From 1f8ce3a868e1471f33bd7c2eb605563cc444b653 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Mon, 21 Mar 2022 15:14:45 +0000 Subject: [PATCH] Java: Tweak release notes --- java/ql/lib/CHANGELOG.md | 2 ++ java/ql/lib/change-notes/released/0.0.12.md | 2 ++ java/ql/src/CHANGELOG.md | 2 -- java/ql/src/change-notes/released/0.0.12.md | 2 -- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 4191186f25f..21373d0689b 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -15,6 +15,8 @@ ### Minor Analysis Improvements + * Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards. + * Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc.). * Added support for detection of SSRF via JDBC database URLs, including connections made using the standard library (`java.sql`), Hikari Connection Pool, JDBI and Spring JDBC. * Re-removed support for `CharacterLiteral` from `CompileTimeConstantExpr.getStringValue()` to restore the convention that that predicate only applies to `String`-typed constants. * All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted. diff --git a/java/ql/lib/change-notes/released/0.0.12.md b/java/ql/lib/change-notes/released/0.0.12.md index 115b3338e40..50055f80d3f 100644 --- a/java/ql/lib/change-notes/released/0.0.12.md +++ b/java/ql/lib/change-notes/released/0.0.12.md @@ -15,6 +15,8 @@ ### Minor Analysis Improvements + * Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards. + * Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc.). * Added support for detection of SSRF via JDBC database URLs, including connections made using the standard library (`java.sql`), Hikari Connection Pool, JDBI and Spring JDBC. * Re-removed support for `CharacterLiteral` from `CompileTimeConstantExpr.getStringValue()` to restore the convention that that predicate only applies to `String`-typed constants. * All deprecated predicates/classes/modules that have been deprecated for over a year have been deleted. diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 43c746ab95c..54dba64473b 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -6,8 +6,6 @@ ### Minor Analysis Improvements - * Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards. - * Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc..). * Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard. ## 0.0.11 diff --git a/java/ql/src/change-notes/released/0.0.12.md b/java/ql/src/change-notes/released/0.0.12.md index d8c97cdfe2c..6332ffc2b45 100644 --- a/java/ql/src/change-notes/released/0.0.12.md +++ b/java/ql/src/change-notes/released/0.0.12.md @@ -6,6 +6,4 @@ ### Minor Analysis Improvements - * Added new guards `IsWindowsGuard`, `IsSpecificWindowsVariant`, `IsUnixGuard`, and `IsSpecificUnixVariant` to detect OS specific guards. - * Added a new predicate `getSystemProperty` that gets all expressions that retrieve system properties from a variety of sources (eg. alternative JDK API's, Google Guava, Apache Commons, Apache IO, etc..). * Updated "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) to remove false-positives when OS is properly used as logical guard.