ReDoS: Don't call cubic and worse runtimes quadratic
• [SONARJAVA-3735] - Upgrade ECJ to 3.25.0

False-Positive

• [SONARJAVA-3570] - Relax Rule S5411 for boxed booleans if there is a null-checked before
• [SONARJAVA-3603] - FP on S4276 when Function is using "compose" or "andThen" methods
• [SONARJAVA-3625] - Possible FP in S5998 when using backreferences to large groups
• [SONARJAVA-3631] - FP in S6001 parsing of multi-digit backreferences
• [SONARJAVA-3635] - S2384 should not raise an issue when mutable members in temporary variable are not stored
• [SONARJAVA-3669] - S2325 should not raise on empty methods
• [SONARJAVA-3696] - S2755 should not raise when a xml document is build
• [SONARJAVA-3706] - FP in S2384, S2386: support any unmodifiable and immutable methods
• [SONARJAVA-3713] - FP in S5852 (ReDoS) involving possessive quantifiers
• [SONARJAVA-3747] - FPs in S5852 when repetition overlaps with non-repetition part

False Negative

• [SONARJAVA-2745] - FN on S2142: no issue raised when catching the generic Exception
• [SONARJAVA-3639] - FN in S5994 when `*+` is followed by a repetition
• [SONARJAVA-3640] - FN in S6002 for full matches and anchored patterns
• [SONARJAVA-3641] - FN in S5998
• [SONARJAVA-3653] - S5996 should raise issues even if the regex can match the empty string
• [SONARJAVA-3710] - Include Eclipse’s NonNullByDefault annotation on nonNullFields check