## 0.4.0 ### New Queries * The query "Server-side template injection" (`java/server-side-template-injection`) has been promoted from experimental to the main query pack. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/5935). * Added a new query, `java/android/backup-enabled`, to detect if Android applications allow backups. ### Query Metadata Changes * Removed the `@security-severity` tag from several queries not in the `Security/` folder that also had missing `security` tags. ### Minor Analysis Improvements * The Java extractor now populates the `Method` relating to a `MethodAccess` consistently for calls using an explicit and implicit `this` qualifier. Previously if the method `foo` was inherited from a specialised generic type `ParentType`, then an explicit call `this.foo()` would yield a `MethodAccess` whose `getMethod()` accessor returned the bound method `ParentType.foo`, whereas an implicitly-qualified `foo()` `MethodAccess`'s `getMethod()` would return the unbound method `ParentType.foo`. Now both scenarios produce a bound method. This means that all data-flow queries may return more results where a relevant path transits a call to such an implicitly-qualified call to a member method with a bound generic type, while queries that inspect the result of `MethodAccess.getMethod()` may need to tolerate bound generic methods in more circumstances. The queries `java/iterator-remove-failure`, `java/non-static-nested-class`, `java/internal-representation-exposure`, `java/subtle-inherited-call` and `java/deprecated-call` have been amended to properly handle calls to bound generic methods, and in some instances may now produce more results in the explicit-`this` case as well. * Added taint model for arguments of `java.net.URI` constructors to the queries `java/path-injection` and `java/path-injection-local`. * Added new sinks related to Android's `AlarmManager` to the query `java/android/implicit-pendingintents`. * The alert message of many queries have been changed to make the message consistent with other languages.