* Added
+ Reporting useless @SuppressFBWarnings annotations (#641)
* Fixed
+ Fixed html bug descriptions for
AT_STALE_THREAD_WRITE_OF_PRIMITIVE and
AT_NONATOMIC_64BIT_PRIMITIVE (#3303)
+ Fixed an HSM_HIDING_METHOD false positive when ECJ generates
a synthetic method for an enum switch (#3305)
+ Fix AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD false negatives,
detector depending on method order.
+ Fix THROWS_METHOD_THROWS_CLAUSE_THROWABLE reported in a
method calling MethodHandle.invokeExact due to its
polymorphic signature (#3309)
+ Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive in
inner class (#3310).
+ Fix AT_STALE_THREAD_WRITE_OF_PRIMITIVE false positive for ECJ
compiled enum switches (#3316)
+ Fix RC_REF_COMPARISON false positive with Lombok With
annotation (#3319)
+ Avoid calling File.getCanonicalPath twice to improve
performance (#3325)
+ Fix MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR and
MC_OVERRIDABLE_METHOD_CALL_IN_CLONE false positive when the
overridable method is outside the class (#3328).
+ Fix NullPointerException thrown from ThrowingExceptions
detector (#3337).
* Removed
+ Removed the TLW_TWO_LOCK_NOTIFY, LI_LAZY_INIT_INSTANCE,
BRSA_BAD_RESULTSET_ACCESS, BC_NULL_INSTANCEOF,
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=9
* Added
+ New detector SharedVariableAtomicityDetector for new bug
types AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE,
AT_NONATOMIC_64BIT_PRIMITIVE and
AT_STALE_THREAD_WRITE_OF_PRIMITIVE (See SEI CERT rules
VNA00-J, VNA02-J and VNA05-J).
+ New detector FindHiddenMethod for bug type HSM_HIDING_METHOD.
This bug is reported whenever a subclass method hides the
static method of super class. (See SEI CERT MET07-J).
* Fixed
+ Fixed the parsing of generics methods in ThrowingExceptions
(#3267)
+ Accept the 1st parameter of
java.util.concurrent.CompletableFuture's completeOnTimeout(),
getNow() and obtrudeValue() functions as nullable (#1001).
+ Fixed the analysis error when FindReturnRef was checking
instructions corresponding to a CFG branch that was optimized
away (#3266)
+ Added execute file permission to files in the distribution
archive (#3274)
+ Fixed a stack overflow in MultipleInstantiationsOfSingletons
when a singleton initializer makes recursive calls (#3280)
+ Fixed NPE in FindReturnRef on inner class fields (#3283)
+ Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive
when add edu.umd.cs.findbugs.annotations.Nullable (#3243)
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=8
- Update to v4.9.0
* Added
+ Updated the SuppressFBWarnings annotation to support finer
grained bug suppressions (#3102)
+ SimpleDateFormat, DateTimeFormatter, FastDateFormat string
check for bad combinations of flag formatting (#637)
+ New detector ResourceInMultipleThreadsDetector and introduced
new bug type:
~ AT_UNSAFE_RESOURCE_ACCESS_IN_THREAD is reported in case of
unsafe resource access in multiple threads.
* Fixed
+ Do not consider Records as Singletons (#2981)
+ Keep a maximum of 10000 cached analysis entries for plugin's
analysis engines (#3025)
+ Only report MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT when
calling own methods (#2957)
+ Check the actual caught exceptions (instead of their common
type) when analyzing multi-catch blocks (#2968)
+ System property findbugs.refcomp.reportAll is now being used.
For some new conditions, it will emit an experimental warning
(#2988)
+ -version flag prints the version to the standard output
(#2797)
+ Revert the changes from (#2894) to get HTML stylesheets to
work again (#2969)
+ Fix FP SING_SINGLETON_GETTER_NOT_SYNCHRONIZED report when the
synchronization is in a called method (#3045)
+ Let BetterCFGBuilder2.isPEI handle dup2 bytecode used by
Spring AOT (#3059)
+ Detect failure to close RocksDB's ReadOptions (#3069)
+ Fix FP EI_EXPOSE_REP when there are multiple immutable
assignments (#3023)
+ Fixed false positive
NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for Kotlin,
handle Kotlin's Intrinsics.checkNotNullParameter() (#3094)
+ Fixed some CWE mappings (#3124)
+ Recognize some classes as immutable, fixing EI_EXPOSE and
MS_EXPOSE FPs (#3137)
+ Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
fields initialized in method annotated with TestNG's
@BeforeClass. (#3152)
+ Fixed detector FindReturnRef not finding references exposed
from nested and inner classes (#2042)
+ Fix call graph, include non-parametric void methods (#3160)
+ Fix multiple reporting of identical bugs messing up
statistics (#3185)
+ Added missing comma between line number and confidence when
describing matching and mismatching bugs for tests (#3187)
+ Fixed method matchers with array types (#3203)
+ Fix SARIF report's message property in Exception to meet the
standard (#3197)
+ Fixed FI_FINALIZER_NULLS_FIELDS FPs for functions called
finalize() but not with the correct signature. (#3207)
+ Fixed an error in the detection of bridge methods causing
analysis crashes (#3208)
+ Fixed detector ThrowingExceptions by removing false positive
reports, such as synthetic methods (lambdas), methods which
inherited their exception specifications and methods which
call throwing methods (#2040)
+ Do not report DP_DO_INSIDE_DO_PRIVILEGED,
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED and
USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE in
code targeting Java 17 and above, since it advises the usage
of deprecated method (#1515).
+ Fixed a RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT false positive
for a builder delegating to another builder (#3235)
* Cleanup
+ Cleanup thread issue and regex issue in test-harness (#3130)
+ Remove extra blank lines and remove public from interface
objects as inherently already public (#3131)
+ Fix order of modifiers on properties/methods and ensure
correct location in file (#3132, #3177)
+ Return objects directly instead of creating more garbage
collection by defining them (#3133, #3175)
+ Restrict the constructor of abstract classes visibility to
protected (#3178)
+ Cleanup double initialization and fix comments referring to
findbugs instead of spotbugs(#3134)
+ Use diamond operator in constructor calls of Collections
(#3176)
+ Use Collection.isEmpty() or String.isEmpty() to test for
emptiness (#3180, #3219)
+ Use method references instead of lambdas where possible
(#3179)
+ Move default clauses to the end of switches (#3222)
+ Remove unnecessary throws declarations (#3220)
+ Use Boolean.parseBoolean() for string-to-boolean conversion.
(#3217)
+ Rename shadowing fields (#3221)
+ Combine catch blocks with the same body (#3223)
+ Merge conditions of nested ifs (#3231)
+ Use non deprecated 'getDottedClassName' instead of
'toDottedClassName'(#3251)
+ Use try with resources where possible (#3253)
* Changed
+ Bump up Java version to 11
OBS-URL: https://build.opensuse.org/request/show/1238225
OBS-URL: https://build.opensuse.org/package/show/Java:packages/spotbugs?expand=0&rev=6
