Spotbugs v4.5.0 Release Notes

Release Date: 2021-11-05 // 7 months ago
  • ๐Ÿ”„ Changed

    • Replace "ๅˆ†ๆž" with "่งฃๆž" in Japanese document (#1573)
    • โž• Add a section to document how to integrate find-sec-bugs into spotbugs-maven-plugin (#540)
    • โฌ†๏ธ Bump gson from 2.8.8 to 2.8.9 (#1784)
    • ๐Ÿ”„ Changes related to dominators analysis in package edu.umd.cs.findbugs.classfile.engine.bcel (#1741):
      • DominatorsAnalysisFactory renamed to NonExceptionDominatorsAnalysisFactory (clarification)
      • NonExceptionPostdominatorsAnalysisFactory renamed to NonExceptionPostDominatorsAnalysisFactory (spelling)
      • NonImplicitExceptionDominatorsAnalysis introduced (API consistency)

    โž• Added

    • Rule DCN_NULLPOINTER_EXCEPTION covers catching NullPointerExceptions in accordance with SEI Cert rule ERR08-J (#1740)
    • ๐Ÿ”ง Multiple types of report can be generated in batch. Set multiple commandline options for report configuration like -html=report/spotbugs.html -xml:withMessages=report/spotbugs.xml.
    • New rule REFL_REFLECTION_INCREASES_ACCESSIBILITY_OF_CLASS to detect public methods instantiating a class they get in their parameter. This rule based on the SEI CERT rule SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields. (#SEC05-J)
    • New detector FindOverridableMethodCall to detect invocation of overridable method in constructors (MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR) and clone() method (MC_OVERRIDABLE_METHOD_CALL_IN_CLONE), according to SEI CERT rules MET05-J. Ensure that constructors do not call overridable methods and MET06-J. Do not invoke overridable methods in clone().
    • ๐ŸŒ Translation of online manual to Brazilian Portuguese (PT-BR).

    ๐Ÿ›  Fixed

    ๐Ÿ—„ Deprecated

    • ๐Ÿ”ง -output commandline option is deprecated. Use commandline options for report configuration like -xml=spotbugs.xml instead.