Skip to content

Update dependency org.sonarsource.java:sonar-java-plugin to v7.8.0.28662

Semyon Levin requested to merge renovate/org.sonarsource.java-sonar-java-plugin-7.x into develop

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
org.sonarsource.java:sonar-java-plugin (source) 7.7.0.28547 -> 7.8.0.28662 age adoption passing confidence

Release Notes

SonarSource/sonar-java

v7.8.0.28662

Compare Source

Release Notes - SonarJava - Version 7.8

Bug

  • [SONARJAVA-4128] - Record components of local records should not have the method as owner
  • [SONARJAVA-4129] - NPE in S1450 when private field is used in a record

Task

Improvement

  • [SONARJAVA-4059] - Rule S6373 XML parsers should not allow inclusion of arbitrary files
  • [SONARJAVA-4062] - Rule S6374 XML parsers should not load external schemas
  • [SONARJAVA-4065] - Rule S6376 XML parsers should not be vulnerable to Denial of Service attacks
  • [SONARJAVA-4067] - Rule S6377 XML signatures should be validated securely

False-Positive

  • [SONARJAVA-3839] - FP in S6212 when a method has parameterized return types
  • [SONARJAVA-3842] - FP in S2755 when vulnerability is mitigated in another class
  • [SONARJAVA-3899] - FP on S2755 when XML DocumentBuilderFactory is initialized inside initialized block
  • [SONARJAVA-4008] - Rule S2755 should accept setExpandEntityReferences solution for openJDK >= 13

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Merge request reports