 
                            Wiki Markup @deprecated annotation to indicate the deprecation of specific fields, methods, and classes. For example, many methods of java.util.Date}},   such   as  {{Date.getYear()}} , have   been   explicitly   deprecated.   The guideline [THI05-J.   Do   not   use   Thread.stop()   to   terminate   threads]  describes   issues   that   can   result   from   using   the   deprecated  {{Thread.stop()}}  method. 
The Java SE documentation provides a list of deprecated APIs for each version of the language:
Programmers should use the list of deprecated functions specific to the language version they are using, although it may also be possible to avoid the use of APIs that are deprecated in later versions as well if suitable alternatives are available.
Obsolete fields, methods, and classes should not be used. Java lacks any annotation that indicates obsolescence; nevertheless, several classes and methods are documented as obsolete. For instance, the java.util.Dictionary<K,V> class is marked as obsolete; new code should use Wiki Markup java.util.Map<K,V>}}  instead  \[ [API  2006|AA. Bibliography#API 06]\2014]. 
Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multi-threaded code. For more information about thread-safety, see guideline TSM04-J. Document thread-safety and use annotations where applicable.
Obsolete Methods and Classes
The following methods and classes listed in the following table must not be used in new code:
| Class or Method | Replacement | 
|---|
| Rule | 
|---|
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
| (many methods) | 
 | 
| 
 | 
| 
 | 
| 
 | 
| 
 | 
 | 
| 
 | ||
| 
 | 
 | |
| 
 | 
 | |
| 
 | 
 | |
| java.util.Date | java.time (since Java 8) | 
The Java Virtual Machine Profiler Interface (JVMPI) and JVM Debug Interface (JVMDI) are also deprecated and have been replaced by the JVM Tool Interface (JVMTI) (see ENV05-J. Do not deploy an application that can be remotely monitored for more information).
Risk Assessment
Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.
| Rule | Severity | Likelihood | Detectable | 
|---|
| Repairable | Priority | Level | 
|---|
| MET02-J | Low | 
| Unlikely | 
| Yes | 
| No | 
| P2 | 
| L3 | 
Automated Detection
Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
| Wiki Markup | 
|---|
| \[[API 2006|AA. Bibliography#API 06]\] [Deprecated API|http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary|http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html]
\[[SDN 2008|AA. Bibliography#SDN 08]\] Bug database, [Bug ID 4264153|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 589|http://cwe.mitre.org/data/definitions/589.html] | 
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest | 
 | CERT.MET02.DPRAPI CERT.MET02.THRD | Do not use deprecated APIs Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime' | ||||||
| SonarQube | 
 | S1874 | "@Deprecated" code should not be used | 
Related Guidelines
| ISO/IEC TR 24772:2010 | Deprecated Language Features [MEM] | 
| CWE-589, Call to Non-ubiquitous API | 
Android Implementation Details
The Android SDK has deprecated and obsolete APIs. Also, there may exist incompatible APIs depending on the SDK version. Consequently, it is recommended that developers refer to the "Android API Differences Report" and consider replacing deprecated APIs.
Bibliography
| [API 2014] | |
| [SDN 2008] | Bug database, Bug ID 4264153 | 
...
MET14-J. Follow the general contract when implementing the compareTo() method 05. Methods (MET) MET17-J. Do not increase the accessibility of overridden or hidden methods