From fa90c53b4325b81f5ba80b712562cc7950240062 Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esben@semmle.com>
Date: Mon, 6 Aug 2018 15:14:15 +0200
Subject: [PATCH] JS: update change notes for improved js/missing-rate-limiting

---
 change-notes/1.18/analysis-javascript.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/change-notes/1.18/analysis-javascript.md b/change-notes/1.18/analysis-javascript.md
index d507351eaa0..52162df67cb 100644
--- a/change-notes/1.18/analysis-javascript.md
+++ b/change-notes/1.18/analysis-javascript.md
@@ -40,6 +40,7 @@
 | CORS misconfiguration for credentials transfer | More true-positive results | This rule now treats header names case-insensitively. |
 | Hard-coded credentials | More true-positive results | This rule now recognizes secret cryptographic keys. |
 | Insecure randomness | More true-positive results | This rule now recognizes secret cryptographic keys. |
+| Missing rate limiting | More true-positive results, fewer false-positive results | This rule now recognizes additional rate limiters and expensive route handlers. | 
 | Missing X-Frame-Options HTTP header | Fewer false-positive results | This rule now treats header names case-insensitively. |
 | Reflected cross-site scripting | Fewer false-positive results | This rule now treats header names case-insensitively. |
 | Server-side URL redirect | More true-positive results | This rule now treats header names case-insensitively. |