Releases: SonarSource/sonar-java
8.9.3.40165
Release notes - SonarJava - 8.9.3
Task
SONARJAVA-5651 org.sonarsource.java:java-extension-plugin should comply with maven central requirements
SONARJAVA-5732 Upgrade commons-lang3 to 3.18
SONARJAVA-5734 Prepare next development iteration
8.9.3.40136
Release notes - SonarJava - 8.9.3
Task
SONARJAVA-5732 Upgrade commons-lang3 to 3.18
SONARJAVA-5734 Prepare next development iteration
8.18.0.40025
Release notes - SonarJava - 8.18
False Positive
SONARJAVA-5678 Fix a FP case in S7479
SONARJAVA-5697 S2441 FP when Serializable is not available due to missing semantics
Bug
SONARJAVA-5685 Revert security impact from last rule metadata update
Task
SONARJAVA-5645 Update RSPEC before 8.18 release
SONARJAVA-5653 Prototyping more telemetry
SONARJAVA-5670 Make SonarComponents in JavaFrontend not @nullable.
SONARJAVA-5673 Create proxy object for sending telemetry
SONARJAVA-5675 Update dependency versions
SONARJAVA-5682 Replace use of deprecated Charsets.UTF_8 constant
SONARJAVA-5686 Report the scanner app using telemetry
SONARJAVA-5687 Delete unused test projects under "its"
SONARJAVA-5689 Aggregate telemetry measures at project level
SONARJAVA-5691 Report dependencies
SONARJAVA-5692 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 in /java-checks-test-sources/default
SONARJAVA-5693 Report whether the analysis is autoscan
SONARJAVA-5695 Report speed of analysis and analysis errors
SONARJAVA-5698 Report Eclipse parser type errors
SONARJAVA-5703 Fix Quality Flaws caused by commons-lang3 new version
False Negative
SONARJAVA-5683 S2077 not triggered by SQL interpolation performed with String#format
Contributors
Assets 2
8.17.1.39878
e4a9d2f
alban-auzeill
Alban Auzeill
Release notes - SonarJava - 8.17.1
Bug
SONARJAVA-5685 Revert security impact from last rule metadata update
8.17.0.39817
Release notes - SonarJava - 8.17
New Feature
SONARJAVA-5493 S7478: Use ClassFile::transformClass instead of ClassFile::build where possible
SONARJAVA-5494 S7477: When using ClassFile::transformClass, do not specify the new class name if it is unchanged
SONARJAVA-5500 S7479: Use ClassBuilder::withMethodBody instead of ClassBuilder::withMethod where possible
SONARJAVA-5518 S7482: For stateless Gatherers, omit the initialiser
SONARJAVA-5520 S7481: For sequential Gatherers, prefer Gatherer.ofSequential() over Gatherer.of() with a Throwing Combiner
SONARJAVA-5669 Implement rule S7629: defaultFinisher in Gather factory call
False Positive
SONARJAVA-5443 S6906 should not raise on virtual threads running synchronized code for Java 24 and greater
False Negative
SONARJAVA-5444 FN on S2093: does not raise issue on `Reader.of`
Improvement
SONARJAVA-5665 Improve S4036 message for users
SONARJAVA-5663 Expose OWASP Mobile Top 10 2024 in rule metadata
8.16.0.39645
Release notes - SonarJava - 8.16
New Feature
SONARJAVA-2511 Rule S4030: Collection and array contents should be used
SONARJAVA-5598 S3063: "StringBuilder" data should be used S3063
SONARJAVA-5599 S3024: Arguments to "append" should not be concatenated S3024
SONARJAVA-5602 S3033: ".length" should be used to test for the emptiness of StringBuffers S3033
Bug
SONARJAVA-5619 NPE when semantic can not resolve "java.lang.Object"
SONARJAVA-5621 Fix issue in CFG computation with generic record pattern
SONARJAVA-5628 CFG computation crashes in case of unexpected break
SONARJAVA-5630 NoSuchElementException in S3626
Task
SONARJAVA-5555 Update RSPEC before 8.16 release
SONARJAVA-5608 Update tomcat-embed-jasper to from 9.0.104 to 9.0.105 to suppress alert about CVE-2025-46701
SONARJAVA-5610 Use "sonar.scanner.skipJreProvisioning" in integration tests
SONARJAVA-5613 Centralize spring fully qualified names into constants
SONARJAVA-5617 Add Java 24 projects to peach
SONARJAVA-5624 Fix coverage of JTypeSymbol new code
SONARJAVA-5625 Upgrade spring-expression to version 6.1.21 to suppress alert
SONARJAVA-5633 Expose Configuration inside ModuleScannerContext
SONARJAVA-5635 Upgrade tomcat-embed-core to version 9.0.106
SONARJAVA-5637 Remove unused collection
SONARJAVA-5651 org.sonarsource.java:java-extension-plugin should comply with maven central requirements
Improvement
SONARJAVA-5612 Add performance benchmark table to performance rules documentation
SONARJAVA-5615 Upgrade ECJ to version 3.42
SONARJAVA-5622 Extend S7158 to work with all CharSequence
Documentation
SONARJAVA-5614 Update ECJ upgrade process
8.15.0.39343
Release notes - SonarJava - 8.15
New Feature
SONARJAVA-5501 S7474: S7474 Markdown, HTML and Javadoc tags should be consistent
SONARJAVA-5537 S7476: S7476 Comments should start with the appropriate number of slashes
SONARJAVA-5544 Deprecate rule S6291 and S6300
False Positive
SONARJAVA-5377 FP on S125 on markdown comments
SONARJAVA-5445 FP on S1123 not reading @deprecated tags in markdown javadocs
SONARJAVA-5482 FP S1854 with broken semantics
SONARJAVA-5553 FP in rule S2384 on private getters
Bug
SONARJAVA-5522 S3052 should not fail to parse floats and doubles containing an underscore
Task
SONARJAVA-4634 S6437 requires a complete test source for all the methods listed in S6437-methods.json
SONARJAVA-5543 Upgrade third-party dependencies
SONARJAVA-5562 Upgrade analyzer commons to 2.17
SONARJAVA-5567 Fix failing Quality Gate: remove unused field.
SONARJAVA-5568 Create continuous releasability check
SONARJAVA-5571 Expose public api for SE engine that were mistakenly used by improper dependency
SONARJAVA-5574 Fix UpdateRuleMetadata GitHub action to also update the sonar-java-symbolic-execution-plugin rules
SONARJAVA-5593 Update spring-security-core from 6.4.5 to 6.4.6 to suppress alert about CVE-2025-41232
SONARJAVA-5601 Update rule metadata
False Negative
SONARJAVA-5552 FN in S1943 on InputStreamReader::new
Contributors
Assets 2
8.14.1.39293
Release notes - SonarJava - 8.14.1
Improvement
SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules
8.9.2.39294
Release notes - SonarJava - 8.9.2
Improvement
SONARJAVA-5352 Fix discrepancies between MQR and severity for Java rules
8.14.0.39102
Release notes - SonarJava - 8.14
False Positive
SONARJAVA-4334 S6207 should not raise on constructors where the value of a parameter has been changed before assignment to the component
SONARJAVA-4376 FP S2129: With incomplete semantics, MethodMatcher matches the wrong method instead of nothing
SONARJAVA-4473 FP in rule S2384 when class only has private constructors
SONARJAVA-4481 False positive in rule S6207: records constructors with annotations are not redundant
SONARJAVA-4543 FP in rule S5778 with Enum final methods
SONARJAVA-4748 FP in S6833 when controller contains methods annotated with and without @responsebody
SONARJAVA-4881 FP on S2230 for @transactional on protected and package-private methods
SONARJAVA-4901 S6856 should not raise when the `ModelAttribute` of the parameter refers to a model attribute defined in a parent class
SONARJAVA-4917 FP in the S6857(SpEL rule) when used with Map
SONARJAVA-4964 S1941: FP when lambda expression is present
SONARJAVA-5101 FP in S5860 when Regex are used in Lambdas
SONARJAVA-5274 FP for S1123 on record fields
SONARJAVA-5400 FP S6241 and S6242 when the builder is S3CrtAsyncClientBuilder
SONARJAVA-5436 S108 Should suggest adding a comment as a fix to empty block
SONARJAVA-5437 S1186 Suggest adding a comment to suppress warnings on empty methods.
SONARJAVA-5480 S2699 Does not recognized assertions invoked via Spring's AssertableApplicationContext
SONARJAVA-5496 FP java:S6856 when using Spring property injection “${…}”
SONARJAVA-5547 FP on S2699 when using org.springframework.util.Assert methods
Task
SONARJAVA-5513 Update RSPEC before 8.14 release
SONARJAVA-5539 Prepare next development iteration 8.14
SONARJAVA-5541 Ignore its/plugin/projects in Mend scan
SONARJAVA-5550 Add some pom configuration to cleanup build logs and improve build caching
SONARJAVA-5551 Create GitHub action to update rule metadata.
Documentation
SONARJAVA-5517 Update S1481 rspec with examples of usage of the unnamed pattern introduced in java 22
