Skip to content

7.8.0.28662

Compare
Choose a tag to compare
@dorian-burihabwa-sonarsource dorian-burihabwa-sonarsource released this 28 Jan 15:42
· 1014 commits to master since this release
    Release Notes - SonarJava - Version 7.8

Bug

  • [SONARJAVA-4128] - Record components of local records should not have the method as owner
  • [SONARJAVA-4129] - NPE in S1450 when private field is used in a record

Task

Improvement

  • [SONARJAVA-4059] - Rule S6373 XML parsers should not allow inclusion of arbitrary files
  • [SONARJAVA-4062] - Rule S6374 XML parsers should not load external schemas
  • [SONARJAVA-4065] - Rule S6376 XML parsers should not be vulnerable to Denial of Service attacks
  • [SONARJAVA-4067] - Rule S6377 XML signatures should be validated securely

False-Positive

  • [SONARJAVA-3839] - FP in S6212 when a method has parameterized return types
  • [SONARJAVA-3842] - FP in S2755 when vulnerability is mitigated in another class
  • [SONARJAVA-3899] - FP on S2755 when XML DocumentBuilderFactory is initialized inside initialized block
  • [SONARJAVA-4008] - Rule S2755 should accept setExpandEntityReferences solution for openJDK >= 13