codeql/java/old-change-notes/2021-03-18-commons-tostring-builder.md

lgtm,codescanning

• Added models for Apache Commons Lang's ToStringBuilder class. This may lead to more results from any data-flow query where ToStringBuilder operations fall between the relevant untrusted source and vulnerable sink.