From 3a4a841844d66263adb051d07afb8a0ea0bb5041 Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 12 Feb 2024 14:01:27 +0000
Subject: [PATCH] Add change note + update severity

---
 java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql      | 2 +-
 java/ql/src/change-notes/2024-02-12-android-insecure-keys.md | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 java/ql/src/change-notes/2024-02-12-android-insecure-keys.md

diff --git a/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql b/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
index 0e85229c29b..c8090f23c1d 100644
--- a/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
+++ b/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
@@ -3,7 +3,7 @@
  * @description Keys used for local biometric authentication should be generated with secure parameters.
  * @kind problem
  * @problem.severity warning
- * @security-severity 9.3
+ * @security-severity 4.4
  * @precision medium
  * @id java/android/insecure-local-key-gen
  * @tags security
diff --git a/java/ql/src/change-notes/2024-02-12-android-insecure-keys.md b/java/ql/src/change-notes/2024-02-12-android-insecure-keys.md
new file mode 100644
index 00000000000..1de07727796
--- /dev/null
+++ b/java/ql/src/change-notes/2024-02-12-android-insecure-keys.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query `java/android/insecure-local-key-gen` for finding instances of keys generated for biometric authentication in an insecure way.
\ No newline at end of file