Upgrade to latest version of SpotBugs
While preparing release-11.3 I tried to upgrade our version of SpotBugs (spotbugs-maven-plugin
in pom.xml
) from 4.1.4 to 4.7.2.1 (latest at that date).
However it triggered 794 new bugs... Here is the report spotbugs-errors-when-plugin-version-is-4.7.2.1.html.
Most of the new bugs are due to the fact that the Spotbug team extended the notion of EI_EXPOSE_REP
to mutable objects in version 4.3.0.
See the release notes : " MS_EXPOSE_REP and EI_EXPOSE_REP are now reported for code returning a reference to a mutable object indirectly (e.g. via a local variable)"
I don't know if we should correct those or exclude them, it will probably end up being a case-by-case decision.
Anyway, this will be a painful work, I think this should be done bit by bit by developers until we are ready to move to a newer version of SpotBugs.