Releases: SonarSource/sonar-java
8.14.0.39102
Release notes - SonarJava - 8.14
False Positive
SONARJAVA-4334 S6207 should not raise on constructors where the value of a parameter has been changed before assignment to the component
SONARJAVA-4376 FP S2129: With incomplete semantics, MethodMatcher matches the wrong method instead of nothing
SONARJAVA-4473 FP in rule S2384 when class only has private constructors
SONARJAVA-4481 False positive in rule S6207: records constructors with annotations are not redundant
SONARJAVA-4543 FP in rule S5778 with Enum final methods
SONARJAVA-4748 FP in S6833 when controller contains methods annotated with and without @responsebody
SONARJAVA-4881 FP on S2230 for @transactional on protected and package-private methods
SONARJAVA-4901 S6856 should not raise when the `ModelAttribute` of the parameter refers to a model attribute defined in a parent class
SONARJAVA-4917 FP in the S6857(SpEL rule) when used with Map
SONARJAVA-4964 S1941: FP when lambda expression is present
SONARJAVA-5101 FP in S5860 when Regex are used in Lambdas
SONARJAVA-5274 FP for S1123 on record fields
SONARJAVA-5400 FP S6241 and S6242 when the builder is S3CrtAsyncClientBuilder
SONARJAVA-5436 S108 Should suggest adding a comment as a fix to empty block
SONARJAVA-5437 S1186 Suggest adding a comment to suppress warnings on empty methods.
SONARJAVA-5480 S2699 Does not recognized assertions invoked via Spring's AssertableApplicationContext
SONARJAVA-5496 FP java:S6856 when using Spring property injection “${…}”
SONARJAVA-5547 FP on S2699 when using org.springframework.util.Assert methods
Task
SONARJAVA-5513 Update RSPEC before 8.14 release
SONARJAVA-5539 Prepare next development iteration 8.14
SONARJAVA-5541 Ignore its/plugin/projects in Mend scan
SONARJAVA-5550 Add some pom configuration to cleanup build logs and improve build caching
SONARJAVA-5551 Create GitHub action to update rule metadata.
Documentation
SONARJAVA-5517 Update S1481 rspec with examples of usage of the unnamed pattern introduced in java 22
Contributors
Assets 2
8.13.0.38826
Release notes - SonarJava - 8.13
New Feature
SONARJAVA-5454 S7467: Unused exception parameter should use the unnamed variable pattern
SONARJAVA-5457 S7466: Use `var` instead of a type with unnamed variable _
SONARJAVA-5483 S7475: The type of an unused component should be removed from pattern matching
Bug
SONARJAVA-5338 JVariableSymbol `equals(...)` returns true for unrelated symbols that are declared in different methods
SONARJAVA-5492 S1481 quickfix breaks compilation on record pattern matching
Task
SONARJAVA-5441 document how to find tag corresponding to eclipse releases
SONARJAVA-5451 Update Slack notification in .github/workflows/slack_notify.yml
SONARJAVA-5452 update autoscan differences
SONARJAVA-5456 Set max supported java version to 23 and build with java 23
SONARJAVA-5465 Prepare next development iteration 8.13
SONARJAVA-5466 add script to override ECJ and update instructions in README.md
SONARJAVA-5479 Update rules metadata
SONARJAVA-5484 Address FIXME comment about the use of IdentityHashMap
SONARJAVA-5486 Bump orchestrator to version 5.5 or greater
SONARJAVA-5509 Refactor test sample files of S1481
SONARJAVA-5511 Update required Java version and test source folder in README
SONARJAVA-5516 Update external rules
SONARJAVA-5521 Update rules metadata
Improvement
SONARJAVA-5410 S5977 Rationale in the RSpec should be improved
SONARJAVA-5430 S1481 offers a quick fix for the unused local variable in an enhanced for loop
SONARJAVA-5439 Update JDT core 3.39 -> 3.41
SONARJAVA-5485 S1481 should report on try-with-resources since Java 22
8.12.0.38599
Release notes - SonarJava - 8.12
New Feature
SONARJAVA-5403 Implement S7435: Processing persistent unique identifiers is security-sensitive
SONARJAVA-5412 Implement S7409: Exposing Java interfaces in WebViews is security-sensitive
Bug
SONARJAVA-5421 Rule S2225 crashes with NPE on toString/clone methods with lambdas returning void
Task
SONARJAVA-5415 Prepare next development iteration
SONARJAVA-5417 Exclude test fixtures from SCA analysis
SONARJAVA-5427 fix flaky test
SONARJAVA-5453 Fix quality flaws
Improvement
SONARJAVA-5420 Improve S5344: Passwords should not be stored in plaintext or with a fast hashing algorithm
8.11.0.38440
Release notes - SonarJava - 8.11
False Positive
SONARJAVA-4567 FP on S107 when method is annotated for dependency injection
SONARJAVA-5232 FP in S1192 (duplicated string literal) on messages in Exceptions
SONARJAVA-5341 FP S1479 Wrongly reports too many cases on switches when enum types are unknown
SONARJAVA-5380 FP on S107 with Lombok's @Builder
Bug
SONARJAVA-5392 S5804 throws an NPE when a throw statement is located in a constructor
Task
SONARJAVA-5345 Prepare for next development iteration 8.11.0-SNAPSHOT
SONARJAVA-5347 Upgrade analyzer-commons to 2.16
SONARJAVA-5357 bump tomcat-embed-jasper to 9.0.100
SONARJAVA-5376 Remove unused import to fix quality gate
SONARJAVA-5381 Add script to evaluate beta version of ECJ for a GitHub branch reference
SONARJAVA-5393 Autoclose issues created by Jira integration
SONARJAVA-5394 Autoclose issues created by Jira integration
SONARJAVA-5395 Autoclose issues created by Jira integration
SONARJAVA-5396 Autoclose issues created by Jira integration
SONARJAVA-5413 Update rules metadata
Improvement
SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules
SONARJAVA-5375 S3986 Update the message to use the year instead of the week year.
SONARJAVA-5401 S6809 Rule Description Features incomplete code
SONARJAVA-5404 GeneratedCodeFilter should support jakarta annotations
8.9.1.38281
Release notes - SonarJava - 8.9.1
Task
SONARJAVA-5362 Prepare next development iteration 8.9.1-SNAPSHOT
SONARJAVA-5363 Restrict ITs to run only against 2025.1
Improvement
SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules
8.10.0.38194
Release notes - SonarJava - 8.10
New Feature
SONARJAVA-5317 S7178: Injecting data into static fields is not supported by Spring
SONARJAVA-5318 S7180: @Cache\* annotations should only be applied on concrete classes
SONARJAVA-5319 S7184: @Scheduled annotation should only be applied to no-arg methods
SONARJAVA-5320 S7186: Methods returning "Page" or "Slice" must take "Pageable" as an input parameter
SONARJAVA-5321 S7179: @Cacheable and @CachePut should not be combined
SONARJAVA-5322 S7177: @DirtiesContext should be properly configured
SONARJAVA-5323 S7183: @InitBinder methods should have void return type
SONARJAVA-5325 S7185: @eventlistener methods should have one parameter
SONARJAVA-5328 S7190: Methods annotated with @BeforeTransaction or @AfterTransaction must respect the contract
False Positive
SONARJAVA-4876 FP in rule S2386 when collection was created with `Stream.toList()`
SONARJAVA-4954 FP in S5838: Don't report when there may be ambiguity
SONARJAVA-5128 S3553 should not report on spring @Autowired methods
SONARJAVA-5146 S5411 raises false positive within method map of Optional
SONARJAVA-5147 FP S1905 when the type cast expression is used to call "getClass()"
SONARJAVA-5256 FP in rule S2699 on BDDAssertion
SONARJAVA-5262 FP on S2187 with JUnit5 Cucumber runner
SONARJAVA-5273 FP for S125 for Apache 2.0 license header
SONARJAVA-5336 FP in automatic analysis on S1068 with @Getter on a class
Bug
SONARJAVA-5304 Wrong issue message for S6201 when cast happens in function call
Task
SONARJAVA-5254 Update RSPEC before 8.10 release
SONARJAVA-5259 S5855: Secondary issue locations in `RedundantRegexAlternativesCheckSample` are not checked
SONARJAVA-5270 Prepare for next development iteration 8.10.0-SNAPSHOT
SONARJAVA-5272 Increase CI memory to support new SQS version and prevent OOMKilled
SONARJAVA-5296 Report Java version via addTelemetryProperty().
SONARJAVA-5297 Refactor JavaVersionImpl.fromStrings()
SONARJAVA-5299 Upgrade SonarLintTest ITs to use sonarlint-plugin-api 10.13
SONARJAVA-5303 Fix flaky Windows QA build
SONARJAVA-5309 Replace deprecated Qualifiers API
SONARJAVA-5332 Update README
SONARJAVA-5335 Add IssuableSubscriptionVisitor#reportIssue(startTree, endTree, msg, flow, cost) API
SONARJAVA-5342 Update spotbugs rules
Improvement
SONARJAVA-5324 S6856 : @PathVariable must have path template placeholder
SONARJAVA-5327 S6809: add support for @Cacheable
Documentation
SONARJAVA-5158 S1598: Improve rule issue message
SONARJAVA-5333 DOC Fix xml link in CUSTOM_RULES_101.md
False Negative
SONARJAVA-5041 S5786 should raise an issue on JUnit5 annotated lifecycle methods with a public modifier
8.9.0.37768
Release notes - SonarJava - 8.9
False Positive
SONARJAVA-4441 FP on S1301 [Java 14+] for switch statements with a case containing multiple labels
Task
SONARJAVA-5255 Prepare next development iteration
SONARJAVA-5257 Remove old references to gradle-enterprise
SONARJAVA-5266 Update headers for 2025
SONARJAVA-5268 Update rule metadata
Improvement
SONARJAVA-5258 S1607 Should report secondary location on annotation disabling the test
8.8.0.37665
Release notes - SonarJava - 8.8
False Positive
SONARJAVA-4093 S3252 should not raise issues on access to static members that are declared in inaccessible classes
SONARJAVA-4260 S2699 should not raise issues on RestAssured assertions
SONARJAVA-4263 FP on S2325 when method requires type parameter from parent class
SONARJAVA-4424 FP S2187 expecting TestNG annotated classes to have public test methods
SONARJAVA-4436 FP on rule S2095 when using @lombok.cleanup
SONARJAVA-4446 FP on S2187 for subclasses of test classes
SONARJAVA-4973 S1118 should not raise on classes annotated with `@UtilityClass` when semantic is incomplete
SONARJAVA-5134 FP S2245 - Identification of Commons Lang `RandomStringUtils.secure()` as safe
SONARJAVA-5149 FP S1075 should not raise issues when the an uri is a suffix
SONARJAVA-5185 S2201:FP Optional.orElseThrow has side effect
SONARJAVA-5236 [S6437] passwordParameter not a password
Task
SONARJAVA-5223 Update RSPEC before 8.8 release
SONARJAVA-5225 Prepare next development iteration 8.8
SONARJAVA-5237 Bump orchestrator to version 5.1.0.2254
Improvement
SONARJAVA-5216 S1871 Consider variable identity when testing branch equivalence.
SONARJAVA-5221 QuickFix for S7158 (String.isEmpty() instead of length check).
Sub-task
SONARJAVA-5241 Support .withoutSemantic() mode in FilterVerifier
Documentation
SONARJAVA-5029 S1190: Update Compliant solution comment
SONARJAVA-5036 S3749: Update rule description to add "@resource" from package jakarta.annotation
Bug
SONARJAVA-5239 Remove obsolete Test using deprecated metric "function_complexity_distribution"
Contributors
Assets 2
8.7.0.37452
Release notes - SonarJava - 8.7
New Feature
SONARJAVA-5181 Implement S7158: String.isEmpty() should be used to test for emptiness
Task
SONARJAVA-5178 Update RSPEC before 8.7 release
SONARJAVA-5183 Prepare for next development iteration 8.7.0-SNAPSHOT
SONARJAVA-5186 Improve Test Code Support Part 3
Improvement
SONARJAVA-4983 Improve debug logging of incremental analysis behavior and custom rules
SONARJAVA-5184 S5411 triggered on generic type parameters
SONARJAVA-5189 Update to SONAR Source-Available License v1.0 (SSALv1)
SONARJAVA-5191 Enable S1612 on All code
SONARJAVA-5192 Enable S1640 on All code
SONARJAVA-5193 Enable S1643 on All code
SONARJAVA-5194 Enable S1656 on All code
SONARJAVA-5195 Enable S1710 on All code
SONARJAVA-5196 Enable S1751 on All code
SONARJAVA-5197 Enable S1849 on All code
SONARJAVA-5198 Enable S1858 on All code
SONARJAVA-5199 Enable S1862 on All code
SONARJAVA-5200 Enable S1871 on All code
SONARJAVA-5201 Enable S1872 on All code
SONARJAVA-5202 Enable S1940 on All code
SONARJAVA-5203 Enable S1994 on All code
SONARJAVA-5204 Enable S2093 on All code
SONARJAVA-5205 Enable S2130 on All code
SONARJAVA-5206 Enable S2133 on All code
SONARJAVA-5207 Enable S2140 on All code
SONARJAVA-5208 Enable S2147 on All code
SONARJAVA-5209 Enable S2153 on All code
SONARJAVA-5210 Enable S2154 on All code
SONARJAVA-5211 Enable S2168 on All code
SONARJAVA-5212 Enable S2178 on All code
SONARJAVA-5213 Enable S2183 on All code
SONARJAVA-5214 Enable S2185 on All code
SONARJAVA-5224 Update checkstyle issue mapping
8.6.0.37351
Release notes - SonarJava - 8.6
Bug
SONARJAVA-5015 Improve the tolerance to syntax errors when parsing switch expressions
Documentation
SONARJAVA-5179 Improve Javadoc in MethodMatchers.java
Task
SONARJAVA-5167 Bump org.springframework.security:spring-security-web from 6.2.3 to 6.2.7 in /java-checks-test-sources/spring-3.2
SONARJAVA-5173 Fix broken docs for SQ_10_6.
SONARJAVA-5182 Update rule metadata with new code impacts