| .. |
|
2020-05-21-mongodb-sql-injection-sinks.md
|
Java: Add change note for https://github.com/github/codeql/pull/3542
|
2020-10-29 16:27:51 +01:00 |
|
2020-05-21-websocket-taintsource.md
|
Java: Add change note for https://github.com/github/codeql/pull/3543
|
2020-10-29 16:14:56 +01:00 |
|
2020-06-30-jooq-sql-injection-sinks.md
|
Java: Add change note for https://github.com/github/codeql/pull/3855
|
2020-10-29 16:09:01 +01:00 |
|
2020-07-03-more-pathcreations.md
|
Java: Add change note for https://github.com/github/codeql/pull/3881
|
2020-10-29 15:54:25 +01:00 |
|
2020-07-09-untrusted-data-to-external-api.md
|
Java: Add change note for https://github.com/github/codeql/pull/3938
|
2020-10-29 16:02:34 +01:00 |
|
2020-07-13-stacktraceexposure-fp-fix.md
|
Java: Add change note for https://github.com/github/codeql/pull/3948
|
2020-10-29 15:30:09 +01:00 |
|
2020-08-11-printwriter-format-xss-sink.md
|
Java: Add change note for https://github.com/github/codeql/pull/4044
|
2020-10-29 16:05:43 +01:00 |
|
2020-08-14-dataflow-dispatch-instance-arg-ctx.md
|
Java: Add change note for https://github.com/github/codeql/pull/4081
|
2020-10-29 16:25:11 +01:00 |
|
2020-08-17-string-formatted.md
|
Java: Add change note for https://github.com/github/codeql/pull/4088
|
2020-10-29 16:11:26 +01:00 |
|
2020-08-24-records-flow.md
|
Java: Add change note for https://github.com/github/codeql/pull/4123
|
2020-10-29 16:20:35 +01:00 |
|
2020-08-31-extensible-security-queries.md
|
Java: Add change note for extensible security queries.
|
2020-10-29 15:37:35 +01:00 |
|
2020-09-08-blockstmt.md
|
Java: Move existing change note to new format.
|
2020-10-29 16:35:27 +01:00 |
|
2020-09-17-exectainted-array.md
|
Java: Add change note for https://github.com/github/codeql/pull/4287
|
2020-10-29 16:33:09 +01:00 |
|
2020-09-21-jhipster-gen-prng-query.md
|
Java: Add change note for https://github.com/github/codeql/pull/4312.
|
2020-10-29 15:24:28 +01:00 |
|
2020-09-22-hibernate-sql-sinks.md
|
Java: improve change note
|
2020-09-23 15:37:55 +02:00 |
|
2020-09-23-spring-multipart-request-sources.md
|
Java: add Spring::MultipartRequest as taint source
|
2020-09-22 19:01:10 +02:00 |
|
2020-10-03-android-intent-taintsource.md
|
Java: Add change note for #3812.
|
2020-11-04 10:15:08 +01:00 |
|
2020-10-07-fastjson-deserialization-sink.md
|
Java: Add support for FastJson in unsafe deserialization.
|
2020-11-16 11:47:58 +01:00 |
|
2020-10-16-guava-flow-steps.md
|
Java: Update Guava version in test stubs and change note
|
2020-10-19 11:56:28 +01:00 |
|
2020-10-27-insecure-bean-validation.md
|
Update java/change-notes/2020-10-27-insecure-bean-validation.md
|
2020-10-27 21:10:46 +01:00 |
|
2020-11-04-commonslang-unsafe-deserialization-sinks.md
|
Update java/change-notes/2020-11-04-commonslang-unsafe-deserialization-sinks.md
|
2020-11-04 10:58:27 +01:00 |
|
2020-12-09-xxe-fp-fix.md
|
Add change note
|
2020-12-09 16:41:31 +00:00 |
|
2021-01-12-unsafe-hostname-verification.md
|
Java: Add change note for #4771
|
2021-01-12 15:37:45 +01:00 |
|
2021-01-14-java-15-support.md
|
Java: update documentation on supported language versions
|
2021-01-14 20:29:16 -05:00 |
|
2021-01-19-struts-xml-extraction.md
|
Java: add change note for `struts.xml` extraction
|
2021-01-19 10:19:18 -05:00 |
|
2021-02-09-commons-string-utils.md
|
Add support for Apache Commons Lang StringUtils
|
2021-02-16 14:48:39 +00:00 |
|
2021-02-15-commons-array-utils.md
|
add change note for new ArrayUtils support
|
2021-02-15 14:41:18 +01:00 |
|
2021-02-15-snakeyaml-fn-fix.md
|
add change note
|
2021-02-15 14:53:16 +01:00 |
|
2021-02-17-apache-http.md
|
Add change note
|
2021-02-23 14:26:12 +00:00 |
|
2021-02-23-deprecated-jcenter-bintray.md
|
Add release notes
|
2021-02-24 11:19:20 -05:00 |
|
2021-03-01-fluent-interface-data-flow.md
|
Add change notes
|
2021-03-01 16:59:20 +00:00 |
|
2021-03-02-apache-text-misc.md
|
Add change note
|
2021-03-04 11:11:56 +00:00 |
|
2021-03-02-guava-io.md
|
Apply suggestions from code review
|
2021-03-05 11:19:55 +00:00 |
|
2021-03-05-commons-lang-randomutils.md
|
Improve comment and change-note accuracy
|
2021-03-08 11:00:05 +00:00 |
|
2021-03-05-commons-object-utils.md
|
Improve change note
|
2021-03-11 16:22:56 +00:00 |
|
2021-03-05-play-framework.md
|
Test fixes and change notes
|
2021-03-05 06:50:57 +05:30 |
|
2021-03-05-regex-utils.md
|
Improve change note
|
2021-03-09 15:11:13 +00:00 |
|
2021-03-10-guava-base.md
|
Add change note
|
2021-06-11 11:41:30 +01:00 |
|
2021-03-11-commons-strbuilder.md
|
Add change note
|
2021-03-26 14:31:36 +00:00 |
|
2021-03-18-commons-tostring-builder.md
|
Add change note
|
2021-04-21 15:47:20 +01:00 |
|
2021-03-22-jax-rs-improvements.md
|
Rename JAX-WS -> JAX-RS where necessary. Improve change note and fix missing QLDoc.
|
2021-06-08 15:12:03 +01:00 |
|
2021-03-23-guava-collections-and-preconditions.md
|
Update java/change-notes/2021-03-23-guava-collections-and-preconditions.md
|
2021-03-03 12:53:16 +01:00 |
|
2021-03-25-remove-legacy-code-duplication-library.md
|
Java: Add change note for code duplication library removal.
|
2021-03-25 10:12:58 +01:00 |
|
2021-03-25-remove-legacy-filter-queries.md
|
Java: Add change note for filter query removal.
|
2021-03-25 10:11:30 +01:00 |
|
2021-04-02-add-spring-validation-errors.md
|
Add models for Spring validation.Errors
|
2021-06-29 05:51:21 -07:00 |
|
2021-04-06-ssrf-query.md
|
Note incidental extra models in change note
|
2021-06-17 11:43:33 +01:00 |
|
2021-04-14-membertype.md
|
Add change note
|
2021-04-14 08:25:12 +01:00 |
|
2021-04-26-xpath-injection-query.md
|
Fix imports and stubs so that tests pass
|
2021-05-06 09:18:48 +02:00 |
|
2021-05-03-guava-first-non-null.md
|
[Java] Add support for com.google.common.base.MoreObjects#firstNonNull
|
2021-05-03 12:58:00 -04:00 |
|
2021-05-03-jackson-dataflow-deserialization.md
|
[Java] Add release note to Jackson change
|
2021-05-11 10:36:47 -04:00 |
|
2021-05-04-jexl-injection-query.md
|
Fix failing checks
|
2021-05-04 11:29:09 +02:00 |
|
2021-05-05-kryo-improvements.md
|
Update java/change-notes/2021-05-05-kryo-improvements.md
|
2021-05-11 08:29:50 -04:00 |
|
2021-05-06-unsafe-android-access-query.md
|
QLDoc improvements from code review
|
2021-07-29 16:34:21 +02:00 |
|
2021-05-11-apache-tuples.md
|
Add change note
|
2021-06-17 12:34:40 +01:00 |
|
2021-05-11-ratpack-support.md
|
Ratpack: Release note and typo fix
|
2021-10-18 12:21:10 -04:00 |
|
2021-05-12-hardcoded-azure-credentials-in-api-call.md
|
Update the change note
|
2021-05-17 11:35:35 +00:00 |
|
2021-05-12-xxe-fp-fix.md
|
Add change notes.
|
2021-05-12 16:58:24 +07:00 |
|
2021-05-13-ognl-injection-query.md
|
Fix release note
|
2021-07-20 17:23:47 +02:00 |
|
2021-05-14-close-resource-leaks-improvements.md
|
Update java/change-notes/2021-05-14-close-resource-leaks-improvements.md
|
2021-05-17 19:27:10 +01:00 |
|
2021-05-17-add-unsafe-deserialization-sinks.md
|
Update java/change-notes/2021-05-17-add-unsafe-deserialization-sinks.md
|
2021-05-17 18:49:16 +08:00 |
|
2021-05-17-jackson-deserialization-sink.md
|
Minor improvements for Jackson in UnsafeDeserialization.qll
|
2021-07-09 10:24:15 +02:00 |
|
2021-05-17-missing-jwt-signature-check-query.md
|
Fix release note
|
2021-07-20 17:24:24 +02:00 |
|
2021-05-20-jndi-injection-query.md
|
Decouple JndiInjection.qll to reuse the taint tracking configuration
|
2021-07-20 15:38:34 +02:00 |
|
2021-05-20-savedrequest-taintsources.md
|
Add change note.
|
2021-05-20 20:07:14 +07:00 |
|
2021-05-24-hardcoded-shiro-key-in-api-call.md
|
Fix typo
|
2021-09-30 16:22:12 +01:00 |
|
2021-05-28-remove-senderror-xss-sink.md
|
Update java/change-notes/2021-05-28-remove-senderror-xss-sink.md
|
2021-05-28 15:13:19 +02:00 |
|
2021-05-31-add-spring-stringutils.md
|
Model Spring `util`
|
2021-06-28 08:26:37 -07:00 |
|
2021-06-01-collection-flow.md
|
Java: Add change note.
|
2021-06-01 14:33:52 +02:00 |
|
2021-06-01-insecure-basic-auth-query.md
|
Update java/change-notes/2021-06-01-insecure-basic-auth-query.md
|
2021-09-15 17:20:27 +02:00 |
|
2021-06-01-statement-toString.md
|
Java: Adjust change note for statement `toString()` changes
|
2021-06-03 17:17:00 +02:00 |
|
2021-06-02-mvel-injection-query.md
|
Added change note
|
2021-06-03 10:21:59 +02:00 |
|
2021-06-08-spel-injection-query.md
|
Apply suggestions from code review
|
2021-09-27 11:40:51 +02:00 |
|
2021-06-08-spring-http.md
|
Add change note
|
2021-07-15 10:33:33 +01:00 |
|
2021-06-08-spring-propertyvalues.md
|
Add change note
|
2021-06-08 10:42:07 +02:00 |
|
2021-06-11-tainted-key-read-steps.md
|
Add change note
|
2021-06-11 12:04:11 +02:00 |
|
2021-06-14-groovy-code-injection-query.md
|
Update java/change-notes/2021-06-14-groovy-code-injection-query.md
|
2021-07-28 10:45:03 +02:00 |
|
2021-06-16-xslt-injection-query.md
|
Refactor XsltInjection.qll
|
2021-09-27 12:00:18 +02:00 |
|
2021-06-18-apache-mutable.md
|
Add change note
|
2021-07-15 14:58:25 +01:00 |
|
2021-06-18-insecure-java-mail-query.md
|
Apply suggestions from code review
|
2021-10-05 09:18:49 +02:00 |
|
2021-06-22-more-steps-for-bytebuffer-inputstream.md
|
Elaborate change note a little
|
2021-08-09 15:33:21 +01:00 |
|
2021-06-22-util-optional.md
|
Add change note
|
2021-06-23 18:54:27 +01:00 |
|
2021-06-23-generic-type-names.md
|
Add change note
|
2021-06-23 16:09:29 +01:00 |
|
2021-06-24-dataflow-implicit-reads.md
|
C++/C#/Java/Python: Add change notes.
|
2021-06-24 14:29:34 +02:00 |
|
2021-06-25-apache-collections-maputils-keyvalue.md
|
Add change note
|
2021-06-25 12:55:09 +01:00 |
|
2021-06-25-jax-rs-content-types.md
|
Add change note
|
2021-06-30 12:04:21 +01:00 |
|
2021-06-29-javax-json-models.md
|
Add models of the javax.json package
|
2021-06-29 15:21:01 +01:00 |
|
2021-07-01-spring-collections.md
|
Add change note
|
2021-07-14 05:05:17 -07:00 |
|
2021-07-01-spring-webmultipart.md
|
Model Spring `web.multipart`
|
2021-07-13 10:29:01 -07:00 |
|
2021-07-01-spring-webutil.md
|
Add change note
|
2021-08-12 11:20:49 -07:00 |
|
2021-07-01-url-classloader-reactive-webclient.md
|
Add change note
|
2021-07-01 13:36:00 +01:00 |
|
2021-07-02-split-queries.md
|
Add change note
|
2021-07-02 10:02:28 +01:00 |
|
2021-07-14-spring-jdbc.md
|
Add change note
|
2021-07-14 17:39:58 +01:00 |
|
2021-07-19-json-java.md
|
Add change note
|
2021-07-19 18:11:05 +01:00 |
|
2021-07-22-model-collection-constructors.md
|
Java: Add models for collection constructors
|
2021-07-22 07:23:26 -07:00 |
|
2021-07-27-apache-collections-base-package.md
|
Add change note
|
2021-08-06 07:06:35 +01:00 |
|
2021-07-28-guava-cache.md
|
Add change note
|
2021-07-29 16:41:33 +01:00 |
|
2021-08-02-android-intent-redirect-query.md
|
Added change note
|
2021-10-18 11:04:35 +02:00 |
|
2021-08-02-guava-collections.md
|
Add change note
|
2021-09-16 15:23:02 +01:00 |
|
2021-08-03-spring-content-types.md
|
Add change note
|
2021-09-10 16:10:56 +01:00 |
|
2021-08-04-jabsorb-unsafe-deserialization.md
|
Add unsafe-deserialization support for Jabsorb
|
2021-08-04 15:35:50 +01:00 |
|
2021-08-05-jodd-unsafe-deserialization.md
|
Unsafe deserialization: add support for Jodd JSON library
|
2021-08-05 16:01:14 +01:00 |
|
2021-08-09-flexjson-unsafe-deserialization.md
|
Add support for the Flexjson framework to the unsafe-deserialization query
|
2021-09-10 16:27:23 +01:00 |
|
2021-08-10-gson-unsafe-deserialization.md
|
Add change note and update qhelp
|
2021-10-12 12:35:05 +01:00 |
|
2021-08-12-jax-rs-filter-sources.md
|
Add change note
|
2021-09-10 16:36:36 +01:00 |
|
2021-08-23-getPrimaryQlClasses.md
|
All languages: Add getPrimaryQlClasses()
|
2021-08-23 15:49:10 +01:00 |
|
2021-08-23-local-interfaces-enums.md
|
Rename QL elements that refer to local classes
|
2021-09-02 14:51:50 +01:00 |
|
2021-08-24-downgrade-sql-unescaped.md
|
Downgrade precision of java/concatenated-sql-query
|
2021-08-24 10:46:01 +01:00 |
|
2021-09-03-android-sensitive-broadcast.md
|
Apply suggestions from code review
|
2021-10-26 14:04:13 +02:00 |
|
2021-09-13-android-uri.md
|
Add models for android.net.Uri[.Builder]
|
2021-09-14 16:37:07 +01:00 |
|
2021-09-13-javadoc-type-parameters.md
|
Add change note
|
2021-09-13 15:36:26 +01:00 |
|
2021-09-13-location-toString.md
|
Java: Use the standard URL format for Location.toString()
|
2021-09-13 12:53:50 +01:00 |
|
2021-09-14-conditional-bypass-improvements.md
|
Add change note
|
2021-09-14 13:16:47 +02:00 |
|
2021-09-14-jsf-support.md
|
Add change note
|
2021-09-14 12:36:38 +01:00 |
|
2021-09-27-apache-collections-subpackages.md
|
Add a change note
|
2021-09-28 07:32:28 +01:00 |
|
2021-10-07-java-util-stream.md
|
Java: Add change note.
|
2021-10-07 14:42:19 +02:00 |
|
2021-10-20-more-specific-types.md
|
Java: Add a changenote to RefType -> ClassOrInterface
|
2021-10-20 12:21:08 +01:00 |
|
2021-10-29-deprecate-String-getRepresentedString.md
|
Java: Add change note for `StringLiteral.getRepresentedString()` deprecation
|
2021-10-29 15:21:55 +02:00 |
|
2021-10-29-improved-ratpack-support.md
|
Move change notes to correct directories
|
2021-11-29 16:31:11 -05:00 |
|
2021-10-29-optional-lambda-flow.md
|
Java: Model java.util.Optional lambda methods
|
2021-10-29 13:23:47 -04:00 |
|
2021-11-15-overrides.md
|
Java: Fix overrides to not be transitive.
|
2021-11-15 13:54:53 +01:00 |
|
2021-11-25-surrogate-char-literals.md
|
CharacterLiteral.getCodePointValue: fix handling of surrogates
|
2021-11-25 14:07:21 +00:00 |
