[pmd-devel] [ANNOUNCE] PMD 7.23.0 released
A source code analyzer
Brought to you by:
adangel,
juansotuyo
Menu
▾
▴
[pmd-devel] [ANNOUNCE] PMD 7.23.0 released
|
From: Andreas D. <and...@pm...> - 2026-03-27 11:34:21
|
* Downloads: https://github.com/pmd/pmd/releases/tag/pmd_releases%2F7.23.0 * Documentation: https://docs.pmd-code.org/pmd-doc-7.23.0/ 27-March-2026 - 7.23.0 The PMD team is pleased to announce PMD 7.23.0. This is a minor release. Table Of Contents * 🐛️ Fixed Issues <https://sourceforge.net/p/pmd/news/2026/03/pmd-7230-27-march-2026-released/#fixed-issues> * ✨️ Merged pull requests <https://sourceforge.net/p/pmd/news/2026/03/pmd-7230-27-march-2026-released/#merged-pull-requests> * 📦️ Dependency updates <https://sourceforge.net/p/pmd/news/2026/03/pmd-7230-27-march-2026-released/#dependency-updates> * 📈️ Stats <https://sourceforge.net/p/pmd/news/2026/03/pmd-7230-27-march-2026-released/#stats> 🐛️ Fixed Issues * core * #6503 <https://github.com/pmd/pmd/issues/6503>: [core] Links in HTML report are broken * java-errorprone * #6502 <https://github.com/pmd/pmd/issues/6502>: [java] CloseResource: False positive for allowedResourceMethodPatterns entries when using unqualified method calls * java-security * #6531 <https://github.com/pmd/pmd/issues/6531>: [java] InsecureCryptoIv: False negative with fixed IVs from array initializers ✨️ Merged pull requests * #6467 <https://github.com/pmd/pmd/pull/6467>: [ci] Use typos gh-action - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #6488 <https://github.com/pmd/pmd/pull/6488>: [doc] Update security.md for CVE-2026-28338 - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #6489 <https://github.com/pmd/pmd/pull/6489>: [doc] CPD: document --report-file parameter - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #6504 <https://github.com/pmd/pmd/pull/6504>: [core] Fix #6503: Don't escape externalInfoUrl in reports - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #6505 <https://github.com/pmd/pmd/pull/6505>: [java] Fix #6502: CloseResource should consider unqualified method calls - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #6545 <https://github.com/pmd/pmd/pull/6545>: [java] Fix #6531: False negative in InsecureCryptoIv with array initializers - Zbynek Konecny <https://github.com/zbynek> (@zbynek <https://sourceforge.net/u/zbynek/profile/>) 📦️ Dependency updates * #6476 <https://github.com/pmd/pmd/pull/6476>: Bump PMD from 7.21.0 to 7.22.0 * #6479 <https://github.com/pmd/pmd/pull/6479>: chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 * #6480 <https://github.com/pmd/pmd/pull/6480>: chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 * #6481 <https://github.com/pmd/pmd/pull/6481>: chore(deps): bump com.puppycrawl.tools:checkstyle from 13.2.0 to 13.3.0 * #6482 <https://github.com/pmd/pmd/pull/6482>: chore(deps): bump org.mockito:mockito-core from 5.21.0 to 5.22.0 * #6483 <https://github.com/pmd/pmd/pull/6483>: chore(deps-dev): bump net.bytebuddy:byte-buddy from 1.18.5 to 1.18.7 * #6484 <https://github.com/pmd/pmd/pull/6484>: chore(deps): bump org.yaml:snakeyaml from 2.5 to 2.6 * #6485 <https://github.com/pmd/pmd/pull/6485>: chore(deps): bump org.checkerframework:checker-qual from 3.53.1 to 3.54.0 * #6486 <https://github.com/pmd/pmd/pull/6486>: chore(deps-dev): bump net.bytebuddy:byte-buddy-agent from 1.18.5 to 1.18.7 * #6487 <https://github.com/pmd/pmd/pull/6487>: chore(deps): bump com.google.protobuf:protobuf-java from 4.33.5 to 4.34.0 * #6490 <https://github.com/pmd/pmd/pull/6490>: chore: Update gems, remove github-pages * #6498 <https://github.com/pmd/pmd/pull/6498>: chore(deps): bump ruby/setup-ruby from 1.288.0 to 1.290.0 * #6499 <https://github.com/pmd/pmd/pull/6499>: chore(deps-dev): bump commons-logging:commons-logging from 1.3.5 to 1.3.6 * #6500 <https://github.com/pmd/pmd/pull/6500>: chore(deps-dev): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 3.6.2 * #6501 <https://github.com/pmd/pmd/pull/6501>: chore(deps): bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0 * #6506 <https://github.com/pmd/pmd/pull/6506>: chore(deps): bump actions/create-github-app-token from 2.2.1 to 3.0.0 * #6507 <https://github.com/pmd/pmd/pull/6507>: chore(deps): bump actions/download-artifact from 8.0.0 to 8.0.1 * #6508 <https://github.com/pmd/pmd/pull/6508>: chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.4 to 3.0.2 * #6509 <https://github.com/pmd/pmd/pull/6509>: chore(deps): bump ruby/setup-ruby from 1.290.0 to 1.295.0 * #6511 <https://github.com/pmd/pmd/pull/6511>: chore(deps): bump org.mockito:mockito-core from 5.22.0 to 5.23.0 * #6514 <https://github.com/pmd/pmd/pull/6514>: chore: bump maven from 3.9.12 to 3.9.14 * #6516 <https://github.com/pmd/pmd/pull/6516>: chore: bump json from 2.19.0 to 2.19.2 * #6548 <https://github.com/pmd/pmd/pull/6548>: chore(deps): bump actions/cache from 5.0.3 to 5.0.4 * #6549 <https://github.com/pmd/pmd/pull/6549>: chore(deps): bump com.google.protobuf:protobuf-java from 4.34.0 to 4.34.1 * #6551 <https://github.com/pmd/pmd/pull/6551>: chore: use ruby4 📈️ Stats * 38 commits * 9 closed tickets & PRs * Days since last release: 27 |
