mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
fa40d59332
Now that change notes are per-package, new change notes should be created in the `change-notes` folder under the affected pack (e.g., `cpp/ql/src/change-notes` for C++ query change notes. I've moved all of the change note files that were added before we started publishing them in packs to an `old-change-notes` directory under each language, to reduce the temptation to add new change notes there. I'm working on a document to describe how and when to create change notes for packs separately.
288 B
288 B
lgtm,codescanning
- The query "Unsafe Deserialization" (
java/unsafe-deserialization) has been improved to report those cases where SnakeYamlConstructoris used to fix the unmarshaled object graph root's type but injection is still possible in nested nodes of the object graph.