Release notes - SonarJava - 8.24

New Feature

SONARJAVA-5978 Support Compact Source Files

SONARJAVA-5984 Support Module Import Declarations

SONARJAVA-6084 S8433: Validation logic should be placed in constructor prologue when possible

SONARJAVA-6096 S8445: Group import declarations by specificity

SONARJAVA-6108 Implement S8432 : "ScopedValue.where" results should not be ignored

SONARJAVA-6113 Implement : S8444 - Validation and data preparation logic before super() should not bloat constructor

False Positive

SONARJAVA-5340 FP on S1171 in anonymous classes

SONARJAVA-5866 S6816 should not raise on the parameter injected when the value is annotated as NonNull

SONARJAVA-5873 S5961: AssertJ descriptions and custom error messages breaks the assertion count

SONARJAVA-5936 False Positive for nested wildcard for S1452

SONARJAVA-6014 FP:java:S1258 doesn’t exclude jakarta.inject.Inject

SONARJAVA-6095 S1166 Should not report when the exception is explicitely ignored using unnamed variable _

SONARJAVA-6099 S1135 Confuses Spanish word "todo" with English TODO

SONARJAVA-6111 S6204 should not raise an issue when addFirst/addLast/removeFirst/removeLast is called on the list

Task

SONARJAVA-5976 Remove obsolete projects from Next

SONARJAVA-6010 Prepare next development iteration (8.24.0-SNAPSHOT)

SONARJAVA-6012 Migrate ITs to Java 21 to fix CI breakage

SONARJAVA-6034 Fix sonar-java build

SONARJAVA-6077 Update "Prepare Next Development Iteration" workflow

SONARJAVA-6094 Fix unused import

SONARJAVA-6124 Create Claude command to migrate test samples

SONARJAVA-6127 Update rule metadata

Improvement

SONARJAVA-5859 Upload the aggregated diff report on a github page

SONARJAVA-5961 Upgrade sonar-java-jdt to 1.8

SONARJAVA-5973 Improve testkit tool to be able to use specific dependencies for tests

SONARJAVA-5982 S106 Should not be raised on compact source files

SONARJAVA-5983 S1220 (no unnamed package) is not applicable to compact source files

SONARJAVA-6028 S1120 Update for compact source files to avoid raising FPs

SONARJAVA-6075 S2325 Raises issues on instance main() methods

SONARJAVA-6086 Avoid unused String[] args parameter in main method

SONARJAVA-6090 S106 should detect usage of IO

SONARJAVA-6105 MethodTreeCheck.isMainMethod should be updated for Java 25 (S2096, S112, S1147, S1160, S1172, S1118, S6539)

SONARJAVA-6116 Add Java-25 project to peachee-java-kotlin

SONARJAVA-6117 S8433 should not raise issue for classes without superclass declared

SONARJAVA-6119 S3078 should report on compact source files

SONARJAVA-6123 S8433 Do not raise issues without an explicit constructor call

Documentation

SONARJAVA-5955 S122: Noncompliant example should not violate unrelated rules

SONARJAVA-6007 S2301 Inappropriate Code Sample

False Negative

SONARJAVA-5016 S2077 Add support for Jakarta

SONARJAVA-5909 FN on S3752 when @RequestMapping in class

SONARJAVA-5931 Upgrade S5128 to support the Jakarta package

Sub-task

SONARJAVA-6021 Unified dogfooding : fix/setup sync for SonarJava

Release notes - SonarJava - 8.23

New Feature

SONARJAVA-5930 S8346: Increment and decrement operators (++/--) should not be used with floating point variables.

SONARJAVA-6000 New public API to access module fully qualified key in ModuleScannerContext

False Positive

SONARJAVA-5929 S1258 FP on Spring @value annotation

Task

SONARJAVA-5942 Fix Plugin QA failure in CI

SONARJAVA-5946 Use develocity in GHA build

SONARJAVA-5958 Upgrade ECJ to version 3.44

SONARJAVA-5968 Migrate build to Java 25

SONARJAVA-5969 Update commons-lang3 to version 3.20

SONARJAVA-6004 Update rules metadata

Improvement

SONARJAVA-5928 S1118 provides a quick fix

Documentation

SONARJAVA-5927 Compliant examples for S1118 should suggest a commented body as a first alternative before throwing an exception

False Negative

SONARJAVA-5122 FN on S5977 when using SecureRandom and others

SONARJAVA-5123 FN on S2119 when using SecureRandom and others

SONARJAVA-5820 S2698 should suggest using `assertThrows` and `expectThrows` with message

Sub-task

SONARJAVA-5971 Modify rule S1258: Add exception for @value annotated fields

SONARJAVA-5972 Modify rule S1118: Change the compliant example to an empty constructor with a comment

Release notes - SonarJava - 8.22

Task

SONARJAVA-5912 Update parent pom to 86.0.0.3040

Epic

SONARJAVA-5778 Migrate sonar-java to GitHub Actions

Rotations of binary signing keys

Release notes - SonarJava - 8.21

Task

SONARJAVA-5776 Migrate build of sonar-java-jdt from Cirrus CI to GitHub Actions

SONARJAVA-5783 Create GitHub action for shadow scan in JDT

SONARJAVA-5785 Update PR cleanup in sonar-java-jdt

SONARJAVA-5817 Delete Cirrus CI config for JDT

SONARJAVA-5822 Update required Java version in README

SONARJAVA-5823 Prepare next development iteration 1.8

SONARJAVA-5824 Migrate QA from Cirrus to Github actions

SONARJAVA-5828 Migrate Cirrus build to Github actions

SONARJAVA-5846 Update license header from SonarSource SA to SonarSource Sàrl

SONARJAVA-5849 Migrate test analyze from Cirrus to GitHub actions

SONARJAVA-5850 Migrate Windows Build from Cirrus to GitHub action

SONARJAVA-5853 Finalize CI migration

SONARJAVA-5855 Migrate sanity_task from Cirrus to GitHub action

SONARJAVA-5858 Migrate Autoscan Task from Cirrus to GitHub actions

SONARJAVA-5869 Bump gh-action_releasability to skip mend scan

SONARJAVA-5874 Fix bug with varargs on S1319

SONARJAVA-5875 Delete Cirrus CI config

SONARJAVA-5878 Upgrade tomcat-embed-core to version 9.0.112

SONARJAVA-5881 Use large runner for Test Analyze due to OOM

SONARJAVA-5882 Remove unused LOG

Release notes - SonarJava - 8.9.4

Task

SONARJAVA-5742 Add some SCA exclusions to match what's excluded for mend

SONARJAVA-5772 Remove dependency on jol-core

SONARJAVA-5852 Prepare next development iteration 8.9.4

Improvement

SONARJAVA-5857 Update JDT core 3.39 -> 3.41

Release notes - SonarJava - 8.20

False Positive

SONARJAVA-4753 FP in S6813 and S3306 when using Micronaut framework AWS Lambdas

SONARJAVA-4895 S3329: FP when random IV is generated in separate function

SONARJAVA-5153 S1989 should not raise issue if exception is caught by try/catch block

SONARJAVA-5358 S6813 should not raise on fields in Activities and Fragments

SONARJAVA-5364 FP on S2187 for subclasses of test classes with Autoscan

SONARJAVA-5464 S1068: FP on variable used in @FieldSource in @ParameterizedTest

SONARJAVA-5548 FP on S1144 for jakarta.enterprise.event.ObservesAsync parameter annotations

SONARJAVA-5573 Type parameter annotations are wrongly used for nullability check

SONARJAVA-5620 FP on S1186 when testing that Spring Context loads

SONARJAVA-5751 S5738 should not report on the overriding of interface methods

SONARJAVA-5765 FP S2097 does not support PatternInstanceOfTree

SONARJAVA-5818 Fix FPs caused by state reset bug in CipherBlockChainingCheck

Bug

SONARJAVA-5763 S1948 should not crash when semantic is missing

SONARJAVA-5803 JSpecify @NullUnmarked is miss-interpreted

SONARJAVA-5819 CheckVerifier should keep the context for all files when analyzing multiple files

Task

SONARJAVA-5771 Delete ws_scan_task

SONARJAVA-5798 Create PR cleanup action

SONARJAVA-5800 Add nightly build using Github action

SONARJAVA-5802 New analysis parameter: sonar.java.failOnStackOverflow (true by default)

False Negative

SONARJAVA-5797 False Negative with java:S2698 for org.testng

Sub-task

SONARJAVA-5801 Attempt to properly get rid of the old nullability API

Release notes - SonarJava - 8.19

False Positive

SONARJAVA-5706 S1166 FP when the parser gets lost due to Lombok generated methods

SONARJAVA-5713 S1176 Does not recognize parameters in markdown

SONARJAVA-5755 FP on S1133 when using forRemoval=false

Bug

SONARJAVA-5717 Fix fullyQualifiedName() on intersection types

SONARJAVA-5726 S1656 NullPointerException when classParent is null

SONARJAVA-5759 NPE on S3457 on enums declaration type

Task

SONARJAVA-5702 Update RSPEC before 8.19 release

SONARJAVA-5714 Clean common-beanutils usage in tests to suppress alert CVE-2025-48734

SONARJAVA-5720 Unify Platform Dogfooding of sonar-java

SONARJAVA-5736 Stop using org.apache.commons.lang3.SystemUtils

SONARJAVA-5737 Update README.md with copy from Product Marketing

SONARJAVA-5738 Stop using org.apache.commons.lang3.BooleanUtils

SONARJAVA-5739 Stop using org.apache.commons.lang3.ArrayUtils

SONARJAVA-5740 Stop using StringUtils::trim

SONARJAVA-5742 Add some SCA exclusions to match what's excluded for mend

SONARJAVA-5745 Stop using org.apache.commons.lang3.StringUtils::countMatches

SONARJAVA-5750 Add Jira integration

SONARJAVA-5764 Update GH release and releasability actions

SONARJAVA-5768 Update slack channel in sonar-java-jdt

SONARJAVA-5772 Remove dependency on jol-core

SONARJAVA-5782 Improve message in S112

SONARJAVA-5784 Upgrade tomcat embed dependency

SONARJAVA-5786 Bump org.springframework:spring-expression 6.1.21 -> 6.2.11 because of CVE-2025-41249

False Negative

SONARJAVA-5723 S6437 Support jsonwebtoken hmacShaKeyFor method

Documentation

SONARJAVA-5716 S5841: Fix typo in AssertJ "doesNotContain"

Release notes - SonarJava - 8.9.3

Task

SONARJAVA-5651 org.sonarsource.java:java-extension-plugin should comply with maven central requirements

SONARJAVA-5732 Upgrade commons-lang3 to 3.18

SONARJAVA-5734 Prepare next development iteration

Release notes - SonarJava - 8.9.3

Task

SONARJAVA-5732 Upgrade commons-lang3 to 3.18

SONARJAVA-5734 Prepare next development iteration