hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f29459cdaee92c272881137de219eede6efb079
codeql/java/ql/lib/change-notes/2025-07-11-unsafe-deserialization-extra-sink.md
Owen Mansel-Chan 7764fbb664 Change note
2025-07-11 11:05:48 +01:00

279 B
Raw Blame History

category
category
minorAnalysis
  • The qualifiers of a calls to readObject on any classes that implement java.io.ObjectInput are now recognised as sinks for java/unsafe-deserialization. Previously this was only the case for classes which extend java.io.ObjectInputStream.