SonarLint for IntelliJ 6.5 - XML analysis for all users, rules for insecure XML, PHP regexps


We’ve released a new version of SonarLint for IntelliJ-based IDEs that improves the stability and fixes a few bugs. This release also brings plenty of new functionality, here are a few highlights:

  • In addition to XXE (XML External Entity) vulnerability, which is already supported, the Java analyzer now detects additional kinds of unsecure XML processing
  • We added 9 new rules to help PHP developers reduce the complexity of their regular expressions
  • We improved the performance of Python analysis by using serialized Typeshed symbols.
  • All SonarLint for IntelliJ users now benefit of our XML analysis (this feature was previously only available in connected mode with SonarQube or SonarCloud). You can find the list of supported XML rules here.

Please also be aware of a couple of deprecation announcements:

  • We’ve dropped the support for IDE versions 2019.3 and older; we encourage all SonarLint users to upgrade to a recent ver sion of your IntelliJ IDE.
  • In this release, we deprecated Node.js 12 support for JavaScript, TypeScript, and CSS analyses. It will still be possible to run analyses on Node.js 12 until complete end of support which is planned for August 2022. In the meantime, users are highly encouraged to upgrade their setup to Node.js 16 LTS.

As usual, you can read more about the new version in our release notes (for 6.5 version and for 6.5.1 bugfix release).