- The
java/sensitive-cookie-not-httponlyquery has been promoted from experimental to the main query pack. - Added a new query,
java/escaping, to detect values escaping from classes marked as@ThreadSafe. - Added a new query,
java/not-threadsafe, to detect data races in classes marked as@ThreadSafe. - Added a new query,
java/safe-publication, to detect unsafe publication in classes marked as@ThreadSafe.
- Calls to
String.matchesare now treated as sanitizers for thejava/ssrfquery.