Merge branch 'github:main' into fix/path-injection-read-subkind

2026-05-14 11:19:27 +02:00 · 2026-04-21 22:59:53 +10:00
parent 6d10b1582f 6efb21314a
commit 07e97e20d8
197 changed files with 1499 additions and 623 deletions
--- a/java/ql/lib/change-notes/2026-03-20-data-extensions-barriers.md
+++ b/java/ql/lib/change-notes/2026-03-20-data-extensions-barriers.md
@@ -0,0 +1,4 @@
+---
+category: feature
+---
+* Data flow barriers and barrier guards can now be added using data extensions. For more information see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/).
--- a/java/ql/lib/change-notes/2026-04-04-sensitive-log-fp-reduction.md
+++ b/java/ql/lib/change-notes/2026-04-04-sensitive-log-fp-reduction.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `java/sensitive-log` query now excludes additional common variable naming patterns that do not hold sensitive data, reducing false positives. This includes pagination/iteration tokens (`nextToken`, `pageToken`, `continuationToken`), token metadata (`tokenType`, `tokenEndpoint`, `tokenCount`), and secret metadata (`secretName`, `secretId`, `secretVersion`).
--- a/java/ql/lib/change-notes/2026-04-16-woodstox-xxe.md
+++ b/java/ql/lib/change-notes/2026-04-16-woodstox-xxe.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 9.0.4
+
+### Minor Analysis Improvements
+
 * The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the Woodstox StAX library when `com.ctc.wstx.stax.WstxInputFactory` or `org.codehaus.stax2.XMLInputFactory2` are used directly.