Page History

Deprecated methods should not be used in new code. Refer to the complete list of deprecated APIs available in the Java SE 6 documentation. \[[API 06|AA. Java References#API 06]\].

The guideline CON17-J. Do not invoke ThreadGroup methods Never use deprecated fields, methods, or classes in new code. Java provides an @deprecated annotation to indicate the deprecation of specific fields, methods, and classes. For example, many methods of java.util.Date, such as Date.getYear(), have been explicitly deprecated. THI05-J. Do not use Thread.stop() to terminate threads describes issues that can result from using deprecated and obsolete methods. the deprecated Thread.stop() method. 

The Java SE documentation provides a list of deprecated APIs for each version of the language:

• Java SE 6
• Java SE 7
• Java SE 8

Programmers should use the list of deprecated functions specific to the language version they are using, although it may also be possible to avoid the use of APIs that are deprecated in later versions as well if suitable alternatives are available.

Obsolete fields, methods, and classes should not be used. Java lacks any annotation that indicates obsolescence; nevertheless, several classes and methods are documented as obsolete. For instanceA class is obsolete if it is unofficially deprecated. For example, the java.util.Dictionary class provides the same functionality as the Map interface and is generally outmoded. The java.util.Calendar class suffers from multi-threading related issues and so does its subclasses, such as, java.util.GregorianCalendar. Similarly, all the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multi-threaded codeDictionary<K,V> class is marked as obsolete; new code should use java.util.Map<K,V> instead [API 2014].

Obsolete Methods and Classes

The methods and classes listed in the following table must not be used:

The Java Virtual Machine Profiler Interface (JVMPI) and JVM Debug Interface (JVMDI) are also deprecated and have been replaced by the JVM Tool Interface (JVMTI) (see ENV05-J. Do not deploy an application that can be remotely monitored for more information).

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to unexpected, ill-defined erroneous behavior.

Automated Detection

...

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[API 06|AA. Java References#API 06]\] [Deprecated API|http://java.sun.com/javase/6/docs/api/deprecated-list.html]
\[[SDN 08|AA. Java References#SDN 08]\] Bug database, [Bug ID 4264153|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 589|http://cwe.mitre.org/data/definitions/589.html]

Detecting uses of deprecated methods is straightforward. Obsolete methods have no automatic means of detection.

Tool	Version	Checker	Description
Parasoft Jtest	Include Page Parasoft_V Parasoft_V	CERT.MET02.DPRAPI CERT.MET02.THRD	Do not use deprecated APIs Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime'
SonarQube	Include Page SonarQube_V SonarQube_V	S1874	"@Deprecated" code should not be used

Related Guidelines

Android Implementation Details

The Android SDK has deprecated and obsolete APIs. Also, there may exist incompatible APIs depending on the SDK version. Consequently, it is recommended that developers refer to the "Android API Differences Report" and consider replacing deprecated APIs.

Bibliography

...

Image Added Image Added Image AddedMET14-J. Follow the general contract when implementing the compareTo method      12. Methods (MET)      MET16-J. Ensure that the clone method calls super.clone