From efe898112988e5b9e8addd0c5e7e2f35ef541f7d Mon Sep 17 00:00:00 2001
From: Anders Schack-Mulligen <aschackmull@github.com>
Date: Mon, 27 Jan 2020 11:33:31 +0100
Subject: [PATCH] Java: Add change note for
 java/spring-disabled-csrf-protection.

---
 change-notes/1.24/analysis-java.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/change-notes/1.24/analysis-java.md b/change-notes/1.24/analysis-java.md
index 0e55ae9dc41a..fc1df9f58398 100644
--- a/change-notes/1.24/analysis-java.md
+++ b/change-notes/1.24/analysis-java.md
@@ -10,6 +10,7 @@ The following changes in version 1.24 affect Java analysis in all applications.
 
 | **Query**                   | **Tags**  | **Purpose**                                                        |
 |-----------------------------|-----------|--------------------------------------------------------------------|
+| Disabled Spring CSRF protection (`java/spring-disabled-csrf-protection`) | security, external/cwe/cwe-352 | Finds disabled Cross-Site Request Forgery (CSRF) protection in Spring. |
 | Failure to use HTTPS or SFTP URL in Maven artifact upload/download (`java/maven/non-https-url`) | security, external/cwe/cwe-300, external/cwe/cwe-319, external/cwe/cwe-494, external/cwe/cwe-829 | Finds use of insecure protocols during Maven dependency resolution. Results are shown on LGTM by default. |
 
 ## Changes to existing queries