The rule java:S1948 “Fields in a “Serializable” class should either be transient or serializable”
triggers for me in this java snippet:

public class Auftrag implements Serializable {
  private static final long serialVersionUID = 1L;
  protected ArrayList<Anhang> anhang;
}

I am using SonarQube: 8.5.1.38104
It was reported to be fixed in squid:S1948 wrongly reported by Sonar 7.7 on ArrayList<String> - #2 by Nicolas_Peru
But perhaps it was only fixed for the private field not a protected, public or so?

Hey there.

Hi,

Your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.5.1-> 8.9.8 → 9.4 (last step optional)

You may find the Upgrade Guide and the LTS-to-LTS Upgrade Notes helpful. If you have questions about upgrading, feel free to open a new thread for that here.

If this issue persists after upgrade, please come back to us.