SonarLint for IntelliJ 4.14.1 released - Taint vulnerabilities in the IDE

I am pleased to announce the release of SonarLint for IntelliJ 4.14.1.

With this version, we add the possibility to investigate and fix taint vulnerabilities detected by SonarQube or SonarCloud directly in the IDE.

Taint vulnerabilities are security vulnerabilities where an attacker-controlled data is passed unsanitized from an input source to a sensitive sink.
Although taint vulnerabilities are not detected by SonarLint in the local code (they are only detected by SonarQube or SonarCloud), developers are now able, thanks to SonarLint, to review the whole injection flow in the IDE from the source to the sink.

As for other code quality and security issues, our rule documentation will help understand what is wrong, and how you can get it fixed.

All you need is to update SonarLint, and make sure your project is bound to SonarCloud or SonarQube latest version.

This version also brings several updates and improvements, notably including:

  • New rules for regular expressions in Java
  • Java 15 support
  • Ruby 3.0.0 support
  • Python 3.9 support

Full release notes here and here


Which would be 8.6 (currently listed as “latest” on sonarqube website, as of 19 Feb) or 8.7 (now available for download from within SonarQube 8.6 admin screen)?

Hi @msymons ,
the taint vulnerabilities feature will work starting with SonarQube 8.6
P.S. SonarQube 8.7 will be soon available on

1 Like