Sourced from com.h3xstream.findsecbugs:findsecbugs-plugin's releases.

Version 1.13.0 - Lucky 13

---

Implemented enhancements:

• Java 21 Support #723

Closed issues:

• SpringEntityLeakDetector crashes with array types #679
• Java 17 not working #678
• Detect usage of Apache BeanUtils.copyProperties as dangerous #601

Merged pull requests:

• Upgrade SpotBugs to 4.8.3 #725 (gtoison)
• Updates to handle string-building taint with invokedynamic concatenation in JDK > 8 #713 (jbindel)
• taint-config files java-lang.txt and scala.txt propagate taint from character types #712 (jbindel)
• Add GCM-SIV to authenticated cipher mode list #710 (mzcu)
• Fix IMPROPER_UNICODE rule description #707 (Vampire)
• Update messages.xml #700 (jasonparallel)
• Fixing typo in docs #699 (kdowbecki)
• Verbose source line locations report #691 (oxeye-gal)
• Adding workaround for JDK > 8 invokedynamic tainting #690 (oxeye-gal)
• JstlExpressionWhiteLister now allows custom regular expressions #686 (jbindel)
• fix: added "cash account" to the safe words, not a SHA password #683 (gtoison)
• Add Detector for XXE in XML SchemaFactory #682 (exceptionfactory)
• Add Detector for XXE in XML Validator #681 (exceptionfactory)
• fix: handle arrays in SignatureParserWithGeneric #680 (gtoison)
• New detector for potential XML injection #663 (baloghadamsoftware)
• Detect usage of Apache BeanUtils as dangerous #601 #629 (marcelel)

• 06d7c83 Release 1.13.0
• 05c71d8 Merge pull request #713 from jbindel/invokedynamicfix
• aba3b5e Merge pull request #712 from jbindel/master
• 42ebd01 Test cases for invokedynamic workaround for String concatenation.
• 37ad558 Update invokedynamic workaround to check the size of parameters like long and...
• 1c7b5e8 Test cases for invokedynamic workaround for String concatenation.
• 7669015 Update invokedynamic workaround to check the size of parameters like long and...
• 3dcb378 Issue#711 Appending char to Scala StringBuilder is not considered taint-free.
• 0ca18b5 Issue#711 Appending char to StringBuilder or StringBuffer is not considered t...
• 68628d3 Merge pull request #690 from oxeye-gal/invokedynamic-workaround
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)