hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change note

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-07-11 11:01:51 +01:00
parent 8e4bd1a102
commit 7764fbb664
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2025-07-11-unsafe-deserialization-extra-sink.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The qualifiers of a calls to `readObject` on any classes that implement `java.io.ObjectInput` are now recognised as sinks for `java/unsafe-deserialization`. Previously this was only the case for classes which extend `java.io.ObjectInputStream`.