From ccc30ea6502ba2d37141047ae220d7df827e59b7 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <tom@semmle.com>
Date: Thu, 27 Jun 2019 11:55:31 +0200
Subject: [PATCH] C#: Update change note

---
 change-notes/1.21/analysis-csharp.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/change-notes/1.21/analysis-csharp.md b/change-notes/1.21/analysis-csharp.md
index dc53e1f8fc8..06f448a6430 100644
--- a/change-notes/1.21/analysis-csharp.md
+++ b/change-notes/1.21/analysis-csharp.md
@@ -8,7 +8,6 @@ C# analysis now supports the extraction and analysis of many C# 8 features. For
 
 | **Query**                                     | **Tags**                                             | **Purpose**                                                                                                                                                                 |
 |-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Thread-unsafe use of a static ICryptoTransform field (`cs/thread-unsafe-icryptotransform-field-in-class`) | concurrency, security, external/cwe/cwe-362 | Highlights classes with fields that make use of a static `System.Security.Cryptography.ICryptoTransform` object. Using these classes in concurrent threads is dangerous. It may result in an error and may also give incorrect results. Results are not shown on [LGTM](https://lgtm.com/rules/1507931833866/) by default. |
 | Thread-unsafe capturing of an ICryptoTransform object (`cs/thread-unsafe-icryptotransform-captured-in-lambda`) | concurrency, security, external/cwe/cwe-362 | Highlights instances of classes where a field of type `System.Security.Cryptography.ICryptoTransform` is captured by a lambda, and appears to be used in a thread initialization method. Results are not shown on [LGTM](https://lgtm.com/rules/1508141845995/) by default. |
 
 ## Changes to existing queries
@@ -16,6 +15,7 @@ C# analysis now supports the extraction and analysis of many C# 8 features. For
 | **Query**                    | **Expected impact**    | **Change**                        |
 |------------------------------|------------------------|-----------------------------------|
 | Constant condition (`cs/constant-condition`) | Fewer false positive results | The query now ignores code where the `null` value is in a conditional expression on the left hand side of a null-coalescing expression. For example, in `(a ? b : null) ?? c`, `null` is not considered to be a constant condition. |
+| Thread-unsafe use of a static ICryptoTransform field (`cs/thread-unsafe-icryptotransform-field-in-class`) | Fewer false positive results | The criteria for a result has changed to include nested properties, nested fields, and collections. The format of the alert message has changed to highlight the static field. The query name has been updated. |
 | Useless upcast (`cs/useless-upcast`) | Fewer false positive results | The query now ignores code where the upcast is used to disambiguate the target of a constructor call. |
 
 ## Changes to code extraction