Spotbugs v4.7.0 Release Notes
Release Date: 2022-04-14 // about 2 years ago-
๐ Changed
- ๐ Updated documentation by adding parenthesis
()
to the negative odd check message (#1995) - ๐ Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024)
๐ Fixed
- ๐ Fixed reports to truncate existing files before writing new content (#1950)
- โฌ๏ธ Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
- ๐ Fixed traversal of nested archives governed by
-nested:true
(#1930) - ๐ Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983)
- ๐ Fixed false positive SSD bug for locking on java.lang.Class objects (#1978)
- FindReturnRef throws an IllegalArgumentException unexpectedly (#2019)
- โฌ๏ธ Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)
โ Added
- ๐ New detector
ThrowingExceptions
and introduced new bug types:THROWS_METHOD_THROWS_RUNTIMEEXCEPTION
is reported in case of a method throwing RuntimeException,THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION
is reported when a method has Exception in its throws clause andTHROWS_METHOD_THROWS_CLAUSE_THROWABLE
is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
- New rule
PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS
to warn for custom class loaders who do not call their superclasses'getPermissions()
in theirgetPermissions()
method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J) - New rule
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE
to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J) - New detector
DontUseFloatsAsLoopCounters
to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS
), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters - ๐ New test detector
ViewCFG
to visualize the control-flow graph forSpotBugs
developers
- ๐ Updated documentation by adding parenthesis