Releases: pmd/pmd
PMD 7.11.0 (28-February-2025)
28-February-2025 - 7.11.0
The PMD team is pleased to announce PMD 7.11.0.
This is a minor release.
Table Of Contents
- π New and noteworthy
- π Fixed Issues
- π¨ API Changes
- β¨ Merged pull requests
- π¦ Dependency updates
- π Stats
π New and noteworthy
β¨ New Rules
- The new Apex rule
that store database results in instance variables. This can cause serialization issues between successive batch
Signed Releases
We now not only sign the maven artifacts, but also our binary distribution files that you can
download from GitHub Releases.
See the page Signed Releases in our documentation for how to verify the files.
π Fixed Issues
- apex-errorprone
- #5305: [apex] New Rule: Avoid Stateful Database Results
- java
- java-bestpractices
- java-codestyle
- #4822: [java] UnnecessaryCast false-positive for raw types
- #5073: [java] UnnecessaryCast false-positive for cast in return position of lambda
- #5440: [java] UnnecessaryCast reported in stream chain map() call that casts to more generic interface
- #5523: [java] UnnecessaryCast false-positive for integer operations in floating-point context
- #5541: [java] Fix IdenticalCatchBranch reporting branches that call different overloads
- java-design
- #5018: [java] FinalFieldCouldBeStatic false-positive for access of super class field
- plsql
- #5522: [plsql] Parse error for operator in TRIM function call
π¨ API Changes
- java
- The method
is deprecated for removal.
instead which
is more flexible.
- The method
β¨ Merged pull requests
- #5425: [apex] New Rule: Avoid Stateful Database Results - Mitch Spano (@mitchspano)
- #5491: [docs] Call render_release_notes.rb within docs - Andreas Dangel (@adangel)
- #5492: [docs] Add security page with known vulnerabilities - Andreas Dangel (@adangel)
- #5503: [java] AvoidSynchronizedAtMethodLevel: Fixed error in code example - Balazs Glatz (@gbq6)
- #5507: Fix #5486: [java] Fix UnusedPrivateMethod - always search decls in current AST - Andreas Dangel (@adangel)
- #5508: Fix #3359: [java] UnusedPrivateMethod: Ignore lombok.EqualsAndHashCode.Include - Andreas Dangel (@adangel)
- #5510: [ci] Add signed releases - Andreas Dangel (@adangel)
- #5524: [ci] New optimized workflow for pull requests - Andreas Dangel (@adangel)
- #5526: Fix #5523: [java] UnnecessaryCast FP with integer division - ClΓ©ment Fournier (@oowekyala)
- #5527: Fix #5522: [plsql] Allow arbitrary expressions for TRIM - Andreas Dangel (@adangel)
- #5528: Fix #5442: [java] Fix stackoverflow with recursive generic types - ClΓ©ment Fournier (@oowekyala)
- #5529: Fix #5493: [java] IllegalArgumentException with wildcard bound - ClΓ©ment Fournier (@oowekyala)
- #5530: Fix #5073: [java] UnnecessaryCast FP with lambdas - ClΓ©ment Fournier (@oowekyala)
- #5537: Fix #5504: [java] UnusedAssignment FP with continue in foreach loop - ClΓ©ment Fournier (@oowekyala)
- #5538: Add project icon for IntelliJ IDEA - Vincent Potucek (@pankratz227)
- #5539: [plsql] Add OracleDBUtils as regression testing project - Andreas Dangel (@adangel)
- #5541: [java] Fix IdenticalCatchBranch reporting branches that call different overloads - ClΓ©ment Fournier (@oowekyala)
- #5542: Add GitHub issue links in IDEA git log - Andreas Dangel (@adangel)
- #5544: [javacc] Move grammar files into src/main/javacc - Andreas Dangel (@adangel)
- #5551: [doc] Update contributors for 7.11.0 - Andreas Dangel (@adangel)
- #5552: Fix #4822: [java] UnnecessaryCast FP with unchecked cast - ClΓ©ment Fournier (@oowekyala)
- #5553: Fix #5018: [java] FinalFieldCouldBeStatic FP with super field access - ClΓ©ment Fournier (@oowekyala)
π¦ Dependency updates
- #5490: Bump PMD from 7.9.0 to 7.10.0
- #5494: Bump liquid from 5.7.1 to 5.7.2 in the all-gems group across 1 directory
- #5497: Bump net.bytebuddy:byte-buddy-agent from 1.16.1 to 1.17.0
- #5498: Bump org.assertj:assertj-core from 3.25.3 to 3.27.3
- #5499: Bump org.mockito:mockito-core from 5.14.2 to 5.15.2
- #5500: Bump org.junit:junit-bom from 5.11.2 to 5.11.4
- #5501: Bump org.scala-lang:scala-reflect from 2.13.15 to 2.13.16
- #5516: Bump org.jetbrains:annotations from 26.0.1 to 26.0.2
- #5517: Bump net.bytebuddy:byte-buddy from 1.15.11 to 1.17.0
- #5518: Bump org.junit.platform:junit-platform-suite from 1.11.3 to 1.11.4
- #5519: Bump org.checkerframework:checker-qual from 3.48.3 to 3.49.0
- #5520: Bump from 33.0.0-jre to 33.4.0-jre
- #5532: Bump net.bytebuddy:byte-buddy-agent from 1.17.0 to 1.17.1
- #5533: Bump log4j.version from 2.24.2 to 2.24.3
- #5534: Bump from 2.11.0 to 2.12.1
- #5535: Bump scalameta.version from 4.12.7 to
- #5536: Bump org.apache.groovy:groovy from 4.0.24 to 4.0.25
- #5545: Bump commons-logging:commons-logging from 1.3.4 to 1.3.5
- #5546: Bump scalameta.version from to 4.13.2
- #5547: Bump net.bytebuddy:byte-buddy from 1.17.0 to 1.17.1
- #5548: Bump from 10.21.2 to 10.21.3
- #5549: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.13.0 to 3.14.0
π Stats
- 97 commits
- 35 closed tickets & PRs
PMD 7.10.0 (31-January-2025)
31-January-2025 - 7.10.0
The PMD team is pleased to announce PMD 7.10.0.
This is a minor release.
Table Of Contents
- π New and noteworthy
- π New and changed rules
- π Fixed Issues
- π¨ API Changes
- β¨ Merged pull requests
- π¦ Dependency updates
- π Stats
π New and noteworthy
π New: Java 24 Support
This release of PMD brings support for Java 24. There are no new standard language features,
but a couple of preview language features:
- JEP 488: Primitive Types in Patterns, instanceof, and switch (Second Preview)
- JEP 492: Flexible Constructor Bodies (Third Preview)
- JEP 494: Module Import Declarations (Second Preview)
- JEP 495: Simple Source Files and Instance Main Methods (Fourth Preview)
In order to analyze a project with PMD that uses these preview language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 24-preview
export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-24-preview ...
Note: Support for Java 22 preview language features have been removed. The version "22-preview"
is no longer available.
New GPG Release Signing Key
Since January 2025, we switched the GPG Key we use for signing releases in Maven Central to be
The full fingerprint is 2EFA 55D0 785C 31F9 56F2 F87E A0B5 CA1A 4E08 6838
This step was necessary, as the passphrase of the old key has been compromised and therefore the key is not
safe to use anymore. While the key itself is not compromised as far as we know, we still decided to generate a
new key, just to be safe. As until now (January 2025) we are not aware, that the key actually has been misused.
The previous releases of PMD in Maven Central can still be considered untampered, as Maven Central is read-only.
This unexpected issue was discovered while checking Reproducible Builds by a
third party.
The security advisory about the compromised passphrase is tracked as
and CVE-2025-23215.
Updated PMD Designer
This PMD release ships a new version of the pmd-designer.
For the changes, see PMD Designer Changelog (7.10.0).
π New and changed rules
New Rules
- The new Java rule
finds switch statements and
expressions, that cover already all cases but still have a default case. This default case is unnecessary
and prevents getting compiler errors when e.g. new enum constants are added without extending the switch.
π Fixed Issues
- apex
- apex-security
- #3158: [apex] ApexSuggestUsingNamedCred false positive with Named Credential merge fields
- documentation
- #2492: [doc] Promote wiki pages to standard doc pages
- java
- #5154: [java] Support Java 24
- java-performance
- #5311: [java] TooFewBranchesForSwitch false positive for exhaustive switches over enums without default case
π¨ API Changes
Removed Experimental API
- pmd-java
: These nodes were introduced with Java 21 and 22
Preview to support String Templates. However, the String Template preview feature was not finalized
and has been removed from Java for now. We now cleaned up the PMD implementation of it.
β¨ Merged pull requests
- #5327: [apex] Update apex-parser and summit-ast - Andreas Dangel (@adangel)
- #5412: [java] Support exhaustive switches - Andreas Dangel (@adangel)
- #5449: Use new gpg key (A0B5CA1A4E086838) - Andreas Dangel (@adangel)
- #5458: [doc] Move Wiki pages into main documentation, cleanups - Andreas Dangel (@adangel)
- #5471: [java] Support Java 24 - Andreas Dangel (@adangel)
- #5488: [apex] Fix #3158: Recognize Named Credentials merge fields in ApexSuggestUsingNamedCredRule - William Brockhus (@YodaDaCoda)
π¦ Dependency updates
- #5423: Bump PMD from 7.8.0 to 7.9.0
- #5433: Bump org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.5.0
- #5434: Bump commons-logging:commons-logging from 1.3.0 to 1.3.4
- #5435: Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0
- #5436: Bump the all-gems group across 2 directories with 1 update
- #5445: Bump org.junit.platform:junit-platform-commons from 1.11.2 to 1.11.4
- #5446: Bump org.sonarsource.scanner.maven:sonar-maven-plugin from to
- #5459: Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.7
- #5460: Bump org.apache.commons:commons-text from 1.12.0 to 1.13.0
- #5461: Bump from 4.29.1 to 4.29.3
- #5472: Bump net.bytebuddy:byte-buddy-agent from 1.15.11 to 1.16.1
- #5473: Bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0
- #5474: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.0 to 0.23.1
- #5475: Bump liquid from 5.6.0 to 5.7.0 in the all-gems group across 1 directory
- #5479: Bump pmd-designer from 7.2.0 to 7.10.0
- #5480: Bump scalameta.version from 4.9.1 to 4.12.7
- #5481: Bump liquid from 5.7.0 to 5.7.1 in the all-gems group across 1 directory
- #5482: Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0
- #5483: Bump org.jetbrains.dokka:dokka-maven-plugin from 1.9.20 to 2.0.0
- #5484: Bump com.github.hazendaz.maven:coveralls-maven-plugin from 4.5.0-M5 to 4.5.0-M6
- #5485: Bump from 10.20.2 to 10.21.2
π Stats
- 70 commits
- 13 closed tickets & PRs
- Days since last release: 34
PMD 7.9.0 (27-December-2024)
27-December-2024 - 7.9.0
The PMD team is pleased to announce PMD 7.9.0.
This is a minor release.
Table Of Contents
- π New and noteworthy
- π Fixed Issues
- π¨ API Changes
- β¨ Merged pull requests
- π¦ Dependency updates
- π Stats
π New and noteworthy
New: CPD support for Rust
CPD now supports Rust, a blazingly fast and memory-efficient programming language.
It is shipped in the new module pmd-rust
π Fixed Issues
- cli
- java
- #5096: [java] StackOverflowError with recursively bound type variable
- java-bestpractices
- #4861: [java] UnusedPrivateMethod - false positive with static methods in core JDK classes
- java-documentation
- #2996: [java] CommentSize rule violation is not suppressed at method level
π¨ API Changes
Experimental API
- pmd-core:
β¨ Merged pull requests
- #4939: [java] Fix #2996 - CommentSize/CommentContent suppression - ClΓ©ment Fournier (@oowekyala)
- #5376: [java] Fix #4861 - UnusedPrivateMethod FP in JDK classes - ClΓ©ment Fournier (@oowekyala)
- #5387: [java] Fix #5096 - StackOverflowError with recursively bounded tvar - ClΓ©ment Fournier (@oowekyala)
- #5400: Fix #5399: [cli] pmd.bat: Quote all variables when using SET - Andreas Dangel (@adangel)
- #5402: Fix #5401: [cli] pmd.bat: set codepage to 65001 (UTF-8) - Andreas Dangel (@adangel)
- #5404: [doc] Update tools / integrations / ide plugins / news pages - Andreas Dangel (@adangel)
- #5414: Add Rust CPD - Julia Paluch (@juliapaluch)
π¦ Dependency updates
- #5375: Bump pmd from 7.7.0 to 7.8.0
- #5377: Bump from 10.20.1 to 10.20.2
- #5378: Bump net.bytebuddy:byte-buddy from 1.14.12 to 1.15.10
- #5379: Bump io.github.git-commit-id:git-commit-id-maven-plugin from 7.0.0 to 9.0.1
- #5380: Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.2 to 3.6.0
- #5384: Bump org.apache.groovy:groovy from 4.0.19 to 4.0.24
- #5390: Bump from 4.28.2 to 4.29.1
- #5391: Bump org.hamcrest:hamcrest from 2.2 to 3.0
- #5392: Bump org.codehaus.mojo:build-helper-maven-plugin from 3.5.0 to 3.6.0
- #5393: Bump org.jsoup:jsoup from 1.17.2 to 1.18.3
- #5394: Bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.2
- #5395: Bump webrick from 1.9.0 to 1.9.1 in /docs in the all-gems group across 1 directory
- #5405: Bump org.yaml:snakeyaml from 2.2 to 2.3
- #5406: Bump io.github.apex-dev-tools:apex-ls_2.13 from 5.5.0 to 5.7.0
- #5407: Bump net.bytebuddy:byte-buddy-agent from 1.14.19 to 1.15.11
- #5409: Bump net.bytebuddy:byte-buddy from 1.15.10 to 1.15.11
- #5410: Bump org.apache.maven.plugins:maven-javadoc-plugin from 3.6.3 to 3.11.2
- #5411: Bump csv from 3.3.0 to 3.3.1 in /docs in the all-gems group across 1 directory
- #5417: Bump org.cyclonedx:cyclonedx-maven-plugin from 2.7.11 to 2.9.1
- #5418: Bump org.checkerframework:checker-qual from 3.48.1 to 3.48.3
- #5419: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.5.0 to 3.6.0
- #5422: Bump the all-gems group across 2 directories with 2 updates
π Stats
- 69 commits
- 12 closed tickets & PRs
- Days since last release: 28
PMD 7.8.0 (29-November-2024)
29-November-2024 - 7.8.0
The PMD team is pleased to announce PMD 7.8.0.
This is a minor release.
Table Of Contents
- π New and noteworthy
- π New and changed rules
- π Fixed Issues
- π¨ API Changes
- β¨ Merged pull requests
- π¦ Dependency updates
- π Stats
π New and noteworthy
π New and changed rules
New Rules
- The new Apex rule
detects when the Queueable interface
is used but a Finalizer is not attached. Without attaching a Finalizer, there is no way of designing error
recovery actions should the Queueable action fail.
π Fixed Issues
- ant
- #1860: [ant] Reflective access warnings on java > 9 and java < 17
- apex
- html
- #5322: [html] CPD throws exception on when HTML file is missing closing tag
- java
- #5283: [java] AssertionError "this should be unreachable" with scala library
- #5293: [java] Deadlock when executing PMD in multiple threads
- #5324: [java] Issue with type inference of nested lambdas
- #5329: [java] Type inference issue with unknown method ref in call chain
- #5338: [java] Unresolved target type for lambdas make overload resolution fail
- java-bestpractices
- #4113: [java] JUnitTestsShouldIncludeAssert - false positive with SoftAssertionsExtension
- #5083: [java] UnusedPrivateMethod false positive when method reference has no target type
- #5097: [java] UnusedPrivateMethod FP with raw type missing from the classpath
- #5318: [java] PreserveStackTraceRule: false-positive on Pattern Matching with instanceof
- java-codestyle
- java-design
- #4763: [java] SimplifyBooleanReturns - wrong suggested solution
- java-errorprone
- #5070: [java] ConfusingArgumentToVarargsMethod FP when types are unresolved
- java-performance
π¨ API Changes
- pmd-coco
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.CocoBaseVisitor
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.CocoListener
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.CocoParser
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.CocoVisitor
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.
- pmd-gherkin
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.GherkinBaseVisitor
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.GherkinListener
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.GherkinParser
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.GherkinVisitor
is deprecated for removal. This class was never intended
to be generated. It will be removed with no replacement.
- pmd-julia
is deprecated for removal. This class was never intended to
be generated. It will be removed with no replacement.JuliaBaseVisitor
is deprecated for removal. This class was never intended to
be generated. It will be removed with no replacement.JuliaListener
is deprecated for removal. This class was never intended to
be generated. It will be removed with no replacement.JuliaParser
is deprecated for removal. This class was never intended to
be generated. It will be removed with no replacement.JuliaVisitor
is deprecated for removal. This class was never intended to
be generated. It will be removed with no replacement.
- pmd-kotlin
is deprecated for removal. This class was never intended to
be generated. It will be removed with no replacement.
- pmd-xml
is deprecated for removal. Usenet.sourceforge.pmd.lang.xml.ast.XMLLexer
instead (note different packageast
instead ofantlr4
β¨ Merged pull requests
- #5240: Release notes improvements - Andreas Dangel (@adangel)
- #5284: [apex] Use case-insensitive input stream to avoid choking on Unicode escape sequences - Willem A. Hajenius (@wahajenius)
- #5286: [ant] Formatter: avoid reflective access to determine console encoding - Andreas Dangel (@adangel)
- #5289: [java] TooFewBranchesForSwitch - allow list of case constants - Andreas Dangel (@adangel)
- #5296: [xml] Have pmd-xml Lexer in line with other antlr grammars - Juan MartΓn Sotuyo Dodero (@jsotuyod)
- #5300: Add rule test cases for issues fixed with PMD 7.0.0 - Andreas Dangel (@adangel)
- #5303: [apex] New Rule: Queueable Should Attach Finalizer - Mitch Spano (@mitchspano)
- #5309: [java] Fix #5293: ...
PMD 7.7.0 (25-October-2024)
25-October-2024 - 7.7.0
The PMD team is pleased to announce PMD 7.7.0.
This is a minor release.
Table Of Contents
- π New and noteworthy
- π Rule Changes
- π Fixed Issues
- π¨ API Changes
- β¨ Merged pull requests
- π¦ Dependency updates
- π Stats
π New and noteworthy
CPD can now ignore literals and identifiers in C++ code
When searching for duplicated code in C++ differences in literals or identifiers can be
ignored now (like in Java). This can be enabled via the command line options --ignore-literal
and --ignore-identifiers
See PR #5040 for details.
π Rule Changes
Changed Rules
(Java Best Practices) doesn't report empty switch statements anymore.
To detect these, useEmptyControlStatement
(Java Best Practices) now also considers JUnit 5 and TestNG tests.UnitTestShouldUseBeforeAnnotation
(Java Best Practices) now also considers JUnit 5 and TestNG tests.TooFewBranchesForSwitch
(Java Performance) doesn't report empty switches anymore.
To detect these, useEmptyControlStatement
Renamed Rules
- Several rules for unit testing have been renamed to better reflect their actual scope. Lots of them were called
after JUnit / JUnit 4, even when they applied to JUnit 5 and / or TestNG.UnitTestAssertionsShouldIncludeMessage
(Java Best Practices) has been renamed fromJUnitAssertionsShouldIncludeMessage
(Java Best Practices) has been renamed fromJUnitTestContainsTooManyAsserts
(Java Best Practices) has been renamed fromJUnitTestsShouldIncludeAssert
(Java Best Practices) has been renamed fromJUnit4TestShouldUseAfterAnnotation
(Java Best Practices) has been renamed fromJUnit4TestShouldUseBeforeAnnotation
(Java Best Practices) has been renamed fromJUnit4TestShouldUseTestAnnotation
- Several rules about switch statements and switch expression have been renamed, as they apply both to Switch Statements
and to Switch Expressions:DefaultLabelNotLastInSwitch
(Java Best Practices) has been renamed fromDefaultLabelNotLastInSwitchStmt
(Java Error Prone) has been renamed fromNonCaseLabelInSwitchStatement
(Java Performance) has been renamed fromTooFewBranchesForASwitchStatement
(Java Best Practices) has been renamed fromSwitchStmtsShouldHaveDefault
The old rule names still work but are deprecated.
π Fixed Issues
- apex-performance
- #5270: [apex] AvoidNonRestrictiveQueries when LIMIT is followed by bind expression
- java
- java-bestpractices
- java-codestyle
- #5253: [java] BooleanGetMethodName: False-negatives with
- #5253: [java] BooleanGetMethodName: False-negatives with
- java-design
- #5030: [java] SwitchDensity false positive with pattern matching
- java-errorprone
- java-performance
π¨ API Changes
- java-bestpractices
- The old rule name
has been deprecated. Use the new nameUnitTestShouldUseAfterAnnotation
instead. - The old rule name
has been deprecated. Use the new nameUnitTestShouldUseBeforeAnnotation
instead. - The old rule name
has been deprecated. Use the new nameUnitTestShouldUseTestAnnotation
instead. - The old rule name
has been deprecated. Use the new nameUnitTestAssertionsShouldIncludeMessage
instead. - The old rule name
has been deprecated. Use the new nameUnitTestContainsTooManyAsserts
instead. - The old rule name
has been deprecated. Use the new nameUnitTestShouldIncludeAssert
instead. - The old rule name
has been deprecated. Use the new nameDefaultLabelNotLastInSwitch
instead. - The old rule name
has been deprecated. USe the new nameNonExhaustiveSwitch
- The old rule name
- java-errorprone
- The old rule name
has been deprecated. Use the new nameNonCaseLabelInSwitch
- The old rule name
- java-performance
- The old rule name
has been deprecated. Use the new nameTooFewBranchesForSwitch
- The old rule name
β¨ Merged pull requests
- #4965: Fix #4532: [java] Rename JUnit rules with overly restrictive names - Juan MartΓn Sotuyo Dodero (@jsotuyod)
- #5040: [cpp] Ignore literals and ignore identifiers capability to C++ CPD - Jakub Dupak (@jdupak)
- #5225: Fix #5067: [java] CloseResource: False positive for FileSystems.getDefault() - Lukas GrΓ€f (@lukasgraef)
- #5241: Ignore javacc code in coverage report - Juan MartΓn Sotuyo Dodero (@jsotuyod)
- #5245: [java] Improve UnitTestShouldUse{After,Before}Annotation rules to support JUnit5 and TestNG - Andreas Dangel (@adangel)
- #5247: Fix #5030: [java] Switch...
PMD 7.6.0 (27-September-2024)
27-September-2024 - 7.6.0
The PMD team is pleased to announce PMD 7.6.0.
This is a minor release.
Table Of Contents
- π New and noteworthy
- π Fixed Issues
- π¨ API Changes
- β¨ Merged pull requests
- π¦ Dependency updates
- π Stats
π New and noteworthy
New Git default branch - "main"
We are joining the Git community and updating "master" to "main". Using the term "master" for the main
development branch can be offensive to some people. Existing versions of Git have been always capable of
working with any branch name and since 2.28.0 (July 2020) the default initial branch is configurable
). Since October 2020, the default branch for new repositories on GitHub
is "main". Finally, PMD will also use this new name for the main branch in all our own repositories.
Why "main"? PMD uses a very simple branching model - pull requests with feature branches and one main development
branch, from which releases are created. That's why "main" is currently the best fitting name.
More information:
What changes?
We change the default branch on GitHub, so that pull requests are automatically created against
now on. -
If you have already a local clone of PMD's repository, you'll need to rename the old master branch locally:
git branch --move master main git fetch origin git branch --set-upstream-to=origin/main main git remote set-head origin --auto
More info: and -
If you created a fork on GitHub, you'll need to change the default branch in your fork to
well (Settings > Default Branch). -
Some time after this release, we'll delete the old master branch on GitHub. Then only
can be used. -
This change is expanded to the other PMD repositories as well, e.g. pmd-designer and pmd-regression-tester.
π Fixed Issues
- apex
- #5138: [apex] Various false-negatives since 7.3.0 when using triggers
(ApexCRUDViolation, CognitiveComplexity, OperationWithLimitsInLoop) - #5163: [apex] Parser error when using toLabel in SOSL query
- #5182: [apex] Parser error when using GROUPING in a SOQL query
- #5218: [apex] Parser error when using nested subqueries in SOQL
- #5228: [apex] Parser error when using convertCurrency() in SOQL
- #5138: [apex] Various false-negatives since 7.3.0 when using triggers
- core
- #5059: [core] xml output doesn't escape CDATA inside its own CDATA
- #5201: [core] PMD sarif schema file points to nonexistent location
- #5222: [core] RuleReference/RuleSetWriter don't handle changed default property values correctly
- #5229: [doc] CLI flag
needs to mention xml, html, summaryhtml
- java
- #5190: [java] NPE in type inference
- java-codestyle
- #5046: [java] LocalVariableCouldBeFinal false positive with try/catch
- java-errorprone
π¨ API Changes
No changes.
β¨ Merged pull requests
- #5186: [java] Cleanup things about implicit classes - ClΓ©ment Fournier (@oowekyala)
- #5188: [apex] Use new apex-parser 4.2.0 - Andreas Dangel (@adangel)
- #5191: [java] Fix #5046 - FPs in LocalVariableCouldBeFinal - ClΓ©ment Fournier (@oowekyala)
- #5192: [java] Fix #5190 - NPE in type inference caused by null type - ClΓ©ment Fournier (@oowekyala)
- #5195: [apex] Fix various FNs when using triggers - Andreas Dangel (@adangel)
- #5202: [core] Sarif format: refer to - David Schach (@dschach)
- #5208: [doc] Added Codety to "Tools / Integrations" - Tony (@random1223)
- #5210: [core] Fix PMD's XMLRenderer to escape CDATA - Andreas Dangel (@adangel)
- #5211: Change branch master to main - Andreas Dangel (@adangel)
- #5212: [java] Adjust signature matching in CheckSkipResultRule - Juan MartΓn Sotuyo Dodero (@jsotuyod)
- #5223: [core] Fix RuleReference / RuleSetWriter handling of properties - Andreas Dangel (@adangel)
- #5224: [java] Fix #5068: Class incorrectly identified as non-instantiatable - Lukas GrΓ€f (@lukasgraef)
- #5230: [doc] Documentation update for --show-suppressed flag - David Schach (@dschach)
- #5237: [apex] Support convertCurrency() in SOQL/SOSL - Andreas Dangel (@adangel)
π¦ Dependency updates
- #5185: Bump checkstyle from 10.14.0 to 10.18.1
- #5187: Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.3
- #5199: Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.3
- #5216: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.20.0 to 0.23.0
- #5226: Bump rouge from 4.3.0 to 4.4.0 in the all-gems group across 1 directory
- #5227: Bump from 2.10.1 to 2.11.0
- #5232: Bump from 3.25.3 to 3.25.5
- #5233: Bump webrick from 1.8.1 to 1.8.2 in /docs
π Stats
- 60 commits
- 27 closed tickets & PRs
- Days since last release: 27
PMD 7.5.0 (30-August-2024)
30-August-2024 - 7.5.0
The PMD team is pleased to announce PMD 7.5.0.
This is a minor release.
Table Of Contents
- π New: Java 23 Support
- π New Rules
- π Fixed Issues
- π¨ API Changes
- β¨ External Contributions
- π¦ Dependency updates
- π Stats
π New: Java 23 Support
This release of PMD brings support for Java 23. There are no new standard language features,
but a couple of preview language features:
- JEP 455: Primitive Types in Patterns, instanceof, and switch (Preview)
- JEP 476: Module Import Declarations (Preview)
- JEP 477: Implicitly Declared Classes and Instance Main Methods (Third Preview)
- JEP 482: Flexible Constructor Bodies (Second Preview)
Note that String Templates (introduced as preview in Java 21 and 22) are not supported anymore in Java 23,
see JDK-8329949 for details.
In order to analyze a project with PMD that uses these preview language features,
you'll need to enable it via the environment variable PMD_JAVA_OPTS
and select the new language
version 23-preview
export PMD_JAVA_OPTS=--enable-preview
pmd check --use-version java-23-preview ...
Note: Support for Java 21 preview language features have been removed. The version "21-preview"
are no longer available.
π New Rules
- The new Java rule
finds synchronization blocks that
could cause performance issues with virtual threads due to pinning. - The new JavaScript rule
finds any function calls
on the Console API (e.g.console.log
). Using these in production code might negatively impact performance.
π Fixed Issues
- apex-performance
- #5139: [apex] OperationWithHighCostInLoop: false negative for triggers
- java
- java-bestpractices
- #3602: [java] GuardLogStatement: False positive when compile-time constant is created from external constants
- #4731: [java] GuardLogStatement: Documentation is unclear why getters are flagged
- #5145: [java] UnusedPrivateMethod: False positive with method calls inside lambda
- #5151: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is a constant from another class
- #5152: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is "this"
- #5153: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is an array element
- java-design
- java-multithreading
- #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement
- javascript-performance
- #5105: [javascript] Prohibit any console methods
- plsql
- #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names)
- plsql-bestpractices
- #5132: [plsql] TomKytesDespair: XPathException for more complex exception handler
π¨ API Changes
- pmd-jsp
is deprecated now. It should have been package-private
because this is an implementation class that should not be used directly.
- pmd-plsql
is deprecated. This production is
not used anymore and will be removed. Note: The whole parser implementation class has been deprecated since 7.3.0,
as it is supposed to be internalized.
- pmd-velocity
is deprecated now. It should have been package-private
because this is an implementation class that should not be used directly.
- pmd-visualforce
is deprecated now. It should have been package-private
because this is an implementation class that should not be used directly.
- pmd-java
β¨ External Contributions
- #5125: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names) - Arjen Duursma (@duursma)
- #5175: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement - Chas Honton (@chonton)
π¦ Dependency updates
- #5100: Enable Dependabot
- #5141: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0
- #5142: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0
- #5144: Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1
- #5148: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0
- #5149: Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M13 to 4.0.0-M16
- #5160: Bump org.pcollections:pcollections from 3.2.0 to 4.0.2
- #5161: Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory
- #5164: Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1
- #5165: Bump the all-gems group across 1 directory with 2 updates
- #5171: Bump net.bytebuddy:byte-buddy-agent from 1.14.12 to 1.14.19
- #5180: Bump net.sf.saxon:Saxon-HE from 12.4 to 12.5
π Stats
- 87 commits
- 25 closed tickets & PRs
- Days since last release: 35
PMD 7.4.0 (26-July-2024)
26-July-2024 - 7.4.0
The PMD team is pleased to announce PMD 7.4.0.
This is a minor release.
Table Of Contents
π New and changed rules
New Rules
- The new Apex rule
finds SOQL and SOSL queries without a where
or limit statement. This can quickly cause governor limit exceptions.
Changed rules
(Apex Codestyle): Two new properties to configure different patterns
for inner classes and interfaces:innerClassPattern
Renamed rules
(JavaScript Error Prone) has been renamed fromInnaccurateNumericLiteral
The old rule name still works but is deprecated.
π Fixed Issues
- apex
- #5094: [apex] "No adapter exists for type" error message printed to stdout instead of stderr
- apex-bestpractices
- #5095: [apex] ApexUnitTestShouldNotUseSeeAllDataTrue false negative due to casing (regression in PMD 7)
- apex-codestyle
- #4800: [apex] ClassNamingConvention: Support naming convention for inner classes
- apex-performance
- #635: [apex] New Rule: Avoid soql/sosl queries without a where clause or limit statement
- java-bestpractices
- java-errorprone
- #1488: [java] MissingStaticMethodInNonInstantiatableClass: False positive with Lombok Builder on Constructor
- javascript-errorprone
- plsql
- #5086: [plsql] Fixed issue with missing optional table alias in MERGE usage
- #5087: [plsql] Add support for SQL_MACRO
- #5088: [plsql] Add support for 'DEFAULT' clause on the arguments of some oracle functions
- #5133: [plsql] AssertionError: Root of the tree should implement RootNode for a PL/SQL type declaration
- cli
- #5120: [cli] Can't start designer under Windows
- core
- #5091: [core] PMD CPD v7.3.0 gives deprecation warning for skipLexicalErrors even when not used
π¨ API Changes
- javascript
- The old rule name
has been deprecated. Use the new name
- The old rule name
β¨ External Contributions
- #5048: [apex] Added Inner Classes to Apex Class Naming Conventions Rule - Justin Stroud (@justinstroudbah / @sgnl-labs)
- #5086: [plsql] Fixed issue with missing optional table alias in MERGE usage - Arjen Duursma (@duursma)
- #5087: [plsql] Add support for SQL_MACRO - Arjen Duursma (@duursma)
- #5088: [plsql] Add support for 'DEFAULT' clause on the arguments of some oracle functions - Arjen Duursma (@duursma)
- #5107: [doc] Update - Typo fixed for maven target - karthikaiyasamy (@karthikaiyasamy)
- #5109: [java] Exclude constructor with lombok.Builder for MissingStaticMethodInNonInstantiatableClass - Krzysztof Debski (@kdebski85)
- #5111: [java] Fix UnusedPrivateMethod for @lombok.Builder.ObtainVia - Krzysztof Debski (@kdebski85)
- #5118: [java] FP for UnusedPrivateMethod with Jakarta @PostConstruct/PreDestroy annotations - Krzysztof Debski (@kdebski85)
- #5121: [plsql] Fixed issue with missing optional table alias in MERGE usage - Arjen Duursma (@duursma)
π Stats
- 81 commits
- 32 closed tickets & PRs
- Days since last release: 27
PMD 7.3.0 (28-June-2024)
28-June-2024 - 7.3.0
The PMD team is pleased to announce PMD 7.3.0.
This is a minor release.
Table Of Contents
π New and noteworthy
β¨ New Rules
- The new Java rule
reports usages forHashSet
when the keys are of an enum type. The specialized enum collections are more space- and time-efficient.
π₯ pmd-compat6 removed (breaking)
The already deprecated PMD 6 compatibility module (pmd-compat6) has been removed. It was intended to be used with
older versions of the maven-pmd-plugin, but since maven-pmd-plugin 3.22.0, PMD 7 is supported directly and this
module is not needed anymore.
If you currently use this dependency (net.sourceforge.pmd:pmd-compat6
), remove it and upgrade maven-pmd-plugin
to the latest version (3.23.0 or newer).
See also Maven PMD Plugin.
π Fixed Issues
- cli
- #2827: [cli] Consider processing errors in exit status
- core
- apex
- apex-bestpractices
- #5000: [apex] UnusedLocalVariable FP with binds in SOSL / SOQL
- java
- java-bestpractices
- plsql
π¨ API Changes
CPD Report Format XML
There are some important changes:
- The XML format will now use an XSD schema, that is available at
This schema defines the valid elements and attributes that one can expect from a CPD report. - The root element
contains the new attributespmdVersion
. The latter is
the schema version and is currently "1.0.0". - The CPD XML report will now also contain recoverable errors as additional
See Report formats for CPD for an example.
The XML format should be compatible as only attributes and elements have been added. However, if you parse
the document with a namespace aware parser, you might encounter some issues like no elements being found.
In case the new format doesn't work for you (e.g. namespaces, unexpected error elements), you can
go back using the old format with the renderer "xmlold" (XMLOldRenderer
). Note, that
this old renderer is deprecated and only there for compatibility reasons. Whatever tooling is used to
read the XML format should be updated.
New exit code 5 introduced. PMD and CPD will exit now by default with exit code 5, if any recoverable error
(e.g. parsing exception, lexing exception or rule exception) occurred. PMD will still create a report with
all detected violations or duplications if recoverable errors occurred. Such errors mean, that the report
might be incomplete, as either violations or duplications for an entire file or for a specific rule are missing.
These cases can be considered as false-negatives.In any case, the root cause should be investigated. If it's a problem in PMD itself, please create a bug report.
New CLI parameter
to ignore such errors and not exit with code 5. By default,
a build with errors will now fail and with that parameter, the previous behavior can be restored.
This parameter is available for both PMD and CPD. -
The CLI parameter
is deprecated. By default, lexical errors are skipped but the
build is failed. Use the new parameter--[no-]fail-on-error
instead to control whether to fail the build or not.
- CPDTask has a new parameter
. It controls, whether to fail the build if any recoverable error occurred.
By default, the build will fail. CPD will still create a report with all detected duplications, but the report might
be incomplete. - The parameter
in CPDTask is deprecated and ignored. Lexical errors are now always skipped.
Use the new parameterfailOnError
instead to control whether to fail the build or not.
Deprecated API
- pmd-ant
: UsesetFailOnError
instead to control, whether to ignore errors or fail the build.
- pmd-core
to control whether to ignore errors or fail the
(the CPD format "xmlold").- The constructor
shouldn't be used directly. UseAntlrTokenManager
- pmd-java
and the corresponding attribute@StableName
This method was added here by mistake. Record
patterns don't declare a pattern variable for the whole pattern, but rather for individual record
components, which can be accessed viagetComponentPatterns
- pmd-plsql
is deprecated now. It should have been package-private
because this is an implementation class that should not be used directly.- The node
is deprecated and is now removed from the AST.
Breaking changes: pmd-compat6 removed
The already deprecated PMD 6 compatibility module (pmd-compat6) has been removed.
See above for details.
π Stats
- 88 commits
- 32 closed tickets & PRs
- Days since last release: 27
PMD 7.2.0 (31-May-2024)
31-May-2024 - 7.2.0
The PMD team is pleased to announce PMD 7.2.0.
This is a minor release.
Table Of Contents
π New and noteworthy
Collections exposed as XPath attributes
Up to now, all AST node getters would be exposed to XPath, as long as the return type was a primitive (boxed or unboxed), String or Enum. That meant that collections, even of these basic types, were not exposed, so for instance accessing Apex's ASTUserClass.getInterfaceNames()
to list the interfaces implemented by a class was impossible from XPath, and would require writing a Java rule to check it.
Since this release, PMD will also expose any getter returning a collection of any supported type as a sequence through an XPath attribute. They would require to use apropriate XQuery functions to manipulate the sequence. So for instance, to detect any given ASTUserClass
in Apex that implements Queueable
, it is now possible to write:
/UserClass[@InterfaceNames = 'Queueable']
Updated PMD Designer
This PMD release ships a new version of the pmd-designer.
For the changes, see PMD Designer Changelog (7.2.0).
π Fixed Issues
- core
- java
- #4912: [java] Unable to parse some Java9+ resource references
- #4973: [java] Stop parsing Java for CPD
- #4980: [java] Bad intersection, unrelated class types java.lang.Object[] and java.lang.Number
- #4988: [java] Fix impl of ASTVariableId::isResourceDeclaration / VariableId/@ResourceDeclaration
- #4990: [java] Add an attribute @PackageQualifier to ASTClassType
- #5006: [java] Bad intersection, unrelated class types Child and Parent<? extends Child>
- #5029: [java] PMD 7.x throws stack overflow in TypeOps$ProjectionVisitor while parsing a Java class
- java-bestpractices
- #4278: [java] UnusedPrivateMethod FP with Junit 5 @MethodSource and default factory method name
- #4852: [java] ReplaceVectorWithList false-positive (neither Vector nor List usage)
- #4975: [java] UnusedPrivateMethod false positive when using @MethodSource on a @nested test
- #4985: [java] UnusedPrivateMethod false-positive / method reference in combination with custom object
- java-codestyle
- #1619: [java] LocalVariableCouldBeFinal on 'size' variable in for loop
- #3122: [java] LocalVariableCouldBeFinal should consider blank local variables
- #4903: [java] UnnecessaryBoxing, but explicit conversion is necessary
- #4924: [java] UnnecessaryBoxing false positive in PMD 7.0.0 in lambda
- #4930: [java] EmptyControlStatement should not allow empty try with concise resources
- #4954: [java] LocalVariableNamingConventions should allow unnamed variables by default
- #5028: [java] FormalParameterNamingConventions should accept unnamed parameters by default
- java-errorprone
- java-multithreading
- #2368: [java] False positive UnsynchronizedStaticFormatter in static initializer
π¨ API Changes
Deprecated API
- pmd-java
and the corresponding attribute@StableName
β¨ External Contributions
π Stats
- 152 commits
- 46 closed tickets & PRs
- Days since last release: 35