From b8f8370c33ee55d89d08d8814c24ac0b06cd9c04 Mon Sep 17 00:00:00 2001 From: Luis Azanza Date: Tue, 7 Jul 2026 16:21:09 -0700 Subject: [PATCH] Update java/ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md Update change note to be more technically accurate Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> --- .../ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md b/java/ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md index f35a3386e72..d0474959b9c 100644 --- a/java/ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md +++ b/java/ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* The `uri` method of Spring's reactive `WebClient` is now considered a request forgery sink. Previously only the `create` and `baseUrl` methods were considered. This may lead to more alerts for the query `java/ssrf` (Server-side request forgery). +* The first argument of the `uri` method of `WebClient$UriSpec` in `org.springframework.web.reactive.function.client` is now considered a request forgery sink. Previously only the first arguments of the `WebClient.create` and `WebClient$Builder.baseUrl` methods were considered. This may lead to more alerts for the query `java/ssrf` (Server-side request forgery).