- New models have been added for
org.apache.commons.lang. - The query
java/unsafe-deserializationhas been updated to take into accountSerialKiller, a library used to prevent deserialization of arbitrary classes.
- The query "Arbitrary file write during archive extraction ("Zip Slip")" (
java/zipslip) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."