Hello Java developers,
Our Java analyzer was upgraded to detect 9 additional security problems.
Security Vulnerability Detections:
- S5445: Insecure temporary file creation methods should not be used
- S2053: Hashes should include an unpredictable salt
- S5659: JWT should be signed and verified with strong cipher algorithms
Security Hotspot Detections:
- S5332: Using clear-text protocols is security-sensitive
- S5443: Using publicly writable directories is security-sensitive
- S5693: Allowing requests with excessive content length is security-sensitive
- S5247: Disabling auto-escaping in template engines is security-sensitive
- S4036: Searching OS commands in PATH is security-sensitive
- S5689: Disclosing fingerprints from web application technologies is security-sensitive
This is available now on SonarCloud and will come with SonarQube 8.8.
Alex