Good catch. I will try to add a test that does sanity checks on the metadata file to prevent this.

Thanks for merging!
I'm making a test in the sonar-findbugs project and it seems to be the only missing abbreviation.
Note that I also found a problematic case (missing category) in one of the sb-contrib bug patterns.

I'm facing the same trouble, is there anything I can do to temporarily alleviate it?

findsecbugs shouldn't crash when trying to report the problem but most likely this is a real finding an you can solve it by disabling XXE on your xml processing classes as explained here: https://github.com/find-sec-bugs/find-sec-bugs/pull/681/files#diff-a686f21490e05e3796410ae562a7a8bbc9802a995afee23da568c5d0fe4ff2e4

When can we expect a release of this fix?

Good morning!
We have the same problem. We are waiting for a release with the error fixed.

Can we maybe get a 1.13.1 release with just this fix and nothing else?

Same error occured,waiting for 1.13.1 released.
We use sonar-findbugs plugin 4.2.10,which use 1.13.0 version of findsecbugs.
Because our sonar is 10.6,only this version 4.2.0 is compatible.
waiting for your fix version,TKS

sonar-findbugs 4.2.10

Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121:sonar (default-cli) on project archive: Can not execute Findbugs: java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL

Please, when is the new version of findbugs scheduled to be released that fixes this error?
We have production environments that cannot be analyzed due to this bug. Thank you

In our Java 21 code we have a false positive with this error and so it crashes.
We can't use 1.12.0 and we can't use 1.13.0.
A new 1.13.1 release would be great.