hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
628f85aebcf23ee9a7a944c8ca8d00aefc00b8eb
codeql/java/ql/lib/change-notes/2026-03-27-add-ec-to-secure-algorithms.md
Owen Mansel-Chan 2b8558706f Add sentence to change note.
2026-03-28 16:39:16 +00:00

768 B
Raw Blame History

category
category
minorAnalysis
  • The java/potentially-weak-cryptographic-algorithm query no longer flags Elliptic Curve algorithms (EC, ECDSA, ECDH, EdDSA, Ed25519, Ed448, XDH, X25519, X448), HMAC-based algorithms (HMACSHA1, HMACSHA256, HMACSHA384, HMACSHA512), or PBKDF2 key derivation as potentially insecure. These are modern, secure algorithms recommended by NIST and other standards bodies. This will reduce the number of false positives for this query.
  • The first argument of the method getInstance of java.security.Signature is now modeled as a sink for java/potentially-weak-cryptographic-algorithm, java/weak-cryptographic-algorithm and java/rsa-without-oaep. This will increase the number of alerts for these queries.