Skip to content

Commit 3d3f4ba

Browse files
committed
add change note
1 parent 00a0b12 commit 3d3f4ba

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
lgtm,codescanning
2+
* The query "Unsafe Deserialization" (`java/unsafe-deserialization`) has been
3+
improved to report those cases where SnakeYaml `Constructor` is used to fix
4+
the unmarshaled object graph root's type but injection is still possible in
5+
nested nodes of the object graph.

0 commit comments

Comments
 (0)