github
diff --git a/‎change-notes/1.22/analysis-cpp.md‎
Lines changed: 7 additions & 0 deletions b/‎change-notes/1.22/analysis-cpp.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎change-notes/1.22/analysis-csharp.md‎
Lines changed: 7 additions & 0 deletions b/‎change-notes/1.22/analysis-csharp.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎change-notes/1.22/analysis-java.md‎
Lines changed: 15 additions & 1 deletion b/‎change-notes/1.22/analysis-java.md‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎change-notes/1.22/analysis-javascript.md‎
Lines changed: 1 addition & 0 deletions b/‎change-notes/1.22/analysis-javascript.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cpp/ql/src/semmle/code/cpp/exprs/Lambda.qll‎
Lines changed: 4 additions & 4 deletions b/‎cpp/ql/src/semmle/code/cpp/exprs/Lambda.qll‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎cpp/ql/src/semmlecode.cpp.dbscheme‎
Lines changed: 2 additions & 1 deletion b/‎cpp/ql/src/semmlecode.cpp.dbscheme‎
Lines changed: 2 additions & 1 deletion
@@ -30,3 +30,10 @@
 - The `semmle.code.cpp.models` library now models data flow through `std::swap`.
 - There is a new `Variable.isThreadLocal()` predicate. It can be used to tell whether a variable is `thread_local`.
 - Recursion through the `DataFlow` library is now always a compile error. Such recursion has been deprecated since release 1.16. If one `DataFlow::Configuration` needs to depend on the results of another, switch one of them to use one of the `DataFlow2` through `DataFlow4` libraries.
+- The possibility of specifying barrier edges using
+  `isBarrierEdge`/`isSanitizerEdge` in data-flow and taint-tracking
+  configurations has been replaced with the option of specifying in- and
+  out-barriers on nodes by overriding `isBarrierIn`/`isSanitizerIn` and
+  `isBarrierOut`/`isSanitizerOut`. This should be simpler to use effectively,
+  as it does not require knowledge about the actual edges used internally by
+  the library.
@@ -42,5 +42,12 @@
   - The new predicate `TypeParameterConstraints.getAnAnnotatedTypeConstraint()` gets a type constraint with type annotations
 * The new class `SuppressNullableWarningExpr` models suppress-nullable-warning expressions such as `x!`
 * The data-flow library (and taint-tracking library) now supports flow through fields. All existing configurations will have field-flow enabled by default, but it can be disabled by adding `override int fieldFlowBranchLimit() { result = 0 }` to the configuration class. Field assignments, `this.Foo = x`, object initializers, `new C() { Foo = x }`, and field initializers `int Foo = 0` are supported.
+* The possibility of specifying barrier edges using
+  `isBarrierEdge`/`isSanitizerEdge` in data-flow and taint-tracking
+  configurations has been replaced with the option of specifying in- and
+  out-barriers on nodes by overriding `isBarrierIn`/`isSanitizerIn` and
+  `isBarrierOut`/`isSanitizerOut`. This should be simpler to use effectively,
+  as it does not require knowledge about the actual edges used internally by
+  the library.
 
 ## Changes to autobuilder
@@ -16,4 +16,18 @@
   removes false positives that arose from paths through impossible `toString()`
   calls.
 * The library `VCS.qll` and all queries that imported it have been removed.
-* The second copy of the interprocedural `TaintTracking` library has been renamed from `TaintTracking::Configuration2` to `TaintTracking2::Configuration`, and the old name is now deprecated. Import `semmle.code.java.dataflow.TaintTracking2` to access the new name.
+* The second copy of the interprocedural `TaintTracking` library has been
+  renamed from `TaintTracking::Configuration2` to
+  `TaintTracking2::Configuration`, and the old name is now deprecated. Import
+  `semmle.code.java.dataflow.TaintTracking2` to access the new name.
+* The data-flow library now makes it easier to specify barriers/sanitizers
+  arising from guards by overriding the predicate
+  `isBarrierGuard`/`isSanitizerGuard` on data-flow and taint-tracking
+  configurations respectively.
+* The possibility of specifying barrier edges using
+  `isBarrierEdge`/`isSanitizerEdge` in data-flow and taint-tracking
+  configurations has been replaced with the option of specifying in- and
+  out-barriers on nodes by overriding `isBarrierIn`/`isSanitizerIn` and
+  `isBarrierOut`/`isSanitizerOut`. This should be simpler to use effectively,
+  as it does not require knowledge about the actual edges used internally by
+  the library.
@@ -31,6 +31,7 @@
 | Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. |
 | Conflicting HTML element attributes | Fewer results | Results are no longer shown on LGTM by default. |
 | Superfluous trailing arguments | Fewer false-positive results. | This rule no longer flags calls to placeholder functions that trivially throw an exception. |
+| Undocumented parameter | No changes to results | This rule is now run on LGTM, although its results are still not shown by default. |
 
 ## Changes to QL libraries
 
 
@@ -98,12 +98,12 @@ class Closure extends Class {
 /**
  * Information about a value captured as part of a lambda expression.
  */
-class LambdaCapture extends @lambdacapture {
-  string toString() {
+class LambdaCapture extends Locatable, @lambdacapture {
+  override string toString() {
     result = getField().toString()
   }
 
-  string getCanonicalQLClass() { result = "LambdaCapture" }
+  override string getCanonicalQLClass() { result = "LambdaCapture" }
 
   /**
    * Holds if this capture was made implicitly.
@@ -133,7 +133,7 @@ class LambdaCapture extends @lambdacapture {
    * For implicit captures, this is the first location within the "{...}" part of the lambda
    * expression which accesses the captured variable.
    */
-  Location getLocation() {
+  override Location getLocation() {
     lambda_capture(this, _, _, _, _, _, result)
   }
 
 
@@ -1026,7 +1026,8 @@ frienddecls(
          | @namequalifier
          | @specialnamequalifyingelement
          | @static_assert
-         | @type_mention;
+         | @type_mention
+         | @lambdacapture;
 
 @exprparent = @element;