Ruby: rack - Rack::Response changenote

alexrford · alexrford · commit 2b0b2855e1e9 · 2023-07-05T15:15:34.000+01:00
diff --git a/ruby/ql/lib/change-notes/2023-07-05-rack-response.md b/ruby/ql/lib/change-notes/2023-07-05-rack-response.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
+* Calls to `Rack::Utils.parse_query` now propagate taint.
