github SonarSource/sonar-java 7.8.0.28662

latest releases: 8.5.0.37199, 8.4.0.37032, 8.3.0.36747...
2 years ago
    Release Notes - SonarJava - Version 7.8

Bug

  • [SONARJAVA-4128] - Record components of local records should not have the method as owner
  • [SONARJAVA-4129] - NPE in S1450 when private field is used in a record

Task

Improvement

  • [SONARJAVA-4059] - Rule S6373 XML parsers should not allow inclusion of arbitrary files
  • [SONARJAVA-4062] - Rule S6374 XML parsers should not load external schemas
  • [SONARJAVA-4065] - Rule S6376 XML parsers should not be vulnerable to Denial of Service attacks
  • [SONARJAVA-4067] - Rule S6377 XML signatures should be validated securely

False-Positive

  • [SONARJAVA-3839] - FP in S6212 when a method has parameterized return types
  • [SONARJAVA-3842] - FP in S2755 when vulnerability is mitigated in another class
  • [SONARJAVA-3899] - FP on S2755 when XML DocumentBuilderFactory is initialized inside initialized block
  • [SONARJAVA-4008] - Rule S2755 should accept setExpandEntityReferences solution for openJDK >= 13

Don't miss a new sonar-java release

NewReleases is sending notifications on new releases.