Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120) @baloghadamsoftware
Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183) @baloghadamsoftware
Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182) @baloghadamsoftware
Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195) @baloghadamsoftware
Bump up log4j2 binding to 2.19.0
Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
improve compatibility with later version of jdk (>= 13). (#2188)
Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120)
Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183)
Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182)
Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195)
Bump up log4j2 binding to 2.19.0
Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
Fixed InvalidInputException in Eclipse while bug reporting (#2134)
Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142)
Avoid warning on use of security manager on Java 17 and newer. (#1579)
Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771)
Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146)
4.7.1 - 2022-06-26
Fixed
Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931)
Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041)
Disabled detector ThrowingExceptions by default to avoid many false positives (#2040)
Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040)
Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089)
4.7.0 - 2022-04-14
Changed
Updated documentation by adding parenthesis () to the negative odd check message (#1995)
Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)
Fixed
Fixed reports to truncate existing files before writing new content (#1950)
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.
Bumps spotbugs-annotations from 3.1.2 to 4.7.3.
Release notes
Sourced from spotbugs-annotations's releases.
... (truncated)
Changelog
Sourced from spotbugs-annotations's changelog.
... (truncated)
Commits
fa9e53a
release v4.7.3838bf77
build(deps): bump com.gradle.enterprise from 3.11.1 to 3.11.21515e4c
build(deps): bump joda-time from 2.11.2 to 2.12.0393345b
build(deps): bump error_prone_annotations from 2.15.0 to 2.16119956b
Fix for detectorUncallableMethodOfAnonymousClass
to not report unused meth...96d50b5
Fix detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_...35dddba
build(deps): bump groovy-all from 4.0.4 to 4.0.5b4560e0
Fix detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATEN...c4c26c1
Fix for test detector ViewCFG77b7da7
Fix OpcodeStack to handle propagation of taints properly in case of string co...You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)