mirror of
https://github.com/github/codeql.git
synced 2026-04-30 19:26:02 +02:00
add change note
This commit is contained in:
Alvaro Muñoz
5
java/change-notes/2021-02-15-snakeyaml-fn-fix.md
Normal file
5
java/change-notes/2021-02-15-snakeyaml-fn-fix.md
Normal file
@@ -0,0 +1,5 @@
|
||||
lgtm,codescanning
|
||||
* The query "Unsafe Deserialization" (`java/unsafe-deserialization`) has been
|
||||
improved to report those cases where SnakeYaml `Constructor` is used to fix
|
||||
the unmarshaled object graph root's type but injection is still possible in
|
||||
nested nodes of the object graph.
|
||||
Reference in New Issue
Block a user