Update dependency org.sonarsource.java:sonar-java-plugin to v7.8.0.28662
This MR contains the following updates:
Package | Change | Age | Adoption | Passing | Confidence |
---|---|---|---|---|---|
org.sonarsource.java:sonar-java-plugin (source) |
7.7.0.28547 -> 7.8.0.28662
|
Release Notes
SonarSource/sonar-java
v7.8.0.28662
Release Notes - SonarJava - Version 7.8
Bug
- [SONARJAVA-4128] - Record components of local records should not have the method as owner
- [SONARJAVA-4129] - NPE in S1450 when private field is used in a record
Task
- [SONARJAVA-4141] - Update rules metadata
Improvement
- [SONARJAVA-4059] - Rule S6373 XML parsers should not allow inclusion of arbitrary files
- [SONARJAVA-4062] - Rule S6374 XML parsers should not load external schemas
- [SONARJAVA-4065] - Rule S6376 XML parsers should not be vulnerable to Denial of Service attacks
- [SONARJAVA-4067] - Rule S6377 XML signatures should be validated securely
False-Positive
- [SONARJAVA-3839] - FP in S6212 when a method has parameterized return types
- [SONARJAVA-3842] - FP in S2755 when vulnerability is mitigated in another class
- [SONARJAVA-3899] - FP on S2755 when XML DocumentBuilderFactory is initialized inside initialized block
- [SONARJAVA-4008] - Rule S2755 should accept setExpandEntityReferences solution for openJDK >= 13
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.