SonarSource/sonar-java 6.3.0.21585

on GitHub

    Release Notes - SonarSource Code Analyzer for Java - Version 6.3.0.21585

False-Positive

• [SONARJAVA-3316] - FP S5542 (EncryptionAlgorithmCheck) more secure algorithms and algorithm name using different case
• [SONARJAVA-3320] - S1165/S2039: Fix false positives for Lombok's field modifier annotations
• [SONARJAVA-3321] - FP S5542 (EncryptionAlgorithmCheck): should support default security java provider
• [SONARJAVA-3330] - FP in S3749 when fields are injected by Lombok @RequiredArgsConstructor
• [SONARJAVA-3338] - FP on S1118: improve support of Lombok's annotation generating constructor

Bug

• [SONARJAVA-3322] - S2441 does not handle correctly unknown types
• [SONARJAVA-3328] - JSP transpiling is broken when root dir is symlink
• [SONARJAVA-3347] - [JSP] Fix compilation of custom tags in JSPs

New Feature

• [SONARJAVA-1871] - Offer access to Parameterized Type in Java Analyzer semantic API
• [SONARJAVA-2357] - Provide MethodMatcher API to be used in custom rules
• [SONARJAVA-2941] - Rule S3740: Generic types shouldn't be used raw
• [SONARJAVA-3309] - Transpile JSP to Java
• [SONARJAVA-3310] - Use source maps to report precise issues on JSP files
• [SONARJAVA-3314] - Rule S5738: Deprecated code marked for removal should be removed
• [SONARJAVA-3340] - Jasper dependency should not be required
• [SONARJAVA-3341] - Change issue type of S1104 to code smell

Task

• [SONARJAVA-3241] - Rewrite IssueFiltering mechanism as IssueFilter from SonarQube API is deprecated
• [SONARJAVA-3267] - Drop sonarjava_feedback metric
• [SONARJAVA-3307] - Migrate SonarJava custom rules tutorial to SonarJava 6.X and LTS 7.9
• [SONARJAVA-3333] - Update rules metadata
• [SONARJAVA-3336] - Update documentation regarding new JavaCheckVerifier
• [SONARJAVA-3342] - Update doc about XSS scanning

Improvement

• [SONARJAVA-2410] - Issue filter should also filter rules depending of the java warning suppressed
• [SONARJAVA-3313] - Improve log message for missing compiled classes
• [SONARJAVA-3315] - Unify JavaCheckVerifiers and simplify its usage to test rules
• [SONARJAVA-3317] - Improve performance
• [SONARJAVA-3318] - S2077 should present to the user all the locations where the formatted SQL query string is used
• [SONARJAVA-3323] - S1166 should be able to be configured with an empty whitelist
• [SONARJAVA-3325] - Remove dependency on Ant for JSP transpiling
• [SONARJAVA-3326] - Remove dependency on Eclipse JDT for JSP transpiling
• [SONARJAVA-3331] - FN in S3749: support @component annotation
• [SONARJAVA-3337] - Update branding to drop 'SonarJava'