From 08b77493d203ad42c2c28657d41ba4372ed38442 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Fri, 5 Aug 2022 17:41:00 +0100
Subject: [PATCH] Add security severity and change note

---
 java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql      | 1 +
 java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md

diff --git a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
index 6581e956c93..22602c23482 100644
--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
@@ -3,6 +3,7 @@
  * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.5
  * @precision high
  * @id java/rsa-without-oaep
  * @tags security
diff --git a/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md b/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md
new file mode 100644
index 00000000000..06d71cbf865
--- /dev/null
+++ b/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* A new query "Use of RSA algorithm without OAEP" (`java/rsa-without-oaep`) has been added. This query finds uses of RSA encryption that don't use the OAEP scheme.
\ No newline at end of file