All Versions
56
Latest Version
Avg Release Cycle
29 days
Latest Release
14 days ago

Changelog History
Page 1

  • v4.4.2 Changes

    October 08, 2021

    ๐Ÿ”„ Changed

    • โž• Add bug code to report in fancy-hist.xsl (#1688)
    • โฌ†๏ธ Bump Saxon-HE from 10.5 to 10.6 (#1715)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed immutable java.lang.Class as being flagged as EI (#1695)
    • Agree verb with plural subject in the description of SW_SWING_METHODS_INVOKED_IN_SWING_THREAD (#1664)
    • Wrong description of the SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS (#1664)
    • ๐Ÿ›  Fixed java.util.Locale as being flagged as EI (#1702)
    • ๐Ÿ›  Fixed reference to java.awt.Cursor which caused it to be flagged as EI (#1702)
    • Treat types with @com.google.errorprone.annotations.Immutable as immutable (#1705)
    • ๐Ÿ›  Fix annotation check for jdk.internal.ValueBased (#1706)
    • DMI_RANDOM_USED_ONLY_ONCE false positive (#1539)
    • NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR false negative (#1642)
    • Immutable java.util.regex.Pattern as being flagged as EI (#1695)
    • Resource leak in the JrtfsCodeBase (#1732)

  • v4.4.1 Changes

    September 07, 2021

    ๐Ÿ”„ Changed

    • โฌ†๏ธ Bump gson from 2.8.7 to 2.8.8 (#1658)
    • Lower ExitCodes logger to debug level (#1661)
    • ๐Ÿ›  Fixed SARIF format to be compatible with Github code scanning API requirements (#1630)

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed immutable classes in java.net.* as being flagged as EI (#1653
    • Classes containing only static methods with setter-like names are no longer considered as mutable (#1601)
    • ๐Ÿ– Handle all immutable collections in the Guava library as immutable (#1601)
    • Classes annotated with @Immutable or @jdk.internal.ValueBased are considered as immutable (#1601)
    • ๐Ÿ“ฆ All classes in packages java.time and java.math are now correctly handled as immutable (#1601)

  • v4.4.0 Changes

    August 12, 2021

    ๐Ÿ›  Fixed

    • Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE (#600 and #1338)
    • Inconsistent bug description on EQ_COMPARING_CLASS_NAMES (#1523)
    • โž• Add a declaration of charset encoding in generated reports (#1623)
    • ๐Ÿ›  Fixed regression in Bug Info view for Eclipse 2021-03+ (#1477)

    โž• Added

    • New detector FindBadEndOfStreamCheck for new bug type EOS_BAD_END_OF_STREAM_CHECK. This bug is reported whenever the return value of java.io.FileInputStream.read() or java.io.FileReader.read() is first converted to byte/int and only thereafter checked against -1. (See SEI CERT rule FIO08-J)

  • v4.3.0 Changes

    July 01, 2021

    ๐Ÿ›  Fixed

    • ๐Ÿ”ฆ MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)

    ๐Ÿ”„ Changed

    • โฌ†๏ธ Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
    • โฌ†๏ธ Bump Saxon-HE from 10.3 to 10.5 (#1513)
    • โฌ†๏ธ Bump gson from 2.8.6 to 2.8.7 (#1556)
    • Function mutableSignature() improved and factored out from the MutableStaticFields detector

    โž• Added

    • ๐Ÿ”ฆ New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
    • ๐Ÿ”ฆ MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects

  • v4.2.3 Changes

    April 12, 2021

    ๐Ÿ›  Fixed

    • Inconsistency in the description of DLS_DEAD_LOCAL_INCREMENT_IN_RETURN, VO_VOLATILE_INCREMENT and QF_QUESTIONABLE_FOR_LOOP (#1470)
    • โš  Should issue warning for SecureRandom object created and used only once (#1464)
    • False positive OBL_UNSATIFIED_OBLIGATION with try with resources (#79)
    • SA_LOCAL_SELF_COMPUTATION bug (#1472)
    • False positive EQ_UNUSUAL with record classes (#1367)

  • v4.2.2 Changes

    March 03, 2021

    ๐Ÿ›  Fixed

    • UWF_NULL_FIELD doesn't report line number (#1368)
    • ๐Ÿ‘ UnsupportedOperationException in BugRanker.trimToMaxRank (#1161)

    ๐Ÿ”„ Changed

    • โฌ†๏ธ Bump ASM from 9.0 to 9.1 supporting JDK17
    • โฌ†๏ธ Bump commons-lang from 3.11 to 3.12.0
    • Replace org.json:json:20201115 with com.google.code.gson:gson:2.8.6

  • v4.2.1 Changes

    February 04, 2021

    ๐Ÿ›  Fixed

    • Invalid HTML in the description of LI_LAZY_INIT_UPDATE_STATIC bug pattern (#1383)
    • NP_NONNULL_PARAM_VIOLATION false-positive in CompletableFuture.completedStage(value) (#1397)

    ๐Ÿ”„ Changed

    • โฌ†๏ธ Bump json from 20200518 to 20201115 (#1384)

  • v4.2.0 Changes

    November 28, 2020

    ๐Ÿ”„ CHANGELOG

    CHECKSUM

    file checksum (sha256)
    spotbugs-4.2.0-javadoc.jar 351df25a8ff5dcce9b14de670e1dbe0c6808d796686978ecee8821dbf305e5d0
    spotbugs-4.2.0-sources.jar 95b25a75d6e36f2d3f4d501795db6a7468bfe23ddcc9e7496065d2bee6f36d9d
    spotbugs-4.2.0.tgz f5e2ad6e94515923a8b9a6db370d3b34a3aad9eda13315146b9bbd03bcbe7e30
    spotbugs-4.2.0.zip 4d16c579b8622a72ee57cc5c3e730ad78c8107208528f7de875976a9dd840443
    spotbugs-annotations-4.2.0-javadoc.jar c18c4c920acec9cb7b9c204ecc78998c5bccf9150c5a8cecd2fdc25e565be71b
    spotbugs-annotations-4.2.0-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
    spotbugs-annotations.jar 871aee8bb3f7400a0d09e9675dcd7388da584169f4aab3565efc5a3f5bc90eab
    spotbugs-ant-4.2.0-javadoc.jar a88414de79a0c1cf420058583fe64a746e2ebe6a918f91f4e7d183c06a452810
    spotbugs-ant-4.2.0-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
    spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
    spotbugs.jar 4d48063a6f7b623936b68e150ea73499f6bfeb5d1bc4769214e04a9c8804132e
    โœ… test-harness-4.2.0-javadoc.jar
    โœ… test-harness-4.2.0-sources.jar
    โœ… test-harness-4.2.0.jar
    โœ… test-harness-core-4.2.0-javadoc.jar
    โœ… test-harness-core-4.2.0-sources.jar
    โœ… test-harness-core-4.2.0.jar
    โœ… test-harness-jupiter-4.2.0-javadoc.jar
    โœ… test-harness-jupiter-4.2.0-sources.jar
    โœ… test-harness-jupiter-4.2.0.jar

  • v4.1.4 Changes

    October 15, 2020

    ๐Ÿ”„ CHANGELOG

    CHECKSUM

    file checksum (sha256)
    spotbugs-4.1.4-javadoc.jar 32fd9b5cbc6cca027183d72de3dbef2bf4670b461f42db4eefab2e8cc7fa0e1f
    spotbugs-4.1.4-sources.jar b36f8138c79be464f270c5fb9a89f53481c7282a857115f45f95e5d462dabeee
    spotbugs-4.1.4.tgz 2e6ebf87f92887e06d3a5aa29a2c3331c7ed089019aca1529670e156c6b0849e
    spotbugs-4.1.4.zip 80d37786abecb607937402517a778bd0ef2bf4ae49639994852104807ecd63b4
    spotbugs-annotations-4.1.4-javadoc.jar 9fc57182b3293d8834a87e691de7ac2e35824518f80fc480c59e6bf51e141c92
    spotbugs-annotations-4.1.4-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
    spotbugs-annotations.jar f4d784f99c40cd7240cc36cd9288ff89e03b00681f282ee7cca2348e364ce0a1
    spotbugs-ant-4.1.4-javadoc.jar 1ded0d8eb8cb3724f4d2c4e523c3c3254ef1cd2e4a8510a32314f13c2a01d9cc
    spotbugs-ant-4.1.4-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
    spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
    spotbugs.jar 9407c27b324ad493479e3c2365e01444ce88db0fa86c835940c0f9ddd746f268
    โœ… test-harness-4.1.4-javadoc.jar
    โœ… test-harness-4.1.4-sources.jar
    โœ… test-harness-4.1.4.jar
    โœ… test-harness-core-4.1.4-javadoc.jar
    โœ… test-harness-core-4.1.4-sources.jar
    โœ… test-harness-core-4.1.4.jar
    โœ… test-harness-jupiter-4.1.4-javadoc.jar
    โœ… test-harness-jupiter-4.1.4-sources.jar
    โœ… test-harness-jupiter-4.1.4.jar

  • v4.1.3 Changes

    September 25, 2020

    ๐Ÿ”„ CHANGELOG

    CHECKSUM

    file checksum (sha256)
    spotbugs-4.1.3-javadoc.jar 695e24f667c12168782861fa7b8e5403b47be29eb7b018b8311b4167aa87f0b3
    spotbugs-4.1.3-sources.jar dc5821a26467927527cc56dc461ef90121afc66343f8dcce525edb2e03f04330
    spotbugs-4.1.3.tgz 4c5ad9f3b8e592c07c980c63a4838d1f9169b9f6472ffdbe813c0df6c29522c3
    spotbugs-4.1.3.zip b815b43f9eef93c378de89124ba9bb3f9698a873d57ee2140241ea344b75b123
    spotbugs-annotations-4.1.3-javadoc.jar e52346ab3fb6d79166b87594599e489f2a1718a096ad9f3caf59c8339e0c8264
    spotbugs-annotations-4.1.3-sources.jar b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
    spotbugs-annotations.jar d11139edf901fe95d7515f495e617df135d50341ded53ff5956eff899feafb2b
    spotbugs-ant-4.1.3-javadoc.jar 724245ff73e660a806ca90d9f887375f6a76a81c8bdb32c598bd13b4f99da3a9
    spotbugs-ant-4.1.3-sources.jar c74dec42c0ed0dd1ae02a7410d8e0f0dbbee23e8e7da4a21910863677fcdbc8e
    spotbugs-ant.jar 9233e48d37882ae4e7a42e9f42ef4c63d6f802cf8f3b03ba575bee26e5032367
    spotbugs.jar b8e89b98c63563ba449941795b67fd96d00f7da910748a682ecb9425d3a03ca2
    โœ… test-harness-4.1.3-javadoc.jar
    โœ… test-harness-4.1.3-sources.jar
    โœ… test-harness-4.1.3.jar
    โœ… test-harness-core-4.1.3-javadoc.jar
    โœ… test-harness-core-4.1.3-sources.jar
    โœ… test-harness-core-4.1.3.jar
    โœ… test-harness-jupiter-4.1.3-javadoc.jar
    โœ… test-harness-jupiter-4.1.3-sources.jar
    โœ… test-harness-jupiter-4.1.3.jar