Spotbugs v4.7.3 Release Notes

Release Date: 2022-10-15 // 4 months ago
  • ๐Ÿ›  Fixed

    • ๐Ÿ›  Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#2126)
    • ๐Ÿ›  Fixed regression in 4.7.2 caused by (#2141)
    • ๐Ÿ‘Œ improve compatibility with later version of jdk (>= 13). (#2188)
    • ๐Ÿ›  Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120)
    • Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183)
    • ๐Ÿ‘‰ Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182)
    • ๐Ÿ›  Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195)
    • โฌ†๏ธ Bump up log4j2 binding to 2.19.0
    • โฌ†๏ธ Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
    • โฌ†๏ธ Bump up commons-text to 1.10.0 (#2197)
    • ๐Ÿ›  Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#2209)

Previous changes from v4.7.2

  • ๐Ÿ›  Fixed

    • โฌ†๏ธ Bumped gson from 2.9.0 to 2.9.1 (#2136)
    • โฌ†๏ธ Bump up SLF4J API to 2.0.0
    • โฌ†๏ธ Bump up logback to 1.4.0
    • โฌ†๏ธ Bump up log4j2 binding to 2.18.0
    • โฌ†๏ธ Bump up Saxon-HE to 11.4 (#2160)
    • ๐Ÿ›  Fixed InvalidInputException in Eclipse while bug reporting (#2134)
    • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142)
    • ๐Ÿ”’ Avoid warning on use of security manager on Java 17 and newer. (#1579)
    • ๐Ÿ”ฆ Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771)
    • ๐Ÿ›  Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146)