Merge pull request #15375 from atorralba/atorralba/docs/amend-change-note

atorralba · web-flow · commit 716c6cd519d0 · 2024-01-18T17:49:00.000+01:00
Fix change note category for clarity
diff --git a/java/ql/src/change-notes/released/0.8.6.md b/java/ql/src/change-notes/released/0.8.6.md
@@ -1,9 +1,5 @@
 ## 0.8.6
 
-### Deprecated Queries
-
-* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
-
 ### New Queries
 
 * Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. 
@@ -13,3 +9,7 @@
 * Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files.
 * The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
 * Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
+
+### Bug Fixes
+
+* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
