Add change note

owen-mc · owen-mc · commit 2d7646640510 · 2025-01-28T15:35:28.000Z
diff --git a/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md b/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: majorAnalysis
 +---
 +* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.