Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp

More descriptive (and PC) description.

Co-authored-by: Marcono1234 <[email protected]>

Author: timoles

java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp

@@ -16,7 +16,7 @@ In order to disallow the deserialization of arbitrary objects the passed environ
 Ideally this filter only allows the deserialization to <code>java.lang.String</code>.
 
 The filter can be configured by setting the key <code>jmx.remote.rmi.server.credentials.filter.pattern</code> (CONST variable <code>RMIConnectorServer.CREDENTIALS_FILTER_PATTERN</code>).
-The filter should (ideally) blacklist all classes, and only whitelist java.lang.String for deserialization: (<code> "java.lang.String;!*"</code>).
+The filter should (ideally) only allow java.lang.String and disallow all other classes for deserialization: (<code>"java.lang.String;!*"</code>).
 
 The key-value pair can be set as following:
 
@@ -65,4 +65,4 @@ For this reason an initialitation with a <code>null</code> environment is also v
 <li>Oracle release notes fixing the issue: <a href="https://www.oracle.com/java/technologies/javase/8u91-relnotes.html">Rlease Notes</a>.</li>
 <li>Documentation for <a href="https://docs.oracle.com/javase/10/docs/api/javax/management/remote/rmi/RMIConnectorServer.html#CREDENTIALS_FILTER_PATTERN">CREDENTIALS_FILTER_PATTERN</a></li>
 </references>
-</qhelp>
+</qhelp>