If a new version of a code analyzer changes the severity of an existing rule, the built-in Quality Profile (provided by this analyzer) is not updated with this new severity when upgrading the analyzer in SonarQube.
Built-in Quality Profile should be constantly up-to-date with latest default severity (of installed analyzer)
- install SonarQube v6.7.2, which ships with SonarJava v4.15, which defines S2077 with Blocker default severity (rule has Blocker severity in the built-in Sonar Way)
- upgraded to SonarJava v5.1.1 in the Marketplace, which defines S2077 with Critical default severity
- built-in Sonar Way still has Blocker severity for S2077