github SonarSource/sonar-java 6.9.0.23563

latest releases: 8.5.0.37199, 8.4.0.37032, 8.3.0.36747...
4 years ago
    Release Notes - SonarJava - Version 6.9.0.23563

Bug

  • [SONARJAVA-3285] - Java 13/14 preview feature "Text Block" produce highlighting IllegalArgumentException
  • [SONARJAVA-3541] - NPE in Symbolic Execution engine when dealing with java 14 switch expressions without default

New Feature

  • [SONARJAVA-3374] - Rule S5804 allowing user enumeration is security-sensitive
  • [SONARJAVA-3396] - Rule S5808 Authorizations should be based on strong decisions
  • [SONARJAVA-3411] - Rule S5876 A new session should be created during user authentication
  • [SONARJAVA-3542] - RSPEC-5993 Constructors of an "abstract" class should not be declared "public"

Task

Improvement

  • [SONARJAVA-3376] - Rule S3752: from Vulnerability to Security Hotspot and small improvements on the detection algorithm
  • [SONARJAVA-3414] - Rule S4790: its content should be replaced by S2070
  • [SONARJAVA-3472] - Document wildcards pattern in rule's parameters (S110, S1176)
  • [SONARJAVA-3478] - S2201: Support common Collection and Map methods
  • [SONARJAVA-3525] - S2333 supports redundant modifiers on nested interfaces and classes
  • [SONARJAVA-3536] - Consistently support Nullable/CheckForNull/Nonnull annotations in rules
  • [SONARJAVA-3539] - FP in S5845 when BigDecimal and BigInteger are compared with string

False-Positive

False Negative

  • [SONARJAVA-3388] - Rule S2070 should support "org.springframework.util.DigestUtils"
  • [SONARJAVA-3538] - S5853 does not handle custom assertions

Don't miss a new sonar-java release

NewReleases is sending notifications on new releases.