Merge pull request #15769 from github/coadaflorin/changelog-2.16.3-updates

coadaflorin · web-flow · commit 1719fd8acb2e · 2024-03-01T10:57:02.000Z
Match changelog updates with public unified changelog
diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md
@@ -15,7 +15,7 @@
 ### Minor Analysis Improvements
 
 * The sanitizer for the path injection queries has been improved to handle more cases where `equals` is used to check an exact path match.
-* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs the destination of which cannot be externally controlled will not be reported anymore.
+* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs where the destination cannot be controlled externally are no longer reported.
 
 ## 0.8.8
 
diff --git a/java/ql/src/change-notes/released/0.8.9.md b/java/ql/src/change-notes/released/0.8.9.md
@@ -15,4 +15,4 @@
 ### Minor Analysis Improvements
 
 * The sanitizer for the path injection queries has been improved to handle more cases where `equals` is used to check an exact path match.
-* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs the destination of which cannot be externally controlled will not be reported anymore.
+* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs where the destination cannot be controlled externally are no longer reported.
