Spotbugs Versions Save

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

4.8.4

2 weeks ago

CHANGELOG

Fixed

Fix FP in SE_PREVENT_EXT_OBJ_OVERWRITE when the if statement checking for null value, checking multiple variables or the method exiting in the if branch with an exception. (#2750)
Fix possible null value in taxonomies of SARIF output (#2744)
Fix executionSuccessful flag in SARIF report being set to false when bugs were found (#2116)
Move information contained in the SARIF property exitSignalName to exitCodeDescription (#2739)
Do not report SE_NO_SERIALVERSIONID or other serialization issues for records (#2793)
Added support for CONSTANT_Dynamic (#2759)
Ignore generic variable types when looking for BC_UNCONFIRMED_CAST_OF_RETURN_VALUE (#1219)
Do not report BC_UNCONFIRMED_CAST for Java 21's type switches (#2813)
Remove AppleExtension library (note: menus slightly changed) (#2823)
Fix false positive NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE even if Objects.requireNonNull is used. (#651, #456)
Fixed error preventing SpotBugs from reporting FE_FLOATING_POINT_EQUALITY (#2843)
Fixed NP_LOAD_OF_KNOWN_NULL_VALUE and RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE false positives in try-with-resources generated finally blocks (#2844)
Do not report DLS_DEAD_LOCAL_STORE for Java 21's type switches (#2828)
Update UnreadFields detector to ignore warnings for fields with certain annotations (#574)
Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in method annotated with @PostConstruct, @BeforeEach, etc. (#2872 #2870 #453)
Do not report DLS_DEAD_LOCAL_STORE for Hibernate bytecode enhancements (#2865)
Fixed NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positives due to source code formatting (#2874)
Added more nullability annotations in TypeQualifierResolver (#2558 #2694)
Improved the bug description for VA_FORMAT_STRING_USES_NEWLINE when using text blocks, check the usage of String.formatted() (#2881)
Fixed crash in ValueRangeAnalysisFactory when looking for redundant conditions used in assertions #2887)
Revert again commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
Fixed false positive MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR when referencing but not calling an overridable method #2837)
Update the filter XSD namespace and location for the upcoming 4.8.4 release #2909)

Added

New detector MultipleInstantiationsOfSingletons and introduced new bug types:
- SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR is reported in case of a non-private constructor,
- SING_SINGLETON_IMPLEMENTS_CLONEABLE is reported in case of a class directly implementing the Cloneable interface,
- SING_SINGLETON_INDIRECTLY_IMPLEMENTS_CLONEABLE is reported when a class indirectly implements the Cloneable interface,
- SING_SINGLETON_IMPLEMENTS_CLONE_METHOD is reported when a class does not implement the Cloneable interface, but has a clone() method,
- SING_SINGLETON_IMPLEMENTS_SERIALIZABLE is reported when a class directly or indirectly implements the Serializable interface and
- SING_SINGLETON_GETTER_NOT_SYNCHRONIZED is reported when the instance-getter method of the singleton class is not synchronized. (See SEI CERT MSC07-J)
Extend FindOverridableMethodCall detector with new bug type: MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT. It's reported when an overridable method is called from readObject(), according to SEI CERT rule SER09-J. Do not invoke overridable methods from the readObject() method.

Changed

Minor cleanup in connection with slashed and dotted names (#2805)

Build

Fix sonar coverage for project (#2796)
Upgraded the build to compile bug samples using Java 21 language features (#2813)
Add 'configurations.checkstyle resolution starategy' to control bug in gradle on exclusions not being excluded properly as seen in checkstyle usage. See https://github.com/checkstyle/checkstyle/issues/14211 for more information. (#2798)
Allow our builds to work with jdk 11 with drop back on Eclipse to 4.24 and spring to 5.3.31. (#2604)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.4-javadoc.jar	eeb8bff5bcd8fb6a3a59470f6a692f1364e707c81c05604306b61d251feaa945
spotbugs-4.8.4-sources.jar	8b1bcd6d4f885e39140f13cd03636e6598d6e58f224f1ebc6ce691ce586c9c13
spotbugs-4.8.4.tgz	11629b13aad39c453c23f8a8a43096b003afb55924a17424a9e1bc722190576b
spotbugs-4.8.4.zip	20584b304d4b5755c1e99e712093c3a5df58d7fca848094460ace64410537127
spotbugs-annotations-4.8.4-javadoc.jar	068306fc4fd7151ad714743073ea50b2e06ff305b07fd8a00ddde9474d6fcbe8
spotbugs-annotations-4.8.4-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	baa8208c3a16d4bc08eb3717e295604154f1c12bf9fe547799ed8bae325f2718
spotbugs-ant-4.8.4-javadoc.jar	f8755ad5aeda98e314c346b64d80608e84d0b21e1cf4d1944236782fd93c552a
spotbugs-ant-4.8.4-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	1ca27492ff249922c8a0df73d3bad3551fad860ee2333d52fcd6d7ca05e48312
test-harness-4.8.4-javadoc.jar	fc219a8628b999e1518220abb1143bd721c27a4a02737d3b42f016736265afcc
test-harness-4.8.4-sources.jar	76788749afa9e2a8d6c39231f683bd8e3faab26947975c751c0ab0fbdfc3c17a
test-harness-4.8.4.jar	2136665f90315fee5f4e6c4d5f7003e3d6b61ba0fb55346b4d583602a2587c28
test-harness-core-4.8.4-javadoc.jar	303a41589c918af6ac64a9c133d62ec3efb2512be319f44e3341ee2d441e2272
test-harness-core-4.8.4-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.4.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.4-javadoc.jar	191183626b64d9e9a0d7a78b3eb35ecf4540b76fc3df4cd7966219ef8ef79402
test-harness-jupiter-4.8.4-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.4.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

4.8.3

4 months ago

CHANGELOG

Fixed

Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits for checked exceptions (#2710)
Applied changes for bcel 6.8.0 with adjustments to constant pool (#2756)
- More information bcel changes can be found on (#2757)
Fix FN in CT_CONSTRUCTOR_THROW when the return value of the called method is not void or primitive type.

Changed

Improved Matcher checks for empty strings (#2755)
Allow 'onlyAnalyze' option to specify negative matches, such that this facility can be used to prevent a subset of classes to be excluded from analysis (#2754)
Strictly require logback 1.2.13 due to CVE-2023-6481 and CVE-23-6378 (#2760)
Prefer log4j2 at 2.22.0 and logback at 1.4.14 (#2760)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.3-javadoc.jar	2e01e937ceb24dc02796690e73caa9d06e576741af497f22f2b1ccd41e98065d
spotbugs-4.8.3-sources.jar	383f1434925a9b5df46c03dc79aac9dbc9ac1e5020f40b34f4e6ab565b8082f5
spotbugs-4.8.3.tgz	4713c0ebcc76125ba11be3cfcb288a39b809fdabfbeec0acd0ac7494ef649851
spotbugs-4.8.3.zip	7468aaaf370ec9df0601a46cf0157b83022d00227ef724d80ebbfbb11cb26270
spotbugs-annotations-4.8.3-javadoc.jar	eb513a89ac812f50e3d7de5efbb0e135994849c18412b04759e6d67e991e356e
spotbugs-annotations-4.8.3-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b
spotbugs-ant-4.8.3-javadoc.jar	a9713955805838408ed7b6adf030bffc4cd2036fa2fdb8fb772bc1857e4ac4a6
spotbugs-ant-4.8.3-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	84a286b65d1c2441ac24a57a998c83d43b9d287fd68ac0df7c7524b5f419fc2b
test-harness-4.8.3-javadoc.jar	e3c3997b3a26bee7833b9e7ae634b32f7b060fe11af0a4111d0d62b2a872f760
test-harness-4.8.3-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.3.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.3-javadoc.jar	cd3a2bbcff93aba606a4e3340733d06684e2e456211068f8cb7069890c71efa0
test-harness-core-4.8.3-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.3.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.3-javadoc.jar	35631be40804da4e5613dfa70efc491c52d5b9d4e6d35d706efce78a4ceb1669
test-harness-jupiter-4.8.3-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.3.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

4.8.2

5 months ago

CHANGELOG

Fixed

Fixed false positive UPM_UNCALLED_PRIVATE_METHOD for method used in JUnit's MethodSource (#2379)
Use java.nio to load filter files (#2684)
Eclipse: Do not export javax.annotation packages (#2699)
Fixed not thread safe FindOverridableMethodCall detector (#2701)
Fix the weird messages of PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS bugs. (#2646)
Revert commons-text from 1.11.0 to 1.10.0 to resolve a version conflict (#2686)
Fix FP in CT_CONSTRUCTOR_THROW when the finalizer does not run, since the exception is thrown before java.lang.Object's constructor exits (#2710)

Added

New detector finding System.getenv() calls, where the corresponding Java property could be used (See ENV02-J).

Build

Run build using jdk 17 and 21 without usage of toolchains so we do not defeat the purpose of building on both. (#2722)

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.2-javadoc.jar	9147da4187712ba3ec7fd232510181366f394443cf70a76ee918738a11c539e9
spotbugs-4.8.2-sources.jar	4486c8404debe8de2d5a7d71c14ad66480f463d84586cb3077c639c72192924c
spotbugs-4.8.2.tgz	c3eb4e2077310bf19b06ed232dc8d71f3a4884a4619fd8a7c041ed5ce5af4819
spotbugs-4.8.2.zip	615400e86ee19ee1b74d0f8d1a170e2dfdb8f49d02b60fa7b276a8179c3b584a
spotbugs-annotations-4.8.2-javadoc.jar	22ec9f9658a7e569893db728a5cdcdb4121b4bca1ae1ee154189f2cbbc42f187
spotbugs-annotations-4.8.2-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	3d02aacbf2d094d510c087c2a25a85e04f655b22260016473d02258237d0df27
spotbugs-ant-4.8.2-javadoc.jar	b210ddbee668f591f0ff57ea8d546ac47e2753cbf56b6f1bbeb61a8d4c82d233
spotbugs-ant-4.8.2-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	01974233a0da943700b9b9d190f872f6dd155d5825e05d1fae5a531bebb284eb
test-harness-4.8.2-javadoc.jar	a362bb855074be294da341b5ba7406c013174246c63061fc7dfc91f28795adbe
test-harness-4.8.2-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.2.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.2-javadoc.jar	9b32bd7cc9e5af80379207b0b4ad2f6217c4e46db2db3f371d886e227b2ee266
test-harness-core-4.8.2-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.2.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.2-javadoc.jar	8029e928d3dfa2a93ff8d877693421f265122c5d0f4caee17fd6796d0c7e566d
test-harness-jupiter-4.8.2-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.2.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

4.8.1

6 months ago

CHANGELOG

Fixed

Fixed schema location for findbugsfilter.xsd ([#1416])
Fixed missing null checks ([#2629])
Disabled DontReusePublicIdentifiers due to the high false positives rate ([#2627])
Removed signature of methods using UTF-8 in DefaultEncodingDetector ([#2634])
Fix exception escapes when calling functions of JUnit Assert or Assertions ([#2640])
Fixed an error in the SARIF export when a bug annotation is missing ([#2632])
Fixed false positive RV_EXCEPTION_NOT_THROWN when asserting to exception throws ([#2628])
Fix false positive CT_CONSTRUCTOR_THROW when supertype has final finalize ([#2665])
Lowered the priority of PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE bug ([#2652])
Eclipse: fixed startup overhead (on computing classpath) for PDE projects ([#2671])

Build

Fix deprecated GHA on '::set-output' by using GITHUB_OUTPUT ([#2651])

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.1-javadoc.jar	f8ef08283a500d3f250f87f5b01fac2ed19acc11bc78657fd277ca7d27c9c211
spotbugs-4.8.1-sources.jar	29fef7bebfe1597f8477e21cf139ac6f1ef01afabce8bb3e6ae258a3d6c3de8f
spotbugs-4.8.1.tgz	b8e8f755c3e629885616d898e1a857162273253559f9e0e329983c671c02cd4e
spotbugs-4.8.1.zip	5cb639cf1ce79dc58ba07ee459a6da8bd665e06e10cfb66a79c685601326c111
spotbugs-annotations-4.8.1-javadoc.jar	56be7c8808111619cf87f4385368b8c0d30e4a01bcea4add878780608a6e932a
spotbugs-annotations-4.8.1-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	06eba41a81aaccb011c3f75afa019e509cda7f1eb7a4e057bb860c60845f915e
spotbugs-ant-4.8.1-javadoc.jar	3862ce0fe8a201562cb32ddfbff3d78745950aeb0d0ea8c849bf55d1aa9b71de
spotbugs-ant-4.8.1-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	e49adbc51addf00264042d82075db98a10ad2af9348f7275de6bc075b7245a95
test-harness-4.8.1-javadoc.jar	6f2d3a6c452c972e2890161ee1ff84437bba0877bcd302041df73e9d02217d7b
test-harness-4.8.1-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.1.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.1-javadoc.jar	af4e056c212f1039e9f756067fce7125f24160f2e70918fa710e6e3cd9993e92
test-harness-core-4.8.1-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.1.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.1-javadoc.jar	1d84b2c269263a7eb0641d021e99da9a6da2bfac05430b341a38a4b0530e57a9
test-harness-jupiter-4.8.1-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.1.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

4.8.0

6 months ago

CHANGELOG

Changed

Bump up Apache Commons BCEL to the version 6.6.1 (#2223)
Bump up slf4j-api to 2.0.3 (#2220)
Bump up gson to 2.10 (#2235)
Allowed for large command line through writing arguments to file (UnionResults/UnionBugs2)
Use com.github.stephenc.jcip for jcip-annotations fixing (#887)
Bump ObjectWeb ASM from 9.4 to 9.6, supporting JDK 21 (#2578)

Fixed

Fixed missing classes not in report if using IErrorLogger.reportMissingClass(ClassDescriptor) (#219)
Stop exposing junit-bom to consumers (#2255)
Fixed AbstractBugReporter emits wrong non-sensical debug output during filtering (#184)
Added support for jakarta namespace (#2289)
Report a low priority bug for an unread field in reflective classes (#2325)
Fixed "Unhandled event loop exception" opening Bug Filter Configuration dialog in Eclipse (#2327)
Fixed detector RandomOnceSubDetector to not report when doubles, ints, or longs are called on a new Random or SecureRandom (#2370)
Fixed detector TestASM throwing error during analysis, because it doesn't note that it reports bugs.
Eclipse annotation classpath initializer is hard-coded to jsr305 version 3.0.1, fix to 3.0.2 per #2470
Fixed annotation on generic or array incorrectly considered for the nullability of a method parameter or return type (#2502)
Added support for CONSTANT_Dynamic in constant class pool (#2506)
Recognise enums and records as immutable (#2356)
Added detections of reliance on default encoding in java.nio.file.Files (#2114)
Fixed a regression in the Value Number Analysis (#2465)
Fix XML Output incorrectly escaped in Eclipse Bug Info view (#2520)
Updated the MS_EXPOSE_REP description to mention mutable objects, not just arrays (#1669)
Described Configuration option frc.suspicious for bug RC_REF_COMPARISON in bug description (#2297)
Fixed FindHEMismatch not reporting HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS for some classes (#2402)
Added execute file permission to files in the distribution zip (#2540)
Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito.verify() call check (#872)
Do not report SIC_INNER_SHOULD_BE_STATIC for classes annotated with JUnit Nested (#560)
Detect created, but not-thrown exceptions, which are created by not the constructor (#2547)
Fixed eclipse plugin Effort.values pass to effortViewer as required cast to varargs (#2579)

Added

New simple name-based AnnotationMatcher for exclude files (now bug annotations store the class java annotations in an attribute called classAnnotationNames). For example, use like <Match><Annotation name="org.immutables.value.Generated" /></Match> in an excludeFilter.xml to ignore classes generated by the Immutable framework. This ignores all class, method or field bugs in classes with that annotation.
Added the Common Weakness Enumeration (CWE) taxonomy to the Static Analysis Results Interchange Format (SARIF) report. The short and long description for the CWEs are retrived from a JSON file which is a slimmed down version of the official comprehensive CWE XML from MITRE. The JSON contains information about all CWEs. (#2410).
New detector FindAssertionsWithSideEffects detecting bug ASSERTION_WITH_SIDE_EFFECT and ASSERTION_WITH_SIDE_EFFECT_METHOD in case of assertions which may have side effects (See EXP06-J. Expressions used in assertions must not produce side effects)
New rule set PA_PUBLIC_PRIMITIVE_ATTRIBUTE, PA_PUBLIC_ARRAY_ATTRIBUTE and PA_PUBLIC_MUTABLE_OBJECT_ATTRIBUTE to warn for public attributes which are written by the methods of the class. This rule is loosely based on the SEI CERT rule OBJ01-J Limit accessibility of fields. (#OBJ01-J)
Extend SerializableIdiom detector with new bug type: SE_PREVENT_EXT_OBJ_OVERWRITE. It's reported in case of the readExternal() method allows any caller to reset any value of an object
New Detector FindVulnerableSecurityCheckMethods for new bug type VSC_VULNERABLE_SECURITY_CHECK_METHODS. This bug is reported whenever a non-final and non-private method of a non-final class performs a security check using the java.lang.SecurityManager. (See [SEI CERT MET03-J] (https://wiki.sei.cmu.edu/confluence/display/java/MET03-J.+Methods+that+perform+a+security+check+must+be+declared+private+or+final))
New function added to detector SynchronizationOnSharedBuiltinConstantto detect DL_SYNCHRONIZATION_ON_INTERNED_STRING (#2266)
Make TypeQualifierResolver recognize org.apache.avro.reflect.Nullable (#2066)
New detector FindArgumentAssertions detecting bug ASSERTION_OF_ARGUMENTS in case of validation of arguments of public functions using assertions (See MET01-J. Never use assertions to validate method arguments)
Add new detector CT_CONSTRUCTOR_THROW for detecting constructors that throw exceptions.
New detector DontReusePublicIdentifiers for new bug type PI_DO_NOT_REUSE_PUBLIC_IDENTIFIERS. This bug is reported whenever a new class, interface, field, method or variable is created reusing an identifier from the Java Standard Library . (See SEI CERT rule DCL01-J)

Security

Disable access to external entities when processing XML (#2217)

Build

Bump Eclipse from 4.6.3 to 4.14 (#2314)
Use jakarta annotation 1.3.5 instead of legacy javax annotation 1.3.2 (#2315)
Change hamcrest-all to hamcrest-core as that is what was actually used and then update to 2.2 (#2316)
Only run release action on 'spotbugs' and use Eclipse 4.14 (#2317)
Prefer log4j2 2.20.0 (#2480)
Prefer logback 1.4.8 (#2480)
Prefer logback 1.4.11 (#2580)
Switch junit 4 for junit 5 vintage engine (#2483)
LineEndings and Spotless (#2343)
- Cleanup gitattributes switching text to auto. For developers using windows, run 'git add . --renormalize' and see https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings if needed.
- Rework spotless setup from plugin to build file plugin matching that of gradle plugin and thus allowing spotless to be updated to 6.22.0
- Remove customized line endings for spotless so it uses git attributes as suggested by spotless
- Add trimTrailingWhitespace for spotless
- Fix deprecated usage of eclipse version from 4.13.0 to 4.13 per spotless requirements
Bump spotbugs gradle plugin to 6.0.0-beta.3 demonstrating breaking changes for 6.0.0 in gradle/java.gradle build file (#2582)
Delete checked in j2ee jar and instead use servlet/ejb apis from jakarta (javax standard) (#2585)
Bump Eclipse from 4.14 to 4.29 (latest) (#2589)
Cleanup hamcrest imports / used library (#2600)
Migrate entirely to junit 5 (#2605)
- Some parts of codebase were junit 3
- Delete the SpotbugsRule
- Replace custom java determination on build with Junit 5 usage
- Various 'public' methods in tests fixed to 'private'
- Junit 5 styling applied throughout
- Add missing code to the SpotBugsRunner and now use the Extension as replacement of SpotbugsRule

CHECKSUM

file	checksum (sha256)
spotbugs-4.8.0-javadoc.jar	4cf102aa474ce8f3728e7513c51c0710024e4cd9d6b7c07672b5e3ec0e70a848
spotbugs-4.8.0-sources.jar	d1e47bd320cae314a5c2b44e52152d8ca5f5f700713ba0f497dbed0a916540c2
spotbugs-4.8.0.tgz	15a97043faef7a371ae43137805ca83e89005c22253806b7c63a60a585e794c7
spotbugs-4.8.0.zip	768ac3bd6f5c49d1f12924ff3094ff281debc0ee218ae85ce5aae6f66ca0666a
spotbugs-annotations-4.8.0-javadoc.jar	d8ab5ebdaccff345d7167d2518fd74db72cf6b02b259d4f011689d48351c2b3e
spotbugs-annotations-4.8.0-sources.jar	b5d0110b70b9c44915f2c3375d1b700acb6d409152baf70030787d17a684469b
spotbugs-annotations.jar	f6644de2f0dfe4b614d3c9a35e9a8f1e1da1074892c8cad7a00bb08ce7bf4eff
spotbugs-ant-4.8.0-javadoc.jar	1285df769e00a9fbeb6edceec856b361fb7f5f79762d3f2a768ce71d31cf7bb5
spotbugs-ant-4.8.0-sources.jar	9f1431331363f45ceb9b91c0e5246eab574fbff81c56eff0e385f572d346de61
spotbugs-ant.jar	a798346790437cdc18217379fa54a7e6b044ba2070891ebe01faee28af79af6c
spotbugs.jar	1ce2fa740d7f07b802881babb27dd26f74861ff2ac938718779ce8a7cb5fe14c
test-harness-4.8.0-javadoc.jar	3191c34729c1dedb4964dfc8a0cd5917457e6271291688ff6d5fc3b9c96868f6
test-harness-4.8.0-sources.jar	633ae795c1889fa59f1faad8ea8f1f5b39155029f4f75b51557085097570feb6
test-harness-4.8.0.jar	23f414f9988a3d44dded88ad2d827e95699dc6bb8d6e06a2b0920db2cac442b9
test-harness-core-4.8.0-javadoc.jar	33c6e66ac7a08344afe48aa5ba1d5be22ec79065e50b235530c02d46818a7018
test-harness-core-4.8.0-sources.jar	f5db3e4ebf3f90c9bbf4815824c9d94f93fb740c9610b6f70a64bf7896a4e082
test-harness-core-4.8.0.jar	5bd0e9b18f0ec45c27ee3ec882cb6db86ed42a6b884f091468496de3281dc242
test-harness-jupiter-4.8.0-javadoc.jar	5ff08084863aa6f6579e97e83d9c0ba2b7620663d0f0b0a777f09d99ba06dc8c
test-harness-jupiter-4.8.0-sources.jar	0aefbc5c8bd406e5dc0b1d59bc3afc6889c02010d486b22242f4f19a1a935800
test-harness-jupiter-4.8.0.jar	d2ed802cc81dca3cf8c393fda7f77f02b01c0c1a8ffce7ec57da53aff27a1485

4.7.3

1 year ago

CHANGELOG

Fixed

Fixed detector DontUseFloatsAsLoopCounters to prevent false positives. (#2126) @baloghadamsoftware
Fixed regression in 4.7.2 caused by (#2141) @baloghadamsoftware
improve compatibility with later version of jdk (>= 13). (#2188) @Bluesbreaker45
Fixed detector UncallableMethodOfAnonymousClass to not report unused methods of method-local enumerations and records (#2120) @baloghadamsoftware
Fixed detector FindSqlInjection to detect bug SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE SQL with high priority in case of unsafe appends also in Java 11 and above (#2183) @baloghadamsoftware
Fixed detector StringConcatenation to detect bug SBSC_USE_STRINGBUFFER_CONCATENATION also in Java 11 and above (#2182) @baloghadamsoftware
Fixed OpcodeStackDetector to to handle propagation of taints properly in case of string concatenation in Java 9 and above (#2195) @baloghadamsoftware
Bump up log4j2 binding to 2.19.0
Bump ObjectWeb ASM from 9.3 to 9.4 supporting JDK 20 (#2200)
Bump up commons-text to 1.10.0 (#2197)
Fixed debug detector ViewCFG to generate file names that are also valid on Windows (#2209) @baloghadamsoftware

CHECKSUM

file	checksum (sha256)
spotbugs-4.7.3-javadoc.jar	d2ba03077ea35bdac56ff4c45f8a00d0b334c3a6a3855da61d3712b4146472cf
spotbugs-4.7.3-sources.jar	1fd011390e107d57c7c758539a8f79908d022709920171a91d27d3b88634087c
spotbugs-4.7.3.tgz	f02e2f1135b23f3edfddb75f64be0491353cfeb567b5a584115aa4fd373d4431
spotbugs-4.7.3.zip	dffd3f41fdc2a4cfda547d4ce700585136340e7d0803aeeb2e7ca6cf8c4a6898
spotbugs-annotations-4.7.3-javadoc.jar	392b57d03cb24664dd9ba856287b38a8668c3926eabdfa0f0663fad8fa7d0f44
spotbugs-annotations-4.7.3-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	c0fd1ac2e22acdd46913a2ff74551b71f124457199688698204af4bf3d43165d
spotbugs-ant-4.7.3-javadoc.jar	8591f80cf058830d5b824adc68b820cd901d630b9b55557c48fe4cca6ccdd2fe
spotbugs-ant-4.7.3-sources.jar	ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar	b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar	df37eab21a7d04aa807808a33e9f7c081451cb02c14b4a2c33119976be498520
test-harness-4.7.3-javadoc.jar	4008cc377288c53b4725f43a519a701eb91226a99ab340e997694ade20ed243e
test-harness-4.7.3-sources.jar	7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.3.jar	50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.3-javadoc.jar	486c16fa3ed7c1d99d8ddcdc8e1a6aecf925911d6b473d73aeab40f1639dda52
test-harness-core-4.7.3-sources.jar	f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.3.jar	7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.3-javadoc.jar	5a011955082b4e27bcdeeb56b6bc6fae21f87015b354bc5ffb80442495b919b9
test-harness-jupiter-4.7.3-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.3.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

4.7.2

1 year ago

CHANGELOG

Fixed

Bumped gson from 2.9.0 to 2.9.1 (#2136)
Bump up SLF4J API to 2.0.0
Bump up logback to 1.4.0
Bump up log4j2 binding to 2.18.0
Bump up Saxon-HE to 11.4 (#2160)
Fixed InvalidInputException in Eclipse while bug reporting (#2134) @iloveeclipse
Bug SA_FIELD_SELF_ASSIGNMENT is now reported from nested classes as well (#2142) @baloghadamsoftware
Avoid warning on use of security manager on Java 17 and newer. (#1579) @raphw
Fixed false positives EI_EXPOSE_REP thrown in case of fields initialized by the of or copyOf method of a List, Map or Set (#1771) @baloghadamsoftware
Fixed CFGBuilderException thrown when dup_x2 is used to swap the reference and wide-value (double, long) in the stack (#2146) @KengoTODA

CHECKSUM

file	checksum (sha256)
spotbugs-4.7.2-javadoc.jar	a40e94961c8b99e020aacfa7012cce4e818eac6fb8effa678e20177814113248
spotbugs-4.7.2-sources.jar	fca5bab29e0373944cbb07e3329ce1c0c18133885f558fb25e3bc2ebba6a7018
spotbugs-4.7.2.tgz	f02a023d03b0fde70038ccb4bc8d4a964a504262d13024a97b14d9070f7d4d96
spotbugs-4.7.2.zip	3974d90eb70aad26bb647e0bbaae810c7cf927587e28ce939c2b6531414afe7d
spotbugs-annotations-4.7.2-javadoc.jar	b8e9f92e17a62766f86b82442a07b0f57ff4f919796e944a6e2a5bacc76e4399
spotbugs-annotations-4.7.2-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	e2b4c654b2d7897490cf1f22a009ac677be4c92bfc493a0dedb5706f5e489839
spotbugs-ant-4.7.2-javadoc.jar	632af1c4043b35eab37318eed7ab301655553a124248b4467fb30cbd0f2f24de
spotbugs-ant-4.7.2-sources.jar	ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar	b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar	df5205f4d87ed53ff5b847c6aedc55d605966c0f8f9820d9c6be5ba517b09bcd
test-harness-4.7.2-javadoc.jar	1486f4f4be29dc24a19ad95b809b42d08f34ec9c68abfd43c5fe44d6087d8845
test-harness-4.7.2-sources.jar	7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.2.jar	50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.2-javadoc.jar	f10c5bbe98b2666ea775cc5c0a9a94e99b116706d75254d079741ff410dbdd33
test-harness-core-4.7.2-sources.jar	f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.2.jar	7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.2-javadoc.jar	1bdd8c97fbef6009945e30821ba26f722d1d037c33d780f75d922e30c900ef04
test-harness-jupiter-4.7.2-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.2.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

4.7.1

1 year ago

CHANGELOG

Fixed

Fixed False positives for RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE on try-with-resources with interface references (#1931) @dmivankov
Fixed NullPointerException thrown by detector FindPotentialSecurityCheckBasedOnUntrustedSource on Kotlin files. (#2041) @baloghadamsoftware
Disabled detector ThrowingExceptions by default to avoid many false positives (#2040) @iloveeclipse
Fixed False positives for THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION and THROWS_METHOD_THROWS_CLAUSE_THROWABLE on evaluating synthetic classes (#2040) @big-andy-coates
Fixed False positive for SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA on proper protection by using static lock for synchronized block, but inside an unsecured (synchronized and not static) method (#2089) @gonczmisi

CHECKSUM

file	checksum (sha256)
spotbugs-4.7.1-javadoc.jar	b9562f6c370adc73277c2f7ecd1d72dea1f4961ff8a38b5c9de1df48c98d4727
spotbugs-4.7.1-sources.jar	70e08fd3a294d86f364ddb57fe83e5eebb90eb372766e6c0ad41b1c206f2a7c6
spotbugs-4.7.1.tgz	62195a43af19e998380ea5988dba3bdd5b927acd6a3a47a575578629313ce836
spotbugs-4.7.1.zip	008c98901099114dbb0864bf693f480df4cef83929cf469d37b1cf85a348ae88
spotbugs-annotations-4.7.1-javadoc.jar	8f58cc52f0517b072da3696d6d4b882944699746de63084834d688b9d0ff1102
spotbugs-annotations-4.7.1-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	c267764c59c7cbd2e6becebeb7c848cd6dfe23a28a76ea3bc6ccea5cce60932e
spotbugs-ant-4.7.1-javadoc.jar	cbd76c1382c887e0f73426646f2b12c867b48a607ccd2eb6618125ab672e9296
spotbugs-ant-4.7.1-sources.jar	ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar	b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar	a6b689b6695fe64665a056875c0d57b55c07431d5d5193b2ae3971986a114d0e
test-harness-4.7.1-javadoc.jar	5a4e624420abcdb782158b3ce1b0e17c5e5ad3176698c617128897201bceb775
test-harness-4.7.1-sources.jar	7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.1.jar	50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.1-javadoc.jar	6e8325372c24834f40a73feaba3fc256fdb5e6391ff086d459afd58b0fc1b073
test-harness-core-4.7.1-sources.jar	f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.1.jar	7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.1-javadoc.jar	83332c275c96e72ecdacf96244baf79a0357dd5c3fdd6143e0b47fc73f153441
test-harness-jupiter-4.7.1-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.1.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

4.7.0

2 years ago

CHANGELOG

Changed

Updated documentation by adding parenthesis () to the negative odd check message (#1995) @axkr
Let the Plugin class implement AutoCloseable so we can release the .jar file (#2024) @gtoison

Fixed

Fixed reports to truncate existing files before writing new content (#1950) @sdati
Fixed traversal of nested archives governed by -nested:true (#1930) @Vogel612
Warnings of deprecated System::setSecurityManager calls on Java 17 (#1983) @wborn
Fixed false positive SSD bug for locking on java.lang.Class objects (#1978) @jpschewe
FindReturnRef throws an IllegalArgumentException unexpectedly (#2019) @KengoTODA
Bumped Saxon-HE from 10.6 to 11.3 (#1955, #1999)
Bump ObjectWeb ASM from 9.2 to 9.3 supporting JDK 19 (#2004)

Added

New detector ThrowingExceptions and introduced new bug types @oroszbd
- THROWS_METHOD_THROWS_RUNTIMEEXCEPTION is reported in case of a method throwing RuntimeException,
- THROWS_METHOD_THROWS_CLAUSE_BASIC_EXCEPTION is reported when a method has Exception in its throws clause and
- THROWS_METHOD_THROWS_CLAUSE_THROWABLE is reported when a method has Throwable in its throws clause (See SEI CERT ERR07-J)
New rule PERM_SUPER_NOT_CALLED_IN_GETPERMISSIONS to warn for custom class loaders who do not call their superclasses' getPermissions() in their getPermissions() method. This rule based on the SEI CERT rule SEC07-J Call the superclass's getPermissions() method when writing a custom class loader. (#SEC07-J) @baloghadamsoftware
New rule USC_POTENTIAL_SECURITY_CHECK_BASED_ON_UNTRUSTED_SOURCE to detect cases where a non-final method of a non-final class is called from public methods of public classes and then the same method is called on the same object inside a doPrivileged block. Since the called method may have been overridden to behave differently on the first and second invocations this is a possible security check based on an unreliable source. This rule is based on SEC02-J. Do not base security checks on untrusted sources. (#SEC02-J) @baloghadamsoftware
New detector DontUseFloatsAsLoopCounters to detect usage of floating-point variables as loop counters (FL_FLOATS_AS_LOOP_COUNTERS), according to SEI CERT rules NUM09-J. Do not use floating-point variables as loop counters @adrianturtoczki
New test detector ViewCFG to visualize the control-flow graph for SpotBugs developers @baloghadamsoftware

CHECKSUM

file	checksum (sha256)
spotbugs-4.7.0-javadoc.jar	43745221e8fdf50fa2f89d659034523dd58da3d10223de6e0c91704c07e025a0
spotbugs-4.7.0-sources.jar	6e90f856826b48a3031e2cb903534b4fdb494759863ea14e8df93c9cf15a272c
spotbugs-4.7.0.tgz	8c871e279c7d9b1933158db6355b8ac817a84fd724b88b1e393e3abcf6874910
spotbugs-4.7.0.zip	9ee793b0f3f78901089211dfa67b8603e38fd1abd64eac09d2590df506cfedf5
spotbugs-annotations-4.7.0-javadoc.jar	76a9a7d45590494a220840d173809b2fe0ec50e554435dd9b28de9312cc6a34a
spotbugs-annotations-4.7.0-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	8e6677102aa0de50841644cf9a57d6d503550ad774049a76c75bf157a8beebd5
spotbugs-ant-4.7.0-javadoc.jar	50d84857bbdca54898e93b225835ab25eba9f0a7e340c420ab08bc17bd584f0c
spotbugs-ant-4.7.0-sources.jar	ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar	b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar	94c44d86c83b8fe63b20023e510874aef721b1081982051706e1da841572f295
test-harness-4.7.0-javadoc.jar	3af01af49d74964569fe8ce0e4c217fbfd89e7c02ae5428148b5222e0aec8906
test-harness-4.7.0-sources.jar	7efb06093ea5f6f330a7bd76b894f396d6cb466665fcefc01a3743b07910dc29
test-harness-4.7.0.jar	50b4a72c668ea7d29bf1234b4aa380df903374216f68b0a87f7ca28d4fa225f3
test-harness-core-4.7.0-javadoc.jar	659508cc31a9dfb5c7d4c14981a3f38f476888c7bb08479ac19401ef39201f64
test-harness-core-4.7.0-sources.jar	f8aab3c5cdd456d6b6d632e9fc65897e657447a2e925b6b3f61bd2d15c22cb24
test-harness-core-4.7.0.jar	7165f7f45a6e82e8a6d6a0a4033b6473b310c14f645cb62ebc2fbc6ce5338350
test-harness-jupiter-4.7.0-javadoc.jar	c0300bac23ce2292be120325515128d2d9262c1f7d71b3bf1c4324b2d6b57753
test-harness-jupiter-4.7.0-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.7.0.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4

4.6.0

2 years ago

CHANGELOG

Fixed

Fixed spotbugs build with ecj compiler (#1903) @iloveeclipse
Moved tests from spotbugs project to spotbugs-tests project (#1914) @iloveeclipse
Fixed UI freezes in Eclipse on bug count decorations update (#285) @iloveeclipse
Bumped log4j from 2.17.1 to 2.17.2 (#1960)
Bumped gson from 2.8.9 to 2.9.0 (#1960)

Added

New detector FindInstanceLockOnSharedStaticData for new bug type SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA. This detector reports a bug if an instance level lock is used to modify a shared static data. (See SEI CERT rule LCK06-J) @gonczmisi

CHECKSUM

file	checksum (sha256)
spotbugs-4.6.0-javadoc.jar	f38dba26a1e419483b19c3acc35962347a6e5c3d6793729e84a637cef1423c1a
spotbugs-4.6.0-sources.jar	6926fee89be85021a3a58cc8f08c5f706f3696c151dcee38dbaf674b6fa7f357
spotbugs-4.6.0.tgz	d357a5920bba4e7964d834de88fe64892ed02b5e1d4f61b8afb5187e4e4cdd04
spotbugs-4.6.0.zip	8486f721d80e62c300fd2db5076badac3d969b596904c23f429c922a03041ac0
spotbugs-annotations-4.6.0-javadoc.jar	d001876f444fb41f946218571f6935b008578cdc560d75691951b682578f260c
spotbugs-annotations-4.6.0-sources.jar	b338136e3e82d585348cde58a8fe3a678e16f51a35c31c1463e05fefef557aad
spotbugs-annotations.jar	b7021b4ecbafd9b321bdf06eef2ec4519526e2b39fb7d080f2964308f017435e
spotbugs-ant-4.6.0-javadoc.jar	4d092495bee2eede65dbac444e72a89396dbc78beea15ae588d1d37e853c4cab
spotbugs-ant-4.6.0-sources.jar	ce7cfbed848ccb0e3765cec6b9c60c458699aa51f60ad9216cf89dbf38d8d793
spotbugs-ant.jar	b866a2a89a03b49e60b5f27e0f5987eb8c12c2d2aefc6e9ddcbcdae345c765db
spotbugs.jar	0c05d399522d4de7630a935eb24b2fef75cabf1867527abffbcd319a94804b5f
test-harness-4.6.0-javadoc.jar	e5c5e087a6ae7dd919026dc1dc88e720ce239f73b125e150c15e70a78126574f
test-harness-4.6.0-sources.jar	2c1f5ef929453f3b682c7eb7c1e22db3082b5f74c5a5be439be5dc31dd7a31aa
test-harness-4.6.0.jar	45ca0e944ee5704318d79f67815cde7ca5f7fb22814e325d00e2d25d9b552659
test-harness-core-4.6.0-javadoc.jar	1e6bdfb261bbb17674d4ac94576cb3fb561b207d9b615fdcb575e6c565a03f09
test-harness-core-4.6.0-sources.jar	f320f5eb4069e9686b760b2a6a0760989753225f9e9ce1226e3258ec64795d8a
test-harness-core-4.6.0.jar	fd1a0c06a5eaff50ed0953d42fb7d69a41031c6a6630ad5e47c38a9f0eaca285
test-harness-jupiter-4.6.0-javadoc.jar	1a0f4bb21a3a2cf100b8b5d6ec6ccf6e54eef2d174e00cc34d54cf7f86d45640
test-harness-jupiter-4.6.0-sources.jar	210353a57016e26b1a654d936a15f039613fa1ac532d485c1b1d03902f6c6315
test-harness-jupiter-4.6.0.jar	18095fec31b85981ecaafdef86ca9ae1e9588e1b9bc6d209f82829cf9d0c13f4