I’ve moved your post to the section on reporting false-postiives/false-negatives.
It would be useful if you could provide a pom.xml file where you expect the issue to be raised, but it is no longer.
Sorry for the late response.
I hope it will be enough just provide the relevant piece of pom.xml:
Sorry for the late reply but I am having a hard time reproducing the issue.
Locally I can see the issue in SonarLint. On SonarCloud, I can see the issue, whether I am running in automatic analysis mode or using the scanner for maven.
Are you saying that this part of the XML file raises no issue or that some of the secondary locations of the issue are not highlighted?