From 42c955ea62a187724e54d9eef75a51af1ecbf450 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Thu, 27 Nov 2025 23:49:28 +0000
Subject: [PATCH] Add change note

---
 .../2025-11-27-spring-rest-template-request-forgery-sinks.md  | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md

diff --git a/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md b/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md
new file mode 100644
index 00000000000..4a18b530472
--- /dev/null
+++ b/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.