diff --git a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
index 70ef0b39405..d46d35ab0cc 100644
--- a/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/SensitiveLoggingQuery.qll
@@ -13,7 +13,7 @@ class VariableWithSensitiveName extends Variable {
     exists(string name | name = this.getName() |
       name.regexpMatch(getCommonSensitiveInfoRegex()) and
       not name.regexpMatch("(?i).*null.*") and
-      not name.matches("tokenImage") // appears in parser code generated by JavaCC
+      name != "tokenImage" // appears in parser code generated by JavaCC
     )
   }
 }
diff --git a/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md b/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md
index d62c2dfbb47..017e5abd7ee 100644
--- a/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md
+++ b/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md
@@ -1,4 +1,4 @@
 ---
 category: minorAnalysis
 ---
-* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a larger number of false positive alerts.
+* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.