« Changelog History


Spotbugs v4.3.0 Release Notes

Release Date: 2021-07-01 // almost 3 years ago

  • 🛠 Fixed

    • 🔦 MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)

    🔄 Changed

    • ⬆️ Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
    • ⬆️ Bump Saxon-HE from 10.3 to 10.5 (#1513)
    • ⬆️ Bump gson from 2.8.6 to 2.8.7 (#1556)
    • Function mutableSignature() improved and factored out from the MutableStaticFields detector

    ➕ Added

    • 🔦 New bugs MS_EXPOSE_BUF, EI_EXPOSE_BUF, EI_EXPOSE_STATIC_BUF2 and EI_EXPOSE_BUF2 by the FindReturnRef detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J)
    • 🔦 MS_EXPOSE_REP, EI_EXPOSE_REP, EI_EXPOSE_STATIC_REP2 and EI_EXPOSE_REP2 now report for shallowly copied arrays (using clone()) of mutable objects