Releases: SonarSource/sonar-java
7.33.0.35775
Release notes - SonarJava - 7.33
False Negative
SONARJAVA-4770 S2438 FN on arguments whose concrete type is Thread
Task
SONARJAVA-4918 Update dependencies + prepare for next development iteration 7.33.0-SNAPSHOT
SONARJAVA-4922 Upgrade sonar-plugin-api and fix IndexedFile issue
SONARJAVA-4924 Remove deprecated method ExpressionUtils.getEnclosingElement
Improvement
SONARJAVA-4858 S5344: Add support for detection of two additional insecure PasswordEncoders
SONARJAVA-4863 S2092: Support detection of missing secure cookie flag for Spring
SONARJAVA-4864 S3330: Support detection of missing http-only cookie flag for Spring
SONARJAVA-4866 S2077: Support detection of formatted SQL queries in Spring
SONARJAVA-4871 S5122: Support detection of Permissive CORS policies for Spring
SONARJAVA-4875 S4502: Support detection of CSRF Protection for Spring
SONARJAVA-4880 S5804: Support detection of User Enumeration for Spring
SONARJAVA-4882 S5876: Support detection of Session Fixation for Spring
SONARJAVA-4883 S4423: Support detection of TLS Protocol Downgrades for Spring programmatically
SONARJAVA-4884 S4507: Support detection of enabled Debug Features in Spring programmatically
SONARJAVA-4885 S5693: Support detection of Excessive File Upload Size Limit for Spring programmatically
SONARJAVA-4921 Update Java parser version to ECJ 3.37.0
7.32.0.35531
Release notes - SonarJava - 7.32
Bug
SONARJAVA-4756 NumberFormatException in AbstractPrintfChecker.getIndex(String param)
SONARJAVA-4873 Wrong quickfix in S1066
SONARJAVA-4909 Missing parentheses in the children() method of RecordPatternTreeImpl
SONARJAVA-4913 S1181 misses issues after unknown symbol
False-Positive
SONARJAVA-4422 S6204 FP on lists used outside their instantiation scope
SONARJAVA-4438 S6204: recommendation not applicable when upcast is required
SONARJAVA-4749 FP in S1170 when field is used in a non-static member
SONARJAVA-4751 FP in S2326 when type parameters are used in the child classes or interface implementations
SONARJAVA-4752 FP in S5665 when \\" and \\' are not intended to be escaped
SONARJAVA-4758 S1113 should cover the finalizer attack
SONARJAVA-4814 S1948 should not raise issues on final fields
SONARJAVA-4816 S1948 should support jakarta.inject.Inject
SONARJAVA-4829 FP in rule S2694 on local classes
SONARJAVA-4835 FP on S3242 forcing user to add unnecessary logic
SONARJAVA-4857 S3457: FP on certain java.util.logging strings with single quotes
SONARJAVA-4865 S6856 should not raise on named regex
SONARJAVA-4904 FP on S1301 when using switch statement with type patterns
SONARJAVA-4907 FP on S1481 when using type pattern matching in case clauses of a switch
SONARJAVA-4908 FP on S131 when using switch statement on type pattern
New Feature
SONARJAVA-4823 S6885 Add clamp methods to Math
SONARJAVA-4825 S6876 SequencedCollection reversed view should be used for reverse iteration order
SONARJAVA-4826 S6880 Use switch instead of if else for pattern matching
SONARJAVA-4827 S6877 SequencedCollection reversed view should be used instead of Collections.reverse for read-only lists
SONARJAVA-4831 S6891: Avoid exact alarms
SONARJAVA-4832 S6881 VirtualThreads should be used for tasks that include heavy blocking operations
SONARJAVA-4837 S6878 Use record pattern instead of explicit field access
SONARJAVA-4838 S6901: Thread.setDaemon(boolean), Thread.setPriority(int) and Thread.getThreadGroup() should not be invoked on VirtualThread
SONARJAVA-4840 S6905: SQL queries should retrieve only necessary fields
SONARJAVA-4841 S6898: Avoid high frame rate
SONARJAVA-4842 S6909: Constant parameters in a PreparedStatement should not be set more than once
SONARJAVA-4843 S6906: Virtual threads should not run tasks that include synchronized or native code
SONARJAVA-4844 S6913 Clamp should be used with correct ranges
SONARJAVA-4845 S6914: Use Fused Location to optimize battery power
SONARJAVA-4848 S6916 Use guard instead of a single if/else in pattern match body
SONARJAVA-4849 S6915 indexOf(char|String, int, int) should be used with correct ranges
SONARJAVA-4851 S6912: Use batch Processing in JDBC
SONARJAVA-4854 S6923: Motion Sensor should not use gyroscope
SONARJAVA-4855 S6926: Bluetooth should be configured to use low power
False Negative
SONARJAVA-4784 S2093 should raise on HttpClient starting on Java 21+ code
Improvement
SONARJAVA-4415 Add parameter to ignore particular annotations in S1068
SONARJAVA-4898 S6218: Improve reporting to no highlight the entire record
SONARJAVA-4900 Provide the resolved method "symbol" in "LambdaExpressionTree"
SONARJAVA-4912 S6204 Update issue message
7.31.0.34839
Release notes - SonarJava - 7.31
Java 21 support
Bug
SONARJAVA-4754 Fix memory leak in java:S1849 when cleaning the rule state
SONARJAVA-4755 Runtime arithmetic exception when resolving constant values with a division by zero
False-Positive
SONARJAVA-4413 S2699 add Vert.x assertion methods for JUnit 5
SONARJAVA-4598 FP on S2259 when CollectionUtils and MapUtils are used from commons3
New Feature
SONARJAVA-4750 Update Java parser version to ECJ 3.36.0
SONARJAVA-4833 S6889: Proper Sensor Resource Management
SONARJAVA-4839 S6904: Avoid using FetchType.EAGER
Task
SONARJAVA-4869 Update Rules Metadata
Improvement
SONARJAVA-4759 Prevent implementiaton of useless `IssuableSubscriptionVisitor#scanFile()` method
7.30.1.34514
Release notes - SonarJava - 7.30.1
Documentation
SONARJAVA-4745 Update license headers
Task
SONARJAVA-4746 Revert on-demand plugin downloading
Improvement
SONARJAVA-4635 Update rules related to "javax" library to support also "jakarta" - Part 2/2
7.30.0.34429
Release notes - SonarJava - 7.30
Bug
SONARJAVA-4726 S1656: NPE when re-assigning static field to itself
False-Positive
SONARJAVA-4414 S5413 raises issue despite function returning after remove call
SONARJAVA-4695 FP, S6804 should not raise when @Value references a Spring ressource
New Feature
SONARJAVA-4685 Implement rule S6838: @Bean methods for Singleton should not be invoked in @Configuration when proxyBeanMethods is false
SONARJAVA-4719 Improve S125 accuracy and detection
SONARJAVA-4723 Implement rule S6856: @PathVariable annotation should be present if a path variable is used
SONARJAVA-4727 Implement rule S6862: Beans in @Configuration class should have different names
SONARJAVA-4732 Implement rule S6863: Set appropriate Status Codes on HTTP responses
SONARJAVA-4740 Support on-demand plugin downloading
Task
SONARJAVA-4742 Update Rules Metadata
SONARJAVA-4743 Update External Linters Metadata
Improvement
SONARJAVA-4697 The Java analyzer's frontend should not fail on split-package issues
7.29.0.34131
Release notes - SonarJava - 7.29
Bug
SONARJAVA-4591 S1319 Update MAPPING for TreeMap
SONARJAVA-4617 S1226 - Fix CFG construction inside "return switch" expression for yield without break cases
Documentation
SONARJAVA-4703 Update RSPEC S6809 and S2230: Software Quality should have only one attribute
False-Positive
SONARJAVA-4169 S3553 should not report an issue for spring mvc optional parameters
SONARJAVA-4590 S1319: Method parameter uses method not available in interface
New Feature
SONARJAVA-4576 Update the java API with methods from JUtils used by our rules so they can be used in custom rules
SONARJAVA-4700 Update the java API with methods from JUtils used by our rules so they can be used in custom rules
SONARJAVA-4702 Update the java API with methods from JUtils used by our rules so they can be used in custom rules
False Negative
SONARJAVA-4513 FN S2060 (ExternalizableClassConstructorCheck) if no-argument constructor is not public
Task
SONARJAVA-4707 Update Rules Metadata
SONARJAVA-4708 Update External Linters Metadata
Improvement
SONARJAVA-4447 S2185: Rephrase issue message to not use "silly"
SONARJAVA-4448 S2437: Rephrase issue message to not use "silly"
SONARJAVA-4460 S6548: improve RSPEC to show first the most recent recommended Singleton implementations
SONARJAVA-4502 Add quickfix for S1153
SONARJAVA-4508 Rule S2110: Add lower threshold to the Date values check
7.28.0.33738
Release notes - SonarJava - 7.28
Bug
SONARJAVA-4540 Support Record's Compact Constructors in the MethodTreeImpl#getLine
SONARJAVA-4691 S6804 should not fail to process value annotations with named arguments
Documentation
SONARJAVA-4688 Update rule title S6809
False-Positive
SONARJAVA-4680 FP on S4684 when using @AuthenticationPrincipal annotation for request mapping parameters
New Feature
SONARJAVA-4650 Implement S6817: Use of the @Async annotation on methods declared within a @Configuration class in Spring Boot
SONARJAVA-4654 Implement S6818: Avoid Using @Autowired on Multiple Constructors in a Spring Component
SONARJAVA-4676 Implement rule S6829: @Autowired should be used when multiple constructors are provided #3350
SONARJAVA-4677 Implement S6830: Bean names should adhere to the naming conventions
SONARJAVA-4678 Implement S6831: @Qualifier should not be used on @Bean methods
SONARJAVA-4679 Implement S6833: @Controller should be replaced with @RestController
SONARJAVA-4681 Implement rule S6832: Non-singleton Spring beans should not be injected in a Singleton bean
SONARJAVA-4682 Implement S6816: Nullable injected fields and parameters should provide a default value
SONARJAVA-4683 Implement S6837: Superfluous @ResponseBody annotations should be removed
Task
SONARJAVA-4662 Update Rules Metadata and External Linters Metadata
7.27.1.33504
Release notes - SonarJava - 7.27.1
Task
SONARJAVA-4664 Disable deployment of java-checks-test-sources artifacts to repox
7.27.0.33463
Release notes - SonarJava - 7.27
Bug
SONARJAVA-4658 JavaSonarWayProfile has unsatisfied dependency "ProfileRegistrar"
New Feature
SONARJAVA-4643 Implement S6804: @Value annotation should inject property or SpEL expression
SONARJAVA-4645 Implement S6806: Model attribute Naming Convention for Spring Expression Language (SpEL)
SONARJAVA-4648 Implement S6810: Async methods should return void or Future
SONARJAVA-4649 Implement S6813: Avoid field dependency injection
SONARJAVA-4652 Implement S6809: @Async annotated methods should not be called via "this"
SONARJAVA-4653 Implement S6814: Optional REST parameters should have an object type
Task
SONARJAVA-4661 Update Rules Metadata
Improvement
SONARJAVA-4651 Extend S2230 with @Async annotation
7.26.0.33315
Release notes - SonarJava - 7.26
Sub-task
SONARJAVA-4383 [jakarta support] Include support of migrated javax packages 2/3
SONARJAVA-4388 [jakarta support] Include support of migrated javax packages 3/3
SONARJAVA-4612 [jakarta support] Include support of migrated javax packages 1/3
Task
SONARJAVA-4657 Update rules metadata
Improvement
SONARJAVA-4377 Update rules related to "javax" library to support also "jakarta" - Part 1/2