Add change note.

lcartey · lcartey · commit e118f9a5f9d8 · 2019-08-30T10:48:37.000+01:00
diff --git a/change-notes/1.23/analysis-java.md b/change-notes/1.23/analysis-java.md
@@ -0,0 +1,11 @@
+# Improvements to Java analysis
+
+The following changes in version 1.23 affect Java analysis in all applications.
+
+## Changes to existing queries
+
+| **Query**                    | **Expected impact**    | **Change**                        |
+|------------------------------|------------------------|-----------------------------------|
+| Query built from user-controlled sources (`java/sql-injection`) | More results | The query now identifies arguments to `Statement.executeLargeUpdate` and `Connection.prepareCall` as SQL expressions sinks. |
+| Query built from local-user-controlled sources (`java/sql-injection-local`) | More results | The query now identifies arguments to `Statement.executeLargeUpdate` and `Connection.prepareCall` as SQL expressions sinks. |
+| Query built without neutralizing special characters (`java/concatenated-sql-query`) | More results | The query now identifies arguments to `Statement.executeLargeUpdate` and `Connection.prepareCall` as SQL expressions sinks. |
