SpotBugs 4.8.4
CHANGELOG
Fixed
- Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
- Fix possible null value in taxonomies of SARIF output (#2744)
- Fix
executionSuccessful
flag in SARIF report being set to false when bugs were found (#2116) - Move information contained in the SARIF property
exitSignalName
toexitCodeDescription
(#2739) - Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
- Added support for CONSTANT_Dynamic (#2759)
- Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
- Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
- Remove AppleExtension library (note: menus slightly changed) (#2823)
- Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
- Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
- Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)
- Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#2828)
- Update UnreadFields detector to ignore warnings for fields with certain annotations (#574)
- Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with
@PostConstruct
,@BeforeEach
, etc. (#2872 #2870 #453) - Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#2865)
- Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#2874)
- Added more nullability annotations in TypeQualifierResolver (#2558 #2694)
- Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#2881)
- Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #2887)
- Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
- Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method #2837)
- Update the filter XSD namespace and location for the upcoming 4.8.4 release #2909)
Added
- New detector
MultipleInstantiationsOfSingletons
and introduced new bug types:SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR
is reported in case of a non-private constructor,SING_SINGLETON_IMPLEMENTS_CLONEABLE
is reported in case of a class directly implementing theCloneable
interface,SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE
is reported when a class indirectly implements theCloneable
interface,SING_SINGLETON_IMPLEMENTS_CLONE_METHOD
is reported when a class does not implement theCloneable
interface, but has aclone()
method,SING_SINGLETON_IMPLEMENTS_SERIALIZABLE
is reported when a class directly or indirectly implements theSerializable
interface andSING_SINGLETON_GETTER_NOT_SYNCHRONIZED
is reported when the instance-getter method of the singleton class is not synchronized.
(See SEI CERT MSC07-J)
- Extend
FindOverridableMethodCall
detector with new bug type:MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT
. It's reported when an overridable method is called fromreadObject()
, according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.
Changed
- Minor cleanup in connection with slashed and dotted names (#2805)
Build
- Fix sonar coverage for project (#2796)
- Upgraded the build to compile bug samples using Java 21 language features (#2813)
- Add 'configurations.checkstyle resolution starategy' to control bug in gradle on exclusions not being excluded properly as seen in checkstyle usage. See checkstyle/checkstyle#14211 for more information. (#2798)
- Allow our builds to work with jdk 11 with drop back on Eclipse to 4.24 and spring to 5.3.31. (#2604)
CHECKSUM
file | checksum (sha256) |
---|---|
spotbugs-4.8.4-javadoc.jar | eeb8bff5bcd8fb6a3a59470f6a692f1364e707c81c05604306b61d251feaa945 |
spotbugs-4.8.4-sources.jar | 8b1bcd6d4f885e39140f13cd03636e6598d6e58f224f1ebc6ce691ce586c9c13 |
spotbugs-4.8.4.tgz | 11629b13aad39c453c23f8a8a43096b003afb55924a17424a9e1bc722190576b |
spotbugs-4.8.4.zip | 20584b304d4b5755c1e99e712093c3a5df58d7fca848094460ace64410537127 |
spotbugs-annotations-4.8.4-javadoc.jar | 068306fc4fd7151ad714743073ea50b2e06ff305b07fd8a00ddde9474d6fcbe8 |
spotbugs-annotations-4.8.4-sources.jar | b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b |
spotbugs-annotations.jar | baa8208c3a16d4bc08eb3717e295604154f1c12bf9fe547799ed8bae325f2718 |
spotbugs-ant-4.8.4-javadoc.jar | f8755ad5aeda98e314c346b64d80608e84d0b21e1cf4d1944236782fd93c552a |
spotbugs-ant-4.8.4-sources.jar | 9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61 |
spotbugs-ant.jar | a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c |
spotbugs.jar | 1ca27492ff249922c8a0df73d3bad3551fad860ee2333d52fcd6d7ca05e48312 |
test-harness-4.8.4-javadoc.jar | fc219a8628b999e1518220abb1143bd721c27a4a02737d3b42f016736265afcc |
test-harness-4.8.4-sources.jar | 76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a |
test-harness-4.8.4.jar | 2136665f90315fee5f4e6c4d5f7003e3d6b61ba0fb55346b4d583602a2587c28 |
test-harness-core-4.8.4-javadoc.jar | 303a41589c918af6ac64a9c133d62ec3efb2512be319f44e3341ee2d441e2272 |
test-harness-core-4.8.4-sources.jar | f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082 |
test-harness-core-4.8.4.jar | 5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242 |
test-harness-jupiter-4.8.4-javadoc.jar | 191183626b64d9e9a0d7a78b3eb35ecf4540b76fc3df4cd7966219ef8ef79402 |
test-harness-jupiter-4.8.4-sources.jar | 0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800 |
test-harness-jupiter-4.8.4.jar | d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485 |