- Added a new query,
java/android/webview-debugging-enabled, to detect instances of WebView debugging being enabled in production builds.
- The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
PathSanitizer.qllhas been promoted from experimental to the main query pack. This sanitizer was originally submitted as part of an experimental query by @luchua-bc.- The queries
java/path-injection,java/path-injection-localandjava/zipslipnow use the sanitizers provided byPathSanitizer.qll.