Spotbugs v4.3.0 Release Notes
Release Date: 2021-07-01 // almost 3 years ago-
🛠 Fixed
- 🔦
MS_EXPOSE_REP
andEI_EXPOSE_REP
are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)
🔄 Changed
- ⬆️ Bump ObjectWeb ASM from 9.1 to 9.2 supporting JDK 18 (#1591)
- ⬆️ Bump Saxon-HE from 10.3 to 10.5 (#1513)
- ⬆️ Bump gson from 2.8.6 to 2.8.7 (#1556)
- Function
mutableSignature()
improved and factored out from theMutableStaticFields
detector
➕ Added
- 🔦 New bugs
MS_EXPOSE_BUF
,EI_EXPOSE_BUF
,EI_EXPOSE_STATIC_BUF2
andEI_EXPOSE_BUF2
by theFindReturnRef
detector to detect cases where buffers or their backing arrays are exposed (see SEI CERT rule FIO05-J) - 🔦
MS_EXPOSE_REP
,EI_EXPOSE_REP
,EI_EXPOSE_STATIC_REP2
andEI_EXPOSE_REP2
now report for shallowly copied arrays (using clone()) of mutable objects
- 🔦