Add change note

smowton · smowton · commit 004432688461 · 2022-05-11T12:06:27.000+01:00
diff --git a/java/ql/src/change-notes/2022-05-11-insecure-cookie.md b/java/ql/src/change-notes/2022-05-11-insecure-cookie.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Query `java/insecure-cookie` now tolerates setting a cookie's secure flag to `request.isSecure()`. This means servlets that intentionally accept unencrypted connections will no longer raise an alert.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Query `java/insecure-cookie` now tolerates setting a cookie's secure flag to `request.isSecure()`. This means servlets that intentionally accept unencrypted connections will no longer raise an alert.