codeql/java/change-notes/2021-06-25-jax-rs-content-types.md

lgtm,codescanning

• The XSS query now accounts for more ways to set the content-type of an entity served via a Jax-RS HTTP endpoint. This may flag more cases where an XSS-vulnerable content-type is set, and exclude more cases where a non-vulnerable content-type such as application/json is set.