Skip to content

Releases: SonarSource/sonar-java

8.22.0.41895

05 Dec 17:22
@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource
8.22.0.41895
07521ba
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.22.0.41895 Latest
Latest

Release notes - SonarJava - 8.22

Epic

SONARJAVA-5778 Migrate sonar-java to GitHub Actions

Assets 2
Loading

8.21.1.41883

03 Dec 08:30
@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource
8.21.1.41883
999961a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.21.1.41883

Rotations of binary signing keys

Loading

8.21.0.41869

28 Nov 12:03
@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource
8.21.0.41869
d23780d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.21.0.41869

Release notes - SonarJava - 8.21

Task

SONARJAVA-5776 Migrate build of sonar-java-jdt from Cirrus CI to GitHub Actions

SONARJAVA-5783 Create GitHub action for shadow scan in JDT

SONARJAVA-5785 Update PR cleanup in sonar-java-jdt

SONARJAVA-5817 Delete Cirrus CI config for JDT

SONARJAVA-5822 Update required Java version in README

SONARJAVA-5823 Prepare next development iteration 1.8

SONARJAVA-5824 Migrate QA from Cirrus to Github actions

SONARJAVA-5828 Migrate Cirrus build to Github actions

SONARJAVA-5846 Update license header from SonarSource SA to SonarSource Sàrl

SONARJAVA-5849 Migrate test analyze from Cirrus to GitHub actions

SONARJAVA-5850 Migrate Windows Build from Cirrus to GitHub action

SONARJAVA-5853 Finalize CI migration

SONARJAVA-5855 Migrate sanity_task from Cirrus to GitHub action

SONARJAVA-5858 Migrate Autoscan Task from Cirrus to GitHub actions

SONARJAVA-5869 Bump gh-action_releasability to skip mend scan

SONARJAVA-5874 Fix bug with varargs on S1319

SONARJAVA-5875 Delete Cirrus CI config

SONARJAVA-5878 Upgrade tomcat-embed-core to version 9.0.112

SONARJAVA-5881 Use large runner for Test Analyze due to OOM

SONARJAVA-5882 Remove unused LOG

Loading

8.9.4.40912

17 Nov 10:11
@leonardo-pilastri-sonarsource leonardo-pilastri-sonarsource
8.9.4.40912
8588487
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.9.4.40912

Release notes - SonarJava - 8.9.4

Task

SONARJAVA-5742 Add some SCA exclusions to match what's excluded for mend

SONARJAVA-5772 Remove dependency on jol-core

SONARJAVA-5852 Prepare next development iteration 8.9.4

Improvement

SONARJAVA-5857 Update JDT core 3.39 -> 3.41

Loading

8.20.0.40630

30 Oct 13:11
@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource
8.20.0.40630
30e66d7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.20.0.40630

Release notes - SonarJava - 8.20

False Positive

SONARJAVA-4753 FP in S6813 and S3306 when using Micronaut framework AWS Lambdas

SONARJAVA-4895 S3329: FP when random IV is generated in separate function

SONARJAVA-5153 S1989 should not raise issue if exception is caught by try/catch block

SONARJAVA-5358 S6813 should not raise on fields in Activities and Fragments

SONARJAVA-5364 FP on S2187 for subclasses of test classes with Autoscan

SONARJAVA-5464 S1068: FP on variable used in @FieldSource in @ParameterizedTest

SONARJAVA-5548 FP on S1144 for jakarta.enterprise.event.ObservesAsync parameter annotations

SONARJAVA-5573 Type parameter annotations are wrongly used for nullability check

SONARJAVA-5620 FP on S1186 when testing that Spring Context loads

SONARJAVA-5751 S5738 should not report on the overriding of interface methods

SONARJAVA-5765 FP S2097 does not support PatternInstanceOfTree

SONARJAVA-5818 Fix FPs caused by state reset bug in CipherBlockChainingCheck

Bug

SONARJAVA-5763 S1948 should not crash when semantic is missing

SONARJAVA-5803 JSpecify @NullUnmarked is miss-interpreted

SONARJAVA-5819 CheckVerifier should keep the context for all files when analyzing multiple files

Task

SONARJAVA-5771 Delete ws_scan_task

SONARJAVA-5798 Create PR cleanup action

SONARJAVA-5800 Add nightly build using Github action

SONARJAVA-5802 New analysis parameter: sonar.java.failOnStackOverflow (true by default)

False Negative

SONARJAVA-5797 False Negative with java:S2698 for org.testng

Sub-task

SONARJAVA-5801 Attempt to properly get rid of the old nullability API

Loading

8.19.0.40387

01 Oct 15:25
@alban-auzeill alban-auzeill
8.19.0.40387
f89e3f9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.19.0.40387

Release notes - SonarJava - 8.19

False Positive

SONARJAVA-5706 S1166 FP when the parser gets lost due to Lombok generated methods

SONARJAVA-5713 S1176 Does not recognize parameters in markdown

SONARJAVA-5755 FP on S1133 when using forRemoval=false

Bug

SONARJAVA-5717 Fix fullyQualifiedName() on intersection types

SONARJAVA-5726 S1656 NullPointerException when classParent is null

SONARJAVA-5759 NPE on S3457 on enums declaration type

Task

SONARJAVA-5702 Update RSPEC before 8.19 release

SONARJAVA-5714 Clean common-beanutils usage in tests to suppress alert CVE-2025-48734

SONARJAVA-5720 Unify Platform Dogfooding of sonar-java

SONARJAVA-5736 Stop using org.apache.commons.lang3.SystemUtils

SONARJAVA-5737 Update README.md with copy from Product Marketing

SONARJAVA-5738 Stop using org.apache.commons.lang3.BooleanUtils

SONARJAVA-5739 Stop using org.apache.commons.lang3.ArrayUtils

SONARJAVA-5740 Stop using StringUtils::trim

SONARJAVA-5742 Add some SCA exclusions to match what's excluded for mend

SONARJAVA-5745 Stop using org.apache.commons.lang3.StringUtils::countMatches

SONARJAVA-5750 Add Jira integration

SONARJAVA-5764 Update GH release and releasability actions

SONARJAVA-5768 Update slack channel in sonar-java-jdt

SONARJAVA-5772 Remove dependency on jol-core

SONARJAVA-5782 Improve message in S112

SONARJAVA-5784 Upgrade tomcat embed dependency

SONARJAVA-5786 Bump org.springframework:spring-expression 6.1.21 -> 6.2.11 because of CVE-2025-41249

False Negative

SONARJAVA-5723 S6437 Support jsonwebtoken hmacShaKeyFor method

Documentation

SONARJAVA-5716 S5841: Fix typo in AssertJ "doesNotContain"

Loading

8.9.3.40165

15 Aug 14:03
@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource
8.9.3.40165
3411b59

Choose a tag to compare

View all tags
8.9.3.40165

Release notes - SonarJava - 8.9.3

Task

SONARJAVA-5651 org.sonarsource.java:java-extension-plugin should comply with maven central requirements

SONARJAVA-5732 Upgrade commons-lang3 to 3.18

SONARJAVA-5734 Prepare next development iteration

Loading

8.9.3.40136

15 Aug 09:25
@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource
8.9.3.40136
4e25666

Choose a tag to compare

View all tags
8.9.3.40136

Release notes - SonarJava - 8.9.3

Task

SONARJAVA-5732 Upgrade commons-lang3 to 3.18

SONARJAVA-5734 Prepare next development iteration

Loading

8.18.0.40025

21 Jul 12:09
@tomasz-tylenda-sonarsource tomasz-tylenda-sonarsource
8.18.0.40025
7537787
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.18.0.40025

Release notes - SonarJava - 8.18

False Positive

SONARJAVA-5678 Fix a FP case in S7479

SONARJAVA-5697 S2441 FP when Serializable is not available due to missing semantics

Bug

SONARJAVA-5685 Revert security impact from last rule metadata update

Task

SONARJAVA-5645 Update RSPEC before 8.18 release

SONARJAVA-5653 Prototyping more telemetry

SONARJAVA-5670 Make SonarComponents in JavaFrontend not @nullable.

SONARJAVA-5673 Create proxy object for sending telemetry

SONARJAVA-5675 Update dependency versions

SONARJAVA-5682 Replace use of deprecated Charsets.UTF_8 constant

SONARJAVA-5686 Report the scanner app using telemetry

SONARJAVA-5687 Delete unused test projects under "its"

SONARJAVA-5689 Aggregate telemetry measures at project level

SONARJAVA-5691 Report dependencies

SONARJAVA-5692 Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0 in /java-checks-test-sources/default

SONARJAVA-5693 Report whether the analysis is autoscan

SONARJAVA-5695 Report speed of analysis and analysis errors

SONARJAVA-5698 Report Eclipse parser type errors

SONARJAVA-5703 Fix Quality Flaws caused by commons-lang3 new version

False Negative

SONARJAVA-5683 S2077 not triggered by SQL interpolation performed with String#format

Contributors

nullable
Loading

8.17.1.39878

08 Jul 09:13
@alban-auzeill alban-auzeill
8.17.1.39878
e4a9d2f
This commit was signed with the committer’s verified signature.
alban-auzeill Alban Auzeill
GPG key ID: 201A1E788470A8C5
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
8.17.1.39878

Release notes - SonarJava - 8.17.1

Bug

SONARJAVA-5685 Revert security impact from last rule metadata update

Loading