mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
fa40d59332
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there. I'm working on a document to describe how and when to create change notes for packs separately.
598 B
598 B
lgtm,codescanning
- The security queries now recognize the effect of JSON schema validation, and highlights cases where this validation is susceptible to denial-of-service attacks. Affects the package ajv.
- A new query,
js/resource-exhaustion-from-deep-object-traversal, has been added to the query suite, highlighting denial-of-service attacks exploiting operations that traverse deeply user-controlled objects. - The
js/xss-through-exceptionquery now recognizes JSON schema validation errors as a source, as they may contain part of the input data.