mirror of
https://github.com/github/codeql.git
synced 2026-04-14 03:24:06 +02:00
10 lines
848 B
Markdown
10 lines
848 B
Markdown
## 7.8.4
|
|
|
|
### Minor Analysis Improvements
|
|
|
|
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files.
|
|
* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled.
|
|
* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe.
|
|
* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
|
|
* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`.
|