github SonarSource/sonar-java

Release Notes - SonarJava - Version


  • [SONARJAVA-3285] - Java 13/14 preview feature "Text Block" produce highlighting IllegalArgumentException

  • [SONARJAVA-3541] - NPE in Symbolic Execution engine when dealing with java 14 switch expressions without default

New Feature

  • [SONARJAVA-3374] - Rule S5804 allowing user enumeration is security-sensitive

  • [SONARJAVA-3396] - Rule S5808 Authorizations should be based on strong decisions

  • [SONARJAVA-3411] - Rule S5876 A new session should be created during user authentication

  • [SONARJAVA-3542] - RSPEC-5993 Constructors of an "abstract" class should not be declared "public"



  • [SONARJAVA-3376] - Rule S3752: from Vulnerability to Security Hotspot and small improvements on the detection algorithm

  • [SONARJAVA-3414] - Rule S4790: its content should be replaced by S2070

  • [SONARJAVA-3472] - Document wildcards pattern in rule's parameters (S110, S1176)

  • [SONARJAVA-3478] - S2201: Support common Collection and Map methods

  • [SONARJAVA-3525] - S2333 supports redundant modifiers on nested interfaces and classes

  • [SONARJAVA-3536] - Consistently support Nullable/CheckForNull/Nonnull annotations in rules

  • [SONARJAVA-3539] - FP in S5845 when BigDecimal and BigInteger are compared with string


  • [SONARJAVA-3468] - FP on S1905 when casted argument is an ambiguous method reference.

  • [SONARJAVA-3479] - FP in S2184 when return is in another scope

  • [SONARJAVA-3535] - Rule S3749 should not raise when the singleton has @ConfigurationProperties annotation

  • [SONARJAVA-3540] - FP in S2175 when a primitive is auto-boxed into a subtype of Number.

False Negative

  • [SONARJAVA-3388] - Rule S2070 should support "org.springframework.util.DigestUtils"

  • [SONARJAVA-3538] - S5853 does not handle custom assertions

latest releases: test_rules_cov,,
3 months ago