## 0.3.2

### New Queries

* A new query "Android `WebView` that accepts all certificates" (`java/improper-webview-certificate-validation`) has been added. This query finds implementations of `WebViewClient`s that accept all certificates in the case of an SSL error.

### Major Analysis Improvements

* The query `java/sensitive-log` has been improved to no longer report results that are effectively duplicates due to one source flowing to another source.

### Minor Analysis Improvements

* The query `java/path-injection` now recognises vulnerable APIs defined using the `SinkModelCsv` class with the `create-file` type. Out of the box this includes Apache Commons-IO functions, as well as any user-defined sinks.