Spotbugs v4.7.3 Release Notes

Release Date: 2022-10-15 // over 2 years ago
  • 🛠 Fixed

    • 🛠 Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#2126)
    • 🛠 Fixed regression in 4.7.2 caused by (#2141)
    • 👌 improve compatibility with later version of jdk (>= 13). (#2188)
    • 🛠 Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120)
    • Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183)
    • 👉 Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182)
    • 🛠 Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195)
    • ⬆️ Bump up log4j2 binding to 2.19.0
    • ⬆️ Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
    • ⬆️ Bump up commons-text to 1.10.0 (#2197)
    • 🛠 Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#2209)

Previous changes from v4.7.2

  • 🛠 Fixed

    • ⬆️ Bumped gson from 2.9.0 to 2.9.1 (#2136)
    • ⬆️ Bump up SLF4J API to 2.0.0
    • ⬆️ Bump up logback to 1.4.0
    • ⬆️ Bump up log4j2 binding to 2.18.0
    • ⬆️ Bump up Saxon-HE to 11.4 (#2160)
    • 🛠 Fixed InvalidInputException in Eclipse while bug reporting (#2134)
    • Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142)
    • 🔒 Avoid warning on use of security manager on Java 17 and newer. (#1579)
    • 🔦 Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771)
    • 🛠 Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146)