Release Notes - SonarJava - Version 7.8
Bug
- [SONARJAVA-4128] - Record components of local records should not have the method as owner
- [SONARJAVA-4129] - NPE in S1450 when private field is used in a record
Task
- [SONARJAVA-4141] - Update rules metadata
Improvement
- [SONARJAVA-4059] - Rule S6373 XML parsers should not allow inclusion of arbitrary files
- [SONARJAVA-4062] - Rule S6374 XML parsers should not load external schemas
- [SONARJAVA-4065] - Rule S6376 XML parsers should not be vulnerable to Denial of Service attacks
- [SONARJAVA-4067] - Rule S6377 XML signatures should be validated securely
False-Positive
- [SONARJAVA-3839] - FP in S6212 when a method has parameterized return types
- [SONARJAVA-3842] - FP in S2755 when vulnerability is mitigated in another class
- [SONARJAVA-3899] - FP on S2755 when XML DocumentBuilderFactory is initialized inside initialized block
- [SONARJAVA-4008] - Rule S2755 should accept setExpandEntityReferences solution for openJDK >= 13