Releases: spotbugs/sonar-findbugs
Releases · spotbugs/sonar-findbugs
3.9.0
3.9.0 (2018-11-08)
Fixed bugs:
- Error during analysis with Java 11 #217
- Analysis fails on Java 10 #184
- With findbugs plugin 3.8 , Sonar java 5.7 and SonarQube LTS 6.7.5 , analysis is failing as below #212
- Issue #218 Added missing annotations #220 (dmatej)
Closed issues:
- Sonar-Findbugs should use Spotbugs 3.1.8 #214
- False positive: parameter must be non-null in inner class constructor #213
- 3.8.0 not supported on 6.7.5 (According to update center) #210
- Create tag for release 3.8 #206
Merged pull requests:
3.8.0
Change Log
3.8.0 (2018-09-07)
Implemented enhancements:
Fixed bugs:
- Startup issues with sonarqube 7.3 #204
- False waring about Spring bean afterPropertiesSet method #196
- NoSuchMethodError: org.apache.bcel.generic.ObjectType.getInstance #176
- 3.4.4 breaks sonar-scanner #165
- sonar-findbugs 3.6 fails when analyzing module with non-compiled JSPs #148
- Run sonar if $SONAR_VERSION is latest LTS #179 (KengoTODA)
Closed issues:
- Accident #191
- Fat fingers #190
- java.lang.IllegalStateException: Can not execute Findbugs #188
- Unable to update to 3.7.0 on 6.7.1 Sonar version #185
- Error Scanning Maven #180
Merged pull requests:
- SonarQube 7.3 (latest) compatibility #209 (h3xstream)
- Replace BatchExtension for SQ 7.3 compatibility #204 #208 (VinodAnandan)
- stop running sonarqube analysis on the PR made from forked repo #203 (KengoTODA)
- Retry to release 3.8 #199 (KengoTODA)
- Release 3.8 #198 (KengoTODA)
- upgrade find-sec-bugs #195 (KengoTODA)
- Upgrade dependencies to the latest version #192 (KengoTODA)
- update SpotBugs to 3.1.3 #186 (KengoTODA)
- prepare for next development #178 (KengoTODA)
3.7.0
3.7.0 (2018-03-15)
Implemented enhancements:
- SonarQube compatibility 7.0 #170
- Make path to existing FindBugs report configurable #163
- New configuration: Skip project/submodule that are not compiled #56
- Fixed warning about platform dependent build #175 (roberthubert)
- WIP: Add builds with SonarQube 6.7.1 and 7.0 #168 (KengoTODA)
- Update dependencies #167 (KengoTODA)
- upgrade fb-contrib to the latest version #160 (KengoTODA)
- Minor changes #158 (KengoTODA)
- Add deploy by travis #157 (KengoTODA)
Fixed bugs:
- SonarQube compatibility 7.0 #170
- Fix wrong command line parameter introduced by 4d815f4 #162 (KengoTODA)
Closed issues:
- Migrate Settings class usage to Configuration #172
- Problems while installing Findbugs at the same time as Java plugin #166
- Upgrade fb-contrib to 7.2.0? #159
Merged pull requests:
- Add configuration for custom paths of existing reports. #163 #177 (h3xstream)
- Fixed link to the SonarJava plugin in the readme file #174 (roberthubert)
- New configuration "Allow Uncompiled Code" #173 (h3xstream)
- Remaining tasks for #168 #171 (KengoTODA)
- #148 Excluded Java Server Pages (JSPs) from Java source files to fix failure when analyzing module with non-compiled JSPs #169 (roberthubert)
3.6.0
The main enhancement:
- Lots of updates from upstream project SpotBugs, FB-contrib, FindSecurityBugs
- Add support for different JVM languages (skirge)
- Allow to run/configured SpotBugs outside of Sonar (for advanced user)
Side note: Sonar-FindBugs is looking for contributor that could help managing release and reviewing pull requests. The contributor should have done one or two significant pull requests to the project. Contact @h3xstream
3.6.0 (2017-09-21)
Implemented enhancements:
- Update XStream #109
- Locating source file for findbugs violation #47
- Add support for Scala #28
- Reuse existing results + Descriptions update + Fix to Multi-language support #133 (h3xstream)
- Enhancements for 3.5 release #110 (h3xstream)
Fixed bugs:
- NullPointerException at java.io.FileInputStream.<init> at org.sonar.plugins.findbugs.resource.ByteCodeResourceLocator.findJavaOuterClassFile #107
- Could not initialize class edu.umd.cs.findbugs.ba.AnalysisContext #91
- findbugs-result.xml contents are not shown in SonarQube Project Dashboard #70
- NPE in ByteCodeResourceLocator during code analysis #38
- Reuse existing results + Descriptions update + Fix to Multi-language support #133 (h3xstream)
- Enhancements for 3.5 release #110 (h3xstream)
Closed issues:
Merged pull requests:
- Fix JSP rules being include both in JSP profiles and Java rules.. #137 (h3xstream)
- Rules and profile update + Test fix #132 (VinodAnandan)
- Update Dependencies #129 (VinodAnandan)
- Add support for different JVM languages - see issue #28 #127 (skirge)
- Updating fb-contrib dependency #126 (senatori)
- Updated fbcontrib dependency #122 (volphy)
- Describe configuration in README.md #120 (kzaikin)
- Use Spotbugs 3.1.0-RC4 #118 (kzaikin)
- Descriptions update #113 (h3xstream)
- add two rules which was introduced at find-sec-bugs v1.6 #112 (KengoTODA)
- Fix plugin description #111 (KengoTODA)
- Clearly show that SpotBugs is now used instead of Findbugs #106 (JnRouvignac)
- Increase version for release #105 (h3xstream)
3.5.0
- This is the first release with SpotBugs under the hood.
- Plugins updated FB-contrib 7.0.0 and FindSecurityBugs 1.6.0 are included.
- Multiples fixes related to SonarQube new versions.
3.5.0 (2017-06-02)
Implemented enhancements:
- FindBugs Security JSP can conflict with other plugins #67
- Missing project name in "This project contains Java source files that are not compiled" error #65
- Don't use deprecated sonar classes #62
- Update fb-contrib to v.6.8.0 #58
- Update find-sec-bugs to v.1.5.0 #57
- Add basic syntax highlighter #84 #104 (h3xstream)
- [#65] Add project path to error messages #76 (szpak)
- #51: Find issues in nonstandard source file layouts #73 (KLBonn)
Fixed bugs:
- Findbugs plugin still being started when no rule enabled #87
- Generating too much logs for findsec bug rules #78
- ArrayIndexOutOfBoundsException with sonar-findbugs-plugin(3.4.4) #75
- FindBugs Security JSP can conflict with other plugins #67
- Bugs are in findbugs-result xml but not displayed in sonar dashboard for test classes. #66
- Warning not reported for package private classes inside source file of other class #53
- Cannot match classes to source files when not using default project layout #51
- Findbugs needs sources to be compiled. Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your project. #49
Closed issues:
- Problem with Findbugs of SonarQube-5.6.6 version. #103
- finbugs version that contains findsecbugs 1.6.0? #101
- Upgrade to find-sec-bugs 1.6.0 #88
- Can not execute Findbugs #86
- Lacking FindBugs rules after upgrade #85
- Incompatibility with SQ 6.4 because of code colorizer API #84
- Why is the latest release 3.4.4 not available on Maven Central ? #82
- The class '...' could not be match to its original source file. #77
- Compiled classes in JARs not recognized #71
- Update plugin in Update Center #64
- RequireFilesSize failed for sonar-findbugs-plugin.jar size #60
- Configure the project to be analysed on SonarQube.com #31
Merged pull requests:
- bump up SpotBugs version #102 (KengoTODA)
- Update version information #99 (marschall)
- Register experimental rules #98 (marschall)
- fb-contrib 7.0.0 findsecbugs 1.6.0 #97 (kzaikin)
- Work around CVE-2017-7957 #96 (marschall)
- Document SpotBugs usage #94 (marschall)
- Remove JSP Colorizer #93 (marschall)
- Update dependencies #92 (marschall)
- FYI: Replace FindBugs 3.0.1 with SpotBugs 3.1.0-RC1 #90 (KengoTODA)
- [#77] Change bytecode to source mapping #81 (pstibrany)
- Update versions in .groovy, generate descriptions for sonar #58 #63 (kzaikin)
- Update jar size limits #61 (kzaikin)
- Update fb_contrib to 6.8.0, find_sec_bugs to 1.5.0 #59 (kzaikin)
3.4.4
Implemented enhancements:
- Fail safe when an exception is throw while mapping bug to source #43
- Findbugs analysis fails again for package-info.java #36
- Analysis with 3.4.1 fails for modules with only testclasses #33
- Smap improvements and bug fixes #44 (h3xstream)
Fixed bugs:
- Sonar scan fails if there are no class files available #46
- Issue with vulnerability inside included JSP #42
- violations reported for an outer class by findbugs is not reported as a sonar violation #40
- FindBugs plugin should not start an analysis if no rules are enable #37
- Findbugs analysis fails again for package-info.java #36
- Analysis with 3.4.1 fails for modules with only testclasses #33
- Minor refactoring #55 (h3xstream)
- Fix a bug that fail to map bug instance to outer class #40 #45 (h3xstream)
- Smap improvements and bug fixes #44 (h3xstream)
Merged pull requests:
3.4.3
3.4.2
3.4.0
This release includes three major updates :
- FindBugs 3.0.1 (The description were not up-to-date in the prior release)
- FB-Contrib 6.6.1
- FindSecBugs 1.4.6
Behind the scene:
- Fully automate generation of the description for rules and the profile configurations files. The update related to plugins should be integrated quicker.
- Update to SQ 5.6 LTS API.
A release to the Update Center will be done soon. Google Groups thread
Implemented enhancements:
- Update FSB to 1.4.6 #24
- Support for JSP scanning #23
- Update the API to SonarQube 5.6 LTS #22
- Upgrade to fb-contrib 6.6.0 #19
- Update FindBugs contrib plugin #27 (h3xstream)
Fixed bugs:
3.4 RC1
Major update that add support for JSP.
Update the rules set from Find Security Bugs (1.4.6) and FB contrib (6.6.1).