Ruby: changenote for rb/csrf-protection-disabled enhancement

alexrford · alexrford · commit 45ed5a806c04 · 2022-01-19T13:41:00.000Z
diff --git a/ruby/ql/src/change-notes/2022-01-19-csrf-protection-weakened.md b/ruby/ql/src/change-notes/2022-01-19-csrf-protection-weakened.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+lgtm,codescanning
+* The query `rb/csrf-protection-disabled` has been extended to find calls to the Rails method `protect_from_forgery` that may weaken CSRF protection.
