Releases: SonarSource/sonar-java
Releases · SonarSource/sonar-java
6.3.2.22818
Fix missing coverage before bug fix release 6.3.2
6.5.1.22586
Bug fix for JSP transpiling
6.5.0.22421
Release Notes - SonarJava - Version 6.5
Bug
- [SONARJAVA-3438] - S5122: ClassCastException when annotation is defined with an identifier
New Feature
- [SONARJAVA-3384] - Rule S5831: AssertJ configuration should be applied
- [SONARJAVA-3390] - Rule S5833: AssertJ methods setting the assertion context should come before an assertion
- [SONARJAVA-3393] - Rule S5838: Chained AssertJ assertions should be simplified to the corresponding dedicated assertion
- [SONARJAVA-3395] - Rule S5841: AssertJ assertions "allMatch" and "doesNotContains" should also test for emptiness
- [SONARJAVA-3399] - Rule S5845: Assertions of dissimilar types should not be made
- [SONARJAVA-3402] - Rule S5853: Consecutive AssertJ "assertThat" statement should be chained
- [SONARJAVA-3405] - Rule S5863: Assertions should not compare an object to itself
Task
- [SONARJAVA-3443] - Update rules metadata
Improvement
- [SONARJAVA-3349] - S2698: support AssertJ assertions without message
- [SONARJAVA-3351] - Rule S5826: Methods setUp() and tearDown() should be correctly annotated starting with JUnit4
- [SONARJAVA-3383] - S5783 and S5778: Support AssertJ
- [SONARJAVA-3389] - S2698: improve issue reporting
- [SONARJAVA-3397] - S3658, S5778, S5779, S5783 support AssertJ "fail"
- [SONARJAVA-3398] - S2970(AssertionsCompletenessCheck) should support all AssertJ assertions
- [SONARJAVA-3401] - Extend S3415 (Arguments order) to support AssertJ assertions
- [SONARJAVA-3432] - S2479: support whitespace and control characters in "char"
- [SONARJAVA-3435] - S1214: add secondary locations to interface's constants
- [SONARJAVA-3442] - FN in S2133: detect getClass called on new array
- [SONARJAVA-3444] - Deprecate 10 security-hotspot rules that overlap with security-injection rules
- [SONARJAVA-3445] - Deprecate S4787 in favor of cryptography rules
- [SONARJAVA-3446] - Deprecate S2255 and S3331 not considered anymore as sensitive
False-Positive
- [SONARJAVA-3386] - FP on S2187 when test class is a JUnit4 test class also inheriting from a JUnit3 TestCase
- [SONARJAVA-3394] - FP in S3749 when spring class is not a singleton
- [SONARJAVA-3429] - FP in S2384, S2386: support common method returning unmodifiable collections
- [SONARJAVA-3431] - S3415: better support of constant used as actual value
- [SONARJAVA-3441] - FP in S1174 when "finalize()" is not from Object.
6.4.0.21967
Release Notes - SonarSource Code Analyzer for Java - Version 6.4
False-Positive
- [SONARJAVA-3324] - FP in S2970 when using JUnit 5 Soft assertions extension.
- [SONARJAVA-3357] - S1452: java Collectors second parameter should be excluded
- [SONARJAVA-3358] - S1604: don't report method with annotations
- [SONARJAVA-3378] - FP in S1612 when lambda argument is a subtype of ambiguous method parameter
Bug
- [SONARJAVA-3375] - FP S2973(EscapedUnicodeCharactersCheck) with Unicode Whitespaces
- [SONARJAVA-3380] - Sourcemap for JSP can have multiple input files
- [SONARJAVA-3385] - NPE in JSymbol when searching the enclosing class of a variable within an interface
New Feature
- [SONARJAVA-2794] - Rule S2479: Newline and control characters should not be used in string literals
- [SONARJAVA-2944] - Rule S4970: Derived exceptions should not hide their parents catch block
- [SONARJAVA-3258] - Rule S5669: Vararg method arguments should not be confusing
- [SONARJAVA-3353] - Rule S5776: Exception testing via JUnit ExpectedException rule should not be mixed with other assertions
- [SONARJAVA-3354] - Rule S5777: Exception testing via JUnit @test annotation should be avoided
- [SONARJAVA-3356] - Rule S5779: Assertion methods should not be used within the try block of a try-catch catching an Error
- [SONARJAVA-3359] - Rule S5783: Only one method invocation is expected when testing checked exceptions
- [SONARJAVA-3360] - Rule S5778: Only one method invocation is expected when testing runtime exceptions
- [SONARJAVA-3361] - Rule S5785: JUnit assertTrue/assertFalse should be simplified to its dedicated assertion
- [SONARJAVA-3362] - Rule S5786: JUnit5 test classes and methods should have default package visibility
- [SONARJAVA-3366] - Rule S5790: JUnit5 nested test classes should be annotated with @nested
- [SONARJAVA-3367] - Rule S5793: Migrate your tests from JUnit4 to the new JUnit5 annotations
- [SONARJAVA-3373] - Rule S5810: JUnit5 test classes and methods should not have private visibility
Task
- [SONARJAVA-3364] - Update rules metadata
Improvement
- [SONARJAVA-2549] - FN on S2293 on method invocation
- [SONARJAVA-3334] - S2699 should support Awaitility test framework
- [SONARJAVA-3339] - Reconsider S3027 scope: String.indexOf performance
- [SONARJAVA-3343] - Change issue type of S1444 to code smell
- [SONARJAVA-3344] - Change issue type of S3011 to code smell
- [SONARJAVA-3346] - Deprecate S1148 in favor of S4507
- [SONARJAVA-3348] - False negative in S2698: support fail() from JUnit 5
- [SONARJAVA-3350] - S2701: support null literal
- [SONARJAVA-3355] - Improve SourceMap API to provide InputFile for source file
- [SONARJAVA-3365] - Update the message, title and description of S1607
- [SONARJAVA-3371] - Support same set of assertion for rules using common assertions
6.3.0.21585
Release Notes - SonarSource Code Analyzer for Java - Version 6.3.0.21585
False-Positive
- [SONARJAVA-3316] - FP S5542 (EncryptionAlgorithmCheck) more secure algorithms and algorithm name using different case
- [SONARJAVA-3320] - S1165/S2039: Fix false positives for Lombok's field modifier annotations
- [SONARJAVA-3321] - FP S5542 (EncryptionAlgorithmCheck): should support default security java provider
- [SONARJAVA-3330] - FP in S3749 when fields are injected by Lombok @requiredargsconstructor
- [SONARJAVA-3338] - FP on S1118: improve support of Lombok's annotation generating constructor
Bug
- [SONARJAVA-3322] - S2441 does not handle correctly unknown types
- [SONARJAVA-3328] - JSP transpiling is broken when root dir is symlink
- [SONARJAVA-3347] - [JSP] Fix compilation of custom tags in JSPs
New Feature
- [SONARJAVA-1871] - Offer access to Parameterized Type in Java Analyzer semantic API
- [SONARJAVA-2357] - Provide MethodMatcher API to be used in custom rules
- [SONARJAVA-2941] - Rule S3740: Generic types shouldn't be used raw
- [SONARJAVA-3309] - Transpile JSP to Java
- [SONARJAVA-3310] - Use source maps to report precise issues on JSP files
- [SONARJAVA-3314] - Rule S5738: Deprecated code marked for removal should be removed
- [SONARJAVA-3340] - Jasper dependency should not be required
- [SONARJAVA-3341] - Change issue type of S1104 to code smell
Task
- [SONARJAVA-3241] - Rewrite IssueFiltering mechanism as IssueFilter from SonarQube API is deprecated
- [SONARJAVA-3267] - Drop sonarjava_feedback metric
- [SONARJAVA-3307] - Migrate SonarJava custom rules tutorial to SonarJava 6.X and LTS 7.9
- [SONARJAVA-3333] - Update rules metadata
- [SONARJAVA-3336] - Update documentation regarding new JavaCheckVerifier
- [SONARJAVA-3342] - Update doc about XSS scanning
Improvement
- [SONARJAVA-2410] - Issue filter should also filter rules depending of the java warning suppressed
- [SONARJAVA-3313] - Improve log message for missing compiled classes
- [SONARJAVA-3315] - Unify JavaCheckVerifiers and simplify its usage to test rules
- [SONARJAVA-3317] - Improve performance
- [SONARJAVA-3318] - S2077 should present to the user all the locations where the formatted SQL query string is used
- [SONARJAVA-3323] - S1166 should be able to be configured with an empty whitelist
- [SONARJAVA-3325] - Remove dependency on Ant for JSP transpiling
- [SONARJAVA-3326] - Remove dependency on Eclipse JDT for JSP transpiling
- [SONARJAVA-3331] - FN in S3749: support @component annotation
- [SONARJAVA-3337] - Update branding to drop 'SonarJava'
