diff --git a/spotbugs-4.9.3.tar.gz b/spotbugs-4.9.3.tar.gz
deleted file mode 100644
index eeb5b03..0000000
--- a/spotbugs-4.9.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:156a21f948a807dcc9f702cd851b7af5f169bb9eee2afc171f3d044feb75a85c
-size 4636324
diff --git a/spotbugs-4.9.3.pom b/spotbugs-4.9.4.pom
similarity index 81%
rename from spotbugs-4.9.3.pom
rename to spotbugs-4.9.4.pom
index 2f6cbd1..c88b93f 100644
--- a/spotbugs-4.9.3.pom
+++ b/spotbugs-4.9.4.pom
@@ -1,210 +1,191 @@
-
-
-
-
-
-
-
- 4.0.0
- com.github.spotbugs
- spotbugs
- 4.9.3
- pom
- SpotBugs
- SpotBugs: Because it's easy!
- https://spotbugs.github.io/
-
-
- GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
- https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
-
-
-
-
- jsotuyod
- Juan Martín Sotuyo Dodero
- https://github.com/jsotuyod
- -3
-
-
- mebigfatguy
- Dave Brosius
- dbrosius@mebigfatguy.com
- http://www.jroller.com/dbrosius/
- -5
-
-
- henrik242
- https://github.com/henrik242
-
-
- KengoTODA
- Kengo TODA
- skypencil@gmail.com
- https://github.com/KengoTODA/
- +8
-
-
- iloveeclipse
- Andrey Loskutov
- loskutov@gmx.de
- https://github.com/iloveeclipse
- +2
-
-
- ThrawnCA
- https://github.com/ThrawnCA
-
-
- sewe
- Andreas Sewe
- andreas.sewe@codetrails.com
- https://github.com/sewe
- +1
-
-
-
- scm:git:git@github.com:spotbugs/spotbugs.git
- scm:git:git@github.com:spotbugs/spotbugs.git
- https://github.com/spotbugs/spotbugs/
-
-
-
-
- org.apache.logging.log4j
- log4j-core
- [2.17.1, 3)
-
-
- ch.qos.logback
- logback-core
- [1.2.9, 2)
-
-
-
-
-
- org.ow2.asm
- asm
- 9.7.1
- compile
-
-
- org.ow2.asm
- asm-analysis
- 9.7.1
- compile
-
-
- org.ow2.asm
- asm-commons
- 9.7.1
- compile
-
-
- org.ow2.asm
- asm-tree
- 9.7.1
- compile
-
-
- org.ow2.asm
- asm-util
- 9.7.1
- compile
-
-
- org.apache.bcel
- bcel
- 6.10.0
- compile
-
-
- com.github.stephenc.jcip
- jcip-annotations
- 1.0-1
- compile
-
-
- org.dom4j
- dom4j
- 2.1.4
- compile
-
-
- javax.xml.bind
- jaxb-api
-
-
- jaxen
- jaxen
-
-
- net.java.dev.msv
- xsdlib
-
-
- javax.xml.stream
- stax-api
-
-
- xpp3
- xpp3
-
-
- pull-parser
- pull-parser
-
-
-
-
- org.apache.commons
- commons-lang3
- 3.17.0
- compile
-
-
- org.apache.commons
- commons-text
- 1.13.0
- compile
-
-
- org.slf4j
- slf4j-api
- 2.0.17
- compile
-
-
- com.github.spotbugs
- spotbugs-annotations
- 4.9.3
- compile
-
-
- com.google.code.gson
- gson
- 2.12.1
- compile
-
-
- jaxen
- jaxen
- 2.0.0
- runtime
-
-
- net.sf.saxon
- Saxon-HE
- 12.5
- runtime
-
-
- org.apache.logging.log4j
- log4j-core
- 2.24.3
- runtime
-
-
-
+
+
+
+
+
+
+
+ 4.0.0
+ com.github.spotbugs
+ spotbugs
+ 4.9.4
+ pom
+ SpotBugs
+ SpotBugs: Because it is easy!
+ https://spotbugs.github.io/
+
+
+ GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
+ https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
+
+
+
+
+ jsotuyod
+ Juan Martín Sotuyo Dodero
+ https://github.com/jsotuyod
+ -3
+
+
+ mebigfatguy
+ Dave Brosius
+ dbrosius@mebigfatguy.com
+ http://www.jroller.com/dbrosius/
+ -5
+
+
+ henrik242
+ https://github.com/henrik242
+
+
+ KengoTODA
+ Kengo TODA
+ skypencil@gmail.com
+ https://github.com/KengoTODA/
+ +8
+
+
+ iloveeclipse
+ Andrey Loskutov
+ loskutov@gmx.de
+ https://github.com/iloveeclipse
+ +2
+
+
+ ThrawnCA
+ https://github.com/ThrawnCA
+
+
+ sewe
+ Andreas Sewe
+ andreas.sewe@codetrails.com
+ https://github.com/sewe
+ +1
+
+
+
+ scm:git:git@github.com:spotbugs/spotbugs.git
+ scm:git:git@github.com:spotbugs/spotbugs.git
+ https://github.com/spotbugs/spotbugs/
+
+
+
+
+ org.apache.logging.log4j
+ log4j-core
+ [2.17.1, 3)
+
+
+ ch.qos.logback
+ logback-core
+ [1.2.9, 2)
+
+
+ org.junit
+ junit-bom
+ 5.13.4
+ pom
+ import
+
+
+
+
+
+ org.ow2.asm
+ asm
+ 9.8
+ compile
+
+
+ org.ow2.asm
+ asm-analysis
+ 9.8
+ compile
+
+
+ org.ow2.asm
+ asm-commons
+ 9.8
+ compile
+
+
+ org.ow2.asm
+ asm-tree
+ 9.8
+ compile
+
+
+ org.ow2.asm
+ asm-util
+ 9.8
+ compile
+
+
+ org.apache.bcel
+ bcel
+ 6.10.0
+ compile
+
+
+ com.github.stephenc.jcip
+ jcip-annotations
+ 1.0-1
+ compile
+
+
+ org.dom4j
+ dom4j
+ 2.2.0
+ compile
+
+
+ org.apache.commons
+ commons-lang3
+ 3.18.0
+ compile
+
+
+ org.apache.commons
+ commons-text
+ 1.14.0
+ compile
+
+
+ org.slf4j
+ slf4j-api
+ 2.0.17
+ compile
+
+
+ com.github.spotbugs
+ spotbugs-annotations
+ 4.9.4
+ compile
+
+
+ com.google.code.gson
+ gson
+ 2.13.1
+ compile
+
+
+ jaxen
+ jaxen
+ 2.0.0
+ runtime
+
+
+ net.sf.saxon
+ Saxon-HE
+ 12.8
+ runtime
+
+
+ org.apache.logging.log4j
+ log4j-core
+ 2.25.1
+ runtime
+
+
+
diff --git a/spotbugs-4.9.4.tar.gz b/spotbugs-4.9.4.tar.gz
new file mode 100644
index 0000000..043c3cc
--- /dev/null
+++ b/spotbugs-4.9.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eded7758d1f581d3ba7591975a094d1e24571acc461dab04d138505ceedff4ee
+size 4667726
diff --git a/spotbugs-annotations-4.9.3.pom b/spotbugs-annotations-4.9.4.pom
similarity index 90%
rename from spotbugs-annotations-4.9.3.pom
rename to spotbugs-annotations-4.9.4.pom
index e07db3d..4ed9709 100644
--- a/spotbugs-annotations-4.9.3.pom
+++ b/spotbugs-annotations-4.9.4.pom
@@ -1,93 +1,100 @@
-
-
-
-
-
-
-
- 4.0.0
- com.github.spotbugs
- spotbugs-annotations
- 4.9.3
- SpotBugs Annotations
- Annotations the SpotBugs tool supports
- https://spotbugs.github.io/
-
-
- GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
- https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
-
-
-
-
- jsotuyod
- Juan Martín Sotuyo Dodero
- https://github.com/jsotuyod
- -3
-
-
- mebigfatguy
- Dave Brosius
- dbrosius@mebigfatguy.com
- http://www.jroller.com/dbrosius/
- -5
-
-
- henrik242
- https://github.com/henrik242
-
-
- KengoTODA
- Kengo TODA
- skypencil@gmail.com
- https://github.com/KengoTODA/
- +8
-
-
- iloveeclipse
- Andrey Loskutov
- loskutov@gmx.de
- https://github.com/iloveeclipse
- +2
-
-
- ThrawnCA
- https://github.com/ThrawnCA
-
-
- sewe
- Andreas Sewe
- andreas.sewe@codetrails.com
- https://github.com/sewe
- +1
-
-
-
- scm:git:git@github.com:spotbugs/spotbugs.git
- scm:git:git@github.com:spotbugs/spotbugs.git
- https://github.com/spotbugs/spotbugs/
-
-
-
-
- org.apache.logging.log4j
- log4j-core
- [2.17.1, 3)
-
-
- ch.qos.logback
- logback-core
- [1.2.9, 2)
-
-
-
-
-
- com.google.code.findbugs
- jsr305
- 3.0.2
- compile
-
-
-
+
+
+
+
+
+
+
+ 4.0.0
+ com.github.spotbugs
+ spotbugs-annotations
+ 4.9.4
+ SpotBugs Annotations
+ Annotations the SpotBugs tool supports
+ https://spotbugs.github.io/
+
+
+ GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
+ https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
+
+
+
+
+ jsotuyod
+ Juan Martín Sotuyo Dodero
+ https://github.com/jsotuyod
+ -3
+
+
+ mebigfatguy
+ Dave Brosius
+ dbrosius@mebigfatguy.com
+ http://www.jroller.com/dbrosius/
+ -5
+
+
+ henrik242
+ https://github.com/henrik242
+
+
+ KengoTODA
+ Kengo TODA
+ skypencil@gmail.com
+ https://github.com/KengoTODA/
+ +8
+
+
+ iloveeclipse
+ Andrey Loskutov
+ loskutov@gmx.de
+ https://github.com/iloveeclipse
+ +2
+
+
+ ThrawnCA
+ https://github.com/ThrawnCA
+
+
+ sewe
+ Andreas Sewe
+ andreas.sewe@codetrails.com
+ https://github.com/sewe
+ +1
+
+
+
+ scm:git:git@github.com:spotbugs/spotbugs.git
+ scm:git:git@github.com:spotbugs/spotbugs.git
+ https://github.com/spotbugs/spotbugs/
+
+
+
+
+ org.apache.logging.log4j
+ log4j-core
+ [2.17.1, 3)
+
+
+ ch.qos.logback
+ logback-core
+ [1.2.9, 2)
+
+
+ org.junit
+ junit-bom
+ 5.13.4
+ pom
+ import
+
+
+
+
+
+ com.google.code.findbugs
+ jsr305
+ 3.0.2
+ compile
+
+
+
diff --git a/spotbugs-ant-4.9.3.pom b/spotbugs-ant-4.9.4.pom
similarity index 89%
rename from spotbugs-ant-4.9.3.pom
rename to spotbugs-ant-4.9.4.pom
index ef3db52..1fd345f 100644
--- a/spotbugs-ant-4.9.3.pom
+++ b/spotbugs-ant-4.9.4.pom
@@ -1,93 +1,100 @@
-
-
-
-
-
-
-
- 4.0.0
- com.github.spotbugs
- spotbugs-ant
- 4.9.3
- SpotBugs Ant Task
- Ant Task to run SpotBugs
- https://spotbugs.github.io/
-
-
- GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
- https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
-
-
-
-
- jsotuyod
- Juan Martín Sotuyo Dodero
- https://github.com/jsotuyod
- -3
-
-
- mebigfatguy
- Dave Brosius
- dbrosius@mebigfatguy.com
- http://www.jroller.com/dbrosius/
- -5
-
-
- henrik242
- https://github.com/henrik242
-
-
- KengoTODA
- Kengo TODA
- skypencil@gmail.com
- https://github.com/KengoTODA/
- +8
-
-
- iloveeclipse
- Andrey Loskutov
- loskutov@gmx.de
- https://github.com/iloveeclipse
- +2
-
-
- ThrawnCA
- https://github.com/ThrawnCA
-
-
- sewe
- Andreas Sewe
- andreas.sewe@codetrails.com
- https://github.com/sewe
- +1
-
-
-
- scm:git:git@github.com:spotbugs/spotbugs.git
- scm:git:git@github.com:spotbugs/spotbugs.git
- https://github.com/spotbugs/spotbugs/
-
-
-
-
- org.apache.logging.log4j
- log4j-core
- [2.17.1, 3)
-
-
- ch.qos.logback
- logback-core
- [1.2.9, 2)
-
-
-
-
-
- com.github.spotbugs
- spotbugs
- 4.9.3
- runtime
-
-
-
+
+
+
+
+
+
+
+ 4.0.0
+ com.github.spotbugs
+ spotbugs-ant
+ 4.9.4
+ SpotBugs Ant Task
+ Ant Task to run SpotBugs
+ https://spotbugs.github.io/
+
+
+ GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1
+ https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
+
+
+
+
+ jsotuyod
+ Juan Martín Sotuyo Dodero
+ https://github.com/jsotuyod
+ -3
+
+
+ mebigfatguy
+ Dave Brosius
+ dbrosius@mebigfatguy.com
+ http://www.jroller.com/dbrosius/
+ -5
+
+
+ henrik242
+ https://github.com/henrik242
+
+
+ KengoTODA
+ Kengo TODA
+ skypencil@gmail.com
+ https://github.com/KengoTODA/
+ +8
+
+
+ iloveeclipse
+ Andrey Loskutov
+ loskutov@gmx.de
+ https://github.com/iloveeclipse
+ +2
+
+
+ ThrawnCA
+ https://github.com/ThrawnCA
+
+
+ sewe
+ Andreas Sewe
+ andreas.sewe@codetrails.com
+ https://github.com/sewe
+ +1
+
+
+
+ scm:git:git@github.com:spotbugs/spotbugs.git
+ scm:git:git@github.com:spotbugs/spotbugs.git
+ https://github.com/spotbugs/spotbugs/
+
+
+
+
+ org.apache.logging.log4j
+ log4j-core
+ [2.17.1, 3)
+
+
+ ch.qos.logback
+ logback-core
+ [1.2.9, 2)
+
+
+ org.junit
+ junit-bom
+ 5.13.4
+ pom
+ import
+
+
+
+
+
+ com.github.spotbugs
+ spotbugs
+ 4.9.4
+ runtime
+
+
+
diff --git a/spotbugs.changes b/spotbugs.changes
index 41e1219..f1544b9 100644
--- a/spotbugs.changes
+++ b/spotbugs.changes
@@ -1,3 +1,91 @@
+-------------------------------------------------------------------
+Sun Nov 23 20:22:58 UTC 2025 - Anton Shvetz
+
+- Update to v4.9.4
+ * Changed
+ + AnnotationMatcher can now ignore bugs if annotation is also
+ applied on methods or fields. Previously only annotations on
+ classes were considered.
+ + Add relevant CWE ids to bugs and refer the CWEs in the bug
+ messages (#3354).
+ + Replace LOCAL_VARIABLE_UNKNOWN with exact method name for
+ NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)
+ * Fixed
+ + Widen main method recognition according to JEP 445. (#3371)
+ + Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields,
+ parameters, packages or classes with an *.Generated
+ annotation with retention >= class (#3350)(#3409)
+ + Rewrite some member in ResourceValueFrame.java to Enum
+ (#2061)
+ + Ignore non-interpreted text when looking for
+ FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
+ + Fix IllegalArgumentException thrown from
+ FindNoSideEffectMethods detector (#3320)
+ + Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when
+ part of a Mockito doAnswer(), doCallRealMethod(),
+ doNothing(), doThrow() or doReturn() call (#3334)
+ + Fix CT_CONSTRUCTOR_THROW false positive with public and
+ private constructors in specific order of methods (#3417)
+ + Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE,
+ AT_NONATOMIC_64BIT_PRIMITIVE and
+ AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code
+ is in private method, which is only called with proper
+ synchronization (#3428)
+ + Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when
+ part of a BDDMockito call (#3441)
+ + Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of
+ a local variable is set. (#3459)
+ + Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there
+ was no compound operation (#3363)
+ + Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector
+ (#3489)
+ + Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for
+ fields initialized in JUnit 3/4 setUp() method. (#3169)
+ + Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false
+ positive (#3496)
+ + Make the osgi manifest of the annotations jar Java 8
+ compatible (#3498) (#3500)
+ + TextUICommandLine supports all options encoded in Eclipse
+ preferences file (#3520)
+ + Unnecessary suppressions fix for records headers (#3471)
+ + Dead store fix when switch case contains loops (#3530)
+ (#3449)
+ + Consider PUTFIELD and PUTSTATIC when looking for assertions
+ with side effects (#3463)
+ + Detect cases when equals() unconditionally returns true or
+ false (#3528)
+ + Do not report that an Iterator does not throw
+ NoSuchElementException when hasNext() returns true (#3501)
+ + Detect random value cast to int when stored in temporary
+ variable (#3461)
+ + Look for interfaces default methods when searching uncalled
+ private methods (#1988)
+ + Fixed field self assignment false positive (#2258)
+ + Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
+ + Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive
+ with Objects.requireNonNull (#2965) (#3573)
+ + Track inner classes access methods to correctly report the
+ bugs (#2029)
+ + SF_SWITCH_NO_DEFAULT false positive fix (#1148) (#3572)
+ * Added
+ + Added the unnecessary annotation to the
+ US_USELESS_SUPPRESSION_ON_* messages (#3395)
+ + Multi-threaded code checks can be skipped with @NotThreadSafe
+ (#3390)
+ + New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might
+ be released without even being acquired. (See SEI CERT rule
+ LCK08-J) (#2055)
+ ~ Breaking change: changed values and new items in
+ ResourceValueFrame.
+ + Inline access method for method. (#3481)
+ + Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a
+ StringBuffer/StringBuilder (#1928)
+ * Signing
+ + Signing for Eclipse plugin has been removed at the current
+ time due to signing keys being expired. The expired key
+ produced a warning during install, the same is true without
+ signing.
+
-------------------------------------------------------------------
Thu May 1 07:46:31 UTC 2025 - Fridrich Strba
diff --git a/spotbugs.spec b/spotbugs.spec
index d1a0060..d7065a8 100644
--- a/spotbugs.spec
+++ b/spotbugs.spec
@@ -19,7 +19,7 @@
%global desc SpotBugs is the spiritual successor of FindBugs, carrying on from the point\
where it left off with support of its community.
Name: spotbugs
-Version: 4.9.3
+Version: 4.9.4
Release: 0
Summary: A tool for static analysis to look for bugs in Java code
License: LGPL-2.1-only
@@ -52,6 +52,7 @@ BuildRequires: mvn(org.apache.logging.log4j:log4j-slf4j-impl)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.mojo:properties-maven-plugin)
BuildRequires: mvn(org.dom4j:dom4j)
+BuildRequires: mvn(org.junit:junit-bom:pom:)
BuildRequires: mvn(org.ow2.asm:asm)
BuildRequires: mvn(org.ow2.asm:asm-analysis)
BuildRequires: mvn(org.ow2.asm:asm-commons)