2025-05-01 07:47:47 +00:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu May 1 07:46:31 UTC 2025 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Explicitely state all relevant build requires
|
|
|
|
|
|
|
2025-03-15 21:58:02 +00:00
|
|
|
|
-------------------------------------------------------------------
|
2025-03-27 21:45:10 +00:00
|
|
|
|
Thu Mar 27 21:37:22 UTC 2025 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Fix javadoc generation with javadoc:aggregate
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2025-03-15 21:58:02 +00:00
|
|
|
|
Sat Mar 15 21:48:59 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to v4.9.3
|
|
|
|
|
|
* Added
|
|
|
|
|
|
+ Introduced UselessSuppressionDetector to report the useless
|
|
|
|
|
|
annotations instead of NoteSuppressedWarnings (#3348)
|
|
|
|
|
|
* Fixed
|
|
|
|
|
|
+ Do not report US_USELESS_SUPPRESSION_ON_METHOD on synthetic
|
|
|
|
|
|
methods (#3351)
|
|
|
|
|
|
|
2025-02-10 01:50:02 +00:00
|
|
|
|
-------------------------------------------------------------------
|
2025-03-01 22:18:28 +00:00
|
|
|
|
Sat Mar 1 22:14:16 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to v4.9.2
|
|
|
|
|
|
* Added
|
|
|
|
|
|
+ Reporting useless @SuppressFBWarnings annotations (#641)
|
|
|
|
|
|
* Fixed
|
|
|
|
|
|
+ Fixed html bug descriptions for
|
|
|
|
|
|
AT_STALE_THREAD_WRITE_OF_PRIMITIVE and
|
|
|
|
|
|
AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
|
|
|
|
|
|
+ Fixed an HSM_HIDING_METHOD false positive when ECJ generates
|
|
|
|
|
|
a synthetic method for an enum switch (#3305)
|
|
|
|
|
|
+ Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives,
|
|
|
|
|
|
detector depending on method order.
|
|
|
|
|
|
+ Fix THROWS_METHOD_THROWS_CLAUSE_THROWABLE reported in a
|
|
|
|
|
|
method calling MethodHandle.invokeExact due to its
|
|
|
|
|
|
polymorphic signature (#3309)
|
|
|
|
|
|
+ Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive in
|
|
|
|
|
|
inner class (#3310).
|
|
|
|
|
|
+ Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive for ECJ
|
|
|
|
|
|
compiled enum switches (#3316)
|
|
|
|
|
|
+ Fix RC_REF_COMPARISON false positive with Lombok With
|
|
|
|
|
|
annotation (#3319)
|
|
|
|
|
|
+ Avoid calling File.getCanonicalPath twice to improve
|
|
|
|
|
|
performance (#3325)
|
|
|
|
|
|
+ Fix MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and
|
|
|
|
|
|
MC_OVERRIDABLE_METHOD_CALL_IN_CLONE false positive when the
|
|
|
|
|
|
overridable method is outside the class (#3328).
|
|
|
|
|
|
+ Fix NullPointerException thrown from ThrowingExceptions
|
|
|
|
|
|
detector (#3337).
|
|
|
|
|
|
* Removed
|
|
|
|
|
|
+ Removed the TLW_TWO_LOCK_NOTIFY, LI_LAZY_INIT_INSTANCE,
|
|
|
|
|
|
BRSA_BAD_RESULTSET_ACCESS, BC_NULL_INSTANCEOF,
|
|
|
|
|
|
NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR and
|
|
|
|
|
|
RCN_REDUNDANT_CHECKED_NULL_COMPARISON deprecated bug
|
|
|
|
|
|
patterns.
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2025-02-10 01:50:02 +00:00
|
|
|
|
Mon Feb 10 01:42:47 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to v4.9.1
|
|
|
|
|
|
* Added
|
|
|
|
|
|
+ New detector SharedVariableAtomicityDetector for new bug
|
|
|
|
|
|
types AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE,
|
|
|
|
|
|
AT_NONATOMIC_64BIT_PRIMITIVE and
|
|
|
|
|
|
AT_STALE_THREAD_WRITE_OF_PRIMITIVE (See SEI CERT rules
|
|
|
|
|
|
VNA00-J, VNA02-J and VNA05-J).
|
|
|
|
|
|
+ New detector FindHiddenMethod for bug type HSM_HIDING_METHOD.
|
|
|
|
|
|
This bug is reported whenever a subclass method hides the
|
|
|
|
|
|
static method of super class. (See SEI CERT MET07-J).
|
|
|
|
|
|
* Fixed
|
|
|
|
|
|
+ Fixed the parsing of generics methods in ThrowingExceptions
|
|
|
|
|
|
(#3267)
|
|
|
|
|
|
+ Accept the 1st parameter of
|
|
|
|
|
|
java.util.concurrent.CompletableFuture's completeOnTimeout(),
|
|
|
|
|
|
getNow() and obtrudeValue() functions as nullable (#1001).
|
|
|
|
|
|
+ Fixed the analysis error when FindReturnRef was checking
|
|
|
|
|
|
instructions corresponding to a CFG branch that was optimized
|
|
|
|
|
|
away (#3266)
|
|
|
|
|
|
+ Added execute file permission to files in the distribution
|
|
|
|
|
|
archive (#3274)
|
|
|
|
|
|
+ Fixed a stack overflow in MultipleInstantiationsOfSingletons
|
|
|
|
|
|
when a singleton initializer makes recursive calls (#3280)
|
|
|
|
|
|
+ Fixed NPE in FindReturnRef on inner class fields (#3283)
|
|
|
|
|
|
+ Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive
|
|
|
|
|
|
when add edu.umd.cs.findbugs.annotations.Nullable (#3243)
|
|
|
|
|
|
|
2025-01-17 11:28:04 +00:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Jan 16 19:07:52 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Specify build and runtime dependencies on
|
|
|
|
|
|
mvn(net.sf.saxon:Saxon-HE) < 11 to avoid ambiguity with newer
|
|
|
|
|
|
versions of Saxon.
|
|
|
|
|
|
|
Accepting request 1238225 from home:urbic:branches:Java:packages
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
2025-01-16 11:29:12 +00:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu Jan 16 10:36:16 UTC 2025 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to v4.9.0
|
|
|
|
|
|
* Added
|
|
|
|
|
|
+ Updated the SuppressFBWarnings annotation to support finer
|
|
|
|
|
|
grained bug suppressions (#3102)
|
|
|
|
|
|
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
|
|
|
|
|
|
check for bad combinations of flag formatting (#637)
|
|
|
|
|
|
+ New detector ResourceInMultipleThreadsDetector and introduced
|
|
|
|
|
|
new bug type:
|
|
|
|
|
|
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
|
|
|
|
|
|
unsafe resource access in multiple threads.
|
|
|
|
|
|
* Fixed
|
|
|
|
|
|
+ Do not consider Records as Singletons (#2981)
|
|
|
|
|
|
+ Keep a maximum of 10000 cached analysis entries for plugin's
|
|
|
|
|
|
analysis engines (#3025)
|
|
|
|
|
|
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
|
|
|
|
|
|
calling own methods (#2957)
|
|
|
|
|
|
+ Check the actual caught exceptions (instead of their common
|
|
|
|
|
|
type) when analyzing multi-catch blocks (#2968)
|
|
|
|
|
|
+ System property findbugs.refcomp.reportAll is now being used.
|
|
|
|
|
|
For some new conditions, it will emit an experimental warning
|
|
|
|
|
|
(#2988)
|
|
|
|
|
|
+ -version flag prints the version to the standard output
|
|
|
|
|
|
(#2797)
|
|
|
|
|
|
+ Revert the changes from (#2894) to get HTML stylesheets to
|
|
|
|
|
|
work again (#2969)
|
|
|
|
|
|
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
|
|
|
|
|
|
synchronization is in a called method (#3045)
|
|
|
|
|
|
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
|
|
|
|
|
|
Spring AOT (#3059)
|
|
|
|
|
|
+ Detect failure to close RocksDB's ReadOptions (#3069)
|
|
|
|
|
|
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
|
|
|
|
|
|
assignments (#3023)
|
|
|
|
|
|
+ Fixed false positive
|
|
|
|
|
|
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
|
|
|
|
|
|
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
|
|
|
|
|
|
+ Fixed some CWE mappings (#3124)
|
|
|
|
|
|
+ Recognize some classes as immutable, fixing EI_EXPOSE and
|
|
|
|
|
|
MS_EXPOSE FPs (#3137)
|
|
|
|
|
|
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
|
|
|
|
|
|
fields initialized in method annotated with TestNG's
|
|
|
|
|
|
@BeforeClass. (#3152)
|
|
|
|
|
|
+ Fixed detector FindReturnRef not finding references exposed
|
|
|
|
|
|
from nested and inner classes (#2042)
|
|
|
|
|
|
+ Fix call graph, include non-parametric void methods (#3160)
|
|
|
|
|
|
+ Fix multiple reporting of identical bugs messing up
|
|
|
|
|
|
statistics (#3185)
|
|
|
|
|
|
+ Added missing comma between line number and confidence when
|
|
|
|
|
|
describing matching and mismatching bugs for tests (#3187)
|
|
|
|
|
|
+ Fixed method matchers with array types (#3203)
|
|
|
|
|
|
+ Fix SARIF report's message property in Exception to meet the
|
|
|
|
|
|
standard (#3197)
|
|
|
|
|
|
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
|
|
|
|
|
|
finalize() but not with the correct signature. (#3207)
|
|
|
|
|
|
+ Fixed an error in the detection of bridge methods causing
|
|
|
|
|
|
analysis crashes (#3208)
|
|
|
|
|
|
+ Fixed detector ThrowingExceptions by removing false positive
|
|
|
|
|
|
reports, such as synthetic methods (lambdas), methods which
|
|
|
|
|
|
inherited their exception specifications and methods which
|
|
|
|
|
|
call throwing methods (#2040)
|
|
|
|
|
|
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
|
|
|
|
|
|
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
|
|
|
|
|
|
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
|
|
|
|
|
|
code targeting Java 17 and above, since it advises the usage
|
|
|
|
|
|
of deprecated method (#1515).
|
|
|
|
|
|
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
|
|
|
|
|
|
for a builder delegating to another builder (#3235)
|
|
|
|
|
|
* Cleanup
|
|
|
|
|
|
+ Cleanup thread issue and regex issue in test-harness (#3130)
|
|
|
|
|
|
+ Remove extra blank lines and remove public from interface
|
|
|
|
|
|
objects as inherently already public (#3131)
|
|
|
|
|
|
+ Fix order of modifiers on properties/methods and ensure
|
|
|
|
|
|
correct location in file (#3132, #3177)
|
|
|
|
|
|
+ Return objects directly instead of creating more garbage
|
|
|
|
|
|
collection by defining them (#3133, #3175)
|
|
|
|
|
|
+ Restrict the constructor of abstract classes visibility to
|
|
|
|
|
|
protected (#3178)
|
|
|
|
|
|
+ Cleanup double initialization and fix comments referring to
|
|
|
|
|
|
findbugs instead of spotbugs(#3134)
|
|
|
|
|
|
+ Use diamond operator in constructor calls of Collections
|
|
|
|
|
|
(#3176)
|
|
|
|
|
|
+ Use Collection.isEmpty() or String.isEmpty() to test for
|
|
|
|
|
|
emptiness (#3180, #3219)
|
|
|
|
|
|
+ Use method references instead of lambdas where possible
|
|
|
|
|
|
(#3179)
|
|
|
|
|
|
+ Move default clauses to the end of switches (#3222)
|
|
|
|
|
|
+ Remove unnecessary throws declarations (#3220)
|
|
|
|
|
|
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
|
|
|
|
|
|
(#3217)
|
|
|
|
|
|
+ Rename shadowing fields (#3221)
|
|
|
|
|
|
+ Combine catch blocks with the same body (#3223)
|
|
|
|
|
|
+ Merge conditions of nested ifs (#3231)
|
|
|
|
|
|
+ Use non deprecated 'getDottedClassName' instead of
|
|
|
|
|
|
'toDottedClassName'(#3251)
|
|
|
|
|
|
+ Use try with resources where possible (#3253)
|
|
|
|
|
|
* Changed
|
|
|
|
|
|
+ Bump up Java version to 11
|
|
|
|
|
|
|
2024-10-25 21:42:10 +00:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Fri Oct 25 21:39:05 UTC 2024 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Build against saxon10 which is the default saxon in Tumbleweed
|
|
|
|
|
|
and exists in Leap 15.x. It also works just fine without sucking
|
|
|
|
|
|
in new dependencies including circular dependency between saxon
|
|
|
|
|
|
and xmlresolver.
|
|
|
|
|
|
|
2024-09-26 08:34:25 +00:00
|
|
|
|
-------------------------------------------------------------------
|
2024-10-15 14:48:15 +00:00
|
|
|
|
Mon Oct 14 05:00:57 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Add runtime dependencies on
|
|
|
|
|
|
mvn(org.apache.logging.log4j:log4j-{api,core,slf4j-impl}) and
|
|
|
|
|
|
mvn(net.sf.saxon:Saxon-HE:12)
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2024-09-26 08:34:25 +00:00
|
|
|
|
Thu Sep 26 08:34:21 UTC 2024 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Runtime dependencies are auto-generated
|
|
|
|
|
|
|
2024-07-03 13:28:14 +00:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Wed Jul 3 12:22:53 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Update to v4.8.6
|
|
|
|
|
|
* Fixed
|
|
|
|
|
|
+ Do not report BC_UNCONFIRMED_CAST for Java 21's type switches
|
|
|
|
|
|
when the switch instruction is TABLESWITCH (#2782)
|
|
|
|
|
|
+ Do not throw exception when inspecting empty switch
|
|
|
|
|
|
statements (#2995)
|
|
|
|
|
|
+ Adjust priority since relaxed mode reports even
|
|
|
|
|
|
IGNORED_PRIORITY (#2994)
|
|
|
|
|
|
+ Fix duplicated log4j2 jar in distribution (#3001)
|
|
|
|
|
|
|
2024-06-03 05:36:48 +00:00
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Thu May 30 17:25:50 UTC 2024 - Anton Shvetz <shvetz.anton@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
- Initial packaging with v4.8.5
|
|
|
|
|
|
- Add patch:
|
|
|
|
|
|
* 00-dont-use-manifest-classpath.patch
|
|
|
|
|
|
+ Construct classpath from all the items in the
|
|
|
|
|
|
$SPOTBUGS_HOME/lib directory instead of relying on manifest’s
|
|
|
|
|
|
classpath.
|
