add change note for new Insecure Bean Validation query

pwntester · pwntester · commit 11e57bd2f854 · 2020-10-27T16:11:51.000+01:00
diff --git a/java/change-notes/2020-10-27-insecure-bean-validation.md b/java/change-notes/2020-10-27-insecure-bean-validation.md
@@ -0,0 +1,6 @@
+lgtm,codescanning
+* New query "Insecure Bean Validation" (java/insecure-bean-validation) added. This query 
+  finds Server-Side Template Injections caused by untrusted data flowing from a Bean 
+  property being validated into a custom constraint violation error message. This 
+  vulnerability leads to arbitrary code execution.
+
diff --git a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
@@ -1,10 +1,10 @@
 /**
- * @name Insecure Bean validation
+ * @name Insecure Bean Validation
  * @description User-controlled data may be evaluated as a Java EL expressions, leading to arbitrary code execution.
  * @kind path-problem
  * @problem.severity error
  * @precision high
- * @id java/unsafe-eval
+ * @id java/insecure-bean-validation
  * @tags security
  *       external/cwe/cwe-094
  */
