hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
953ff9f0d07227725deecf08596febcc1e28a9ce
codeql/java/ql/lib/change-notes/released/7.8.4.md
github-actions[bot] 4142b9c4ce Release preparation for version 2.24.0
2026-01-19 14:49:14 +00:00

848 B
Raw Blame History

7.8.4

Minor Analysis Improvements

  • When a code-scanning configuration specifies the paths: and/or paths-ignore: settings, these are now taken into account by the Java extractor's search for XML and properties files.
  • Additional remote flow sources from the org.springframework.web.socket package have been modeled.
  • A sanitizer has been added to java/ssrf to remove alerts when a regular expression check is used to verify that the value is safe.
  • URI template variables of all Spring RestTemplate methods are now considered as request forgery sinks. Previously only the getForObject method was considered. This may lead to more alerts for the query java/ssrf.
  • Added more dataflow models of org.apache.commons.fileupload.FileItem, javax/jakarta.servlet.http.Part and org.apache.commons.fileupload.util.Streams.