FindBugs is a key code quality tool for Java based projects.
It includes several dozens of bug patterns which are used by FindBugs to identify potential bugs and, more in general, weaknesses in our code.
FindBugs has a plugin architecture which can be used to extend the set of detectors (bug patterns) used during the analysis.
There are few open source projects which aim to develop FindBugs plugin.
My preferred one is Fb-Contrib which contains a significant amount of additional detectors. See here for the complete list. Most of them are really useful to detect poor code quality.
Another interesting plugin is Find Security Bugs ; the focus here is on security vulnerabilities (list here) like using unsecured random generator or not checking data received from the user.
L et’s have a look at versions dependencies:
Find Security Bugs
7 and 8
1.3 and above
5 and 6
All plugins are released in .jar format and they can be easily added to the FindBugs :
FindBugs stand-alone: place the jar in the plugins dir inside FindBugs installation dir
Eclipse FindBugs plugin: use the plugin options to specify the plugin path or place the jar file inside FindBugs plugins dir
NetBeans FindBugs integration: use Custom FindBugs Plugins button inside Editor → Hints → FindBugs page.
IntelliJ FindBugs plugin: add new plugin in the Plugin Configuration tab.
After adding new plugins, review the list of detectors enabled. New detectors are usually added but not enabled.
Oracle has released new Java 7 CPU (see meaning
here) release: 7u40.
Complete release notes can be found
here but let me mention two important news.
First is related to several improvements and bug fixes for the Mac OS X platform which include support for Retina displays. For more details, look
The second one is the inclusion of the JavaFX environment inside the JDK, together with long
list of bug fixes.
Java | Tagged cpu, critical path update, java, jdk, jre, oracle, osx, release, retina, security, version
Oracle has released new Java 7 CPU (see meaning here) release: 7u25.
The release contains, in addition to usual security bug fixes, several changes that are also targeted to improve security.
The complete list of changes is
here but let me remark the most important changes:
several changes on signed jar management including the check, before execution, that the certificate is valid (not revoked). The check can delay applet/application startup.
new attributes on JAR manifest file (permissions, to control jar execution authorizations, and codebase,to control who is using the JAR) has been introduced to let JAR author to better control JAR usage.
Other 40 bug fixes are documented