Implemented enhancements:
- Java 21 Support #723
Closed issues:
- SpringEntityLeakDetector crashes with array types #679
- Java 17 not working #678
- Detect usage of Apache BeanUtils.copyProperties as dangerous #601
Merged pull requests:
- Upgrade SpotBugs to 4.8.3 #725 (gtoison)
- Updates to handle string-building taint with invokedynamic concatenation in JDK > 8 #713 (jbindel)
- taint-config files java-lang.txt and scala.txt propagate taint from character types #712 (jbindel)
- Add GCM-SIV to authenticated cipher mode list #710 (mzcu)
- Fix IMPROPER_UNICODE rule description #707 (Vampire)
- Update messages.xml #700 (jasonparallel)
- Fixing typo in docs #699 (kdowbecki)
- Verbose source line locations report #691 (oxeye-gal)
- Adding workaround for JDK > 8 invokedynamic tainting #690 (oxeye-gal)
- JstlExpressionWhiteLister now allows custom regular expressions #686 (jbindel)
- fix: added "cash account" to the safe words, not a SHA password #683 (gtoison)
- Add Detector for XXE in XML SchemaFactory #682 (exceptionfactory)
- Add Detector for XXE in XML Validator #681 (exceptionfactory)
- fix: handle arrays in SignatureParserWithGeneric #680 (gtoison)
- New detector for potential XML injection #663 (baloghadamsoftware)
- Detect usage of Apache BeanUtils as dangerous #601 #629 (marcelel)