From ddd62a56ccaa1eb96b0b552bdca27495956537c9 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Wed, 6 May 2020 14:28:47 +0200
Subject: [PATCH 1/5] C#: Add change note for #3110

---
 change-notes/1.25/analysis-csharp.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/change-notes/1.25/analysis-csharp.md b/change-notes/1.25/analysis-csharp.md
index fe19c1d8b203..b0ed9e337a0c 100644
--- a/change-notes/1.25/analysis-csharp.md
+++ b/change-notes/1.25/analysis-csharp.md
@@ -24,5 +24,28 @@ The following changes in version 1.25 affect C# analysis in all applications.
   have type parameters. This means that non-generic nested types inside construced types,
   such as `A<int>.B`, no longer are considered unbound generics. (Such nested types do,
   however, still have relevant `.getSourceDeclaration()`s, for example `A<>.B`.)
+* The data-flow library has been improved, which affects and improves most security queries. Flow
+  through methods now takes nested field reads/writes into account. For example, the library is
+  able to track flow from `"taint"` to `Sink()` via the method `GetF2F1()` in
+  ```csharp
+  class C1
+  {
+      string F1;
+  }
+
+  class C2
+  {
+      C1 F2;
+  
+
+      string GetF2F1() => this.F2.F1; // Nested field read
+
+      void M()
+      {
+          this.F2 = new C1() { F1 = "taint" };
+          Sink(this.GetF2F1()); // NEW: "taint" reaches here
+      }
+  }
+  ```
 
 ## Changes to autobuilder

From f19b1045d634710a89992e99b600bf401de43aba Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Wed, 6 May 2020 15:52:49 +0200
Subject: [PATCH 2/5] Java: Add change note

---
 change-notes/1.25/analysis-java.md | 40 ++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 change-notes/1.25/analysis-java.md

diff --git a/change-notes/1.25/analysis-java.md b/change-notes/1.25/analysis-java.md
new file mode 100644
index 000000000000..899b044515ab
--- /dev/null
+++ b/change-notes/1.25/analysis-java.md
@@ -0,0 +1,40 @@
+# Improvements to Java analysis
+
+The following changes in version 1.25 affect Java analysis in all applications.
+
+## General improvements
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+
+
+## Changes to existing queries
+
+| **Query**                    | **Expected impact**    | **Change**                        |
+|------------------------------|------------------------|-----------------------------------|
+
+
+## Changes to libraries
+
+* The data-flow library has been improved, which affects and improves most security queries. Flow
+  through methods now takes nested field reads/writes into account. For example, the library is
+  able to track flow from `"taint"` to `sink()` via the method `getF2F1()` in
+  ```java
+  class C1 {
+    String f1;
+    C1(String f1) { this.f1 = f1; }
+  }
+
+  class C2 {
+    C1 f2;
+    String getF2F1() {
+        return this.f2.f1; // Nested field read
+    }
+    void m() {
+        this.f2 = new C1("taint");
+        sink(this.getF2F1()); // NEW: "taint" reaches here
+    }
+  }
+  ```

From 0b85f3fed44bea992b653e252f1cd85e424a5de2 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Thu, 7 May 2020 15:58:46 +0200
Subject: [PATCH 3/5] Address review comments

---
 change-notes/1.25/analysis-csharp.md | 14 +++++++-------
 change-notes/1.25/analysis-java.md   |  7 ++++---
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/change-notes/1.25/analysis-csharp.md b/change-notes/1.25/analysis-csharp.md
index b0ed9e337a0c..2b220b93757a 100644
--- a/change-notes/1.25/analysis-csharp.md
+++ b/change-notes/1.25/analysis-csharp.md
@@ -24,9 +24,10 @@ The following changes in version 1.25 affect C# analysis in all applications.
   have type parameters. This means that non-generic nested types inside construced types,
   such as `A<int>.B`, no longer are considered unbound generics. (Such nested types do,
   however, still have relevant `.getSourceDeclaration()`s, for example `A<>.B`.)
-* The data-flow library has been improved, which affects and improves most security queries. Flow
-  through methods now takes nested field reads/writes into account. For example, the library is
-  able to track flow from `"taint"` to `Sink()` via the method `GetF2F1()` in
+* The data-flow library has been improved, which affects most security queries by potentially
+  adding more results. Flow through methods now takes nested field reads/writes into account.
+  For example, the library is able to track flow from `"taint"` to `Sink()` via the method
+  `GetF2F1()` in
   ```csharp
   class C1
   {
@@ -37,13 +38,12 @@ The following changes in version 1.25 affect C# analysis in all applications.
   {
       C1 F2;
   
-
-      string GetF2F1() => this.F2.F1; // Nested field read
+      string GetF2F1() => F2.F1; // Nested field read
 
       void M()
       {
-          this.F2 = new C1() { F1 = "taint" };
-          Sink(this.GetF2F1()); // NEW: "taint" reaches here
+          F2 = new C1() { F1 = "taint" };
+          Sink(GetF2F1()); // NEW: "taint" reaches here
       }
   }
   ```
diff --git a/change-notes/1.25/analysis-java.md b/change-notes/1.25/analysis-java.md
index 899b044515ab..7cdd9e491a2b 100644
--- a/change-notes/1.25/analysis-java.md
+++ b/change-notes/1.25/analysis-java.md
@@ -18,9 +18,10 @@ The following changes in version 1.25 affect Java analysis in all applications.
 
 ## Changes to libraries
 
-* The data-flow library has been improved, which affects and improves most security queries. Flow
-  through methods now takes nested field reads/writes into account. For example, the library is
-  able to track flow from `"taint"` to `sink()` via the method `getF2F1()` in
+* The data-flow library has been improved, which affects most security queries by potentially
+  adding more results. Flow through methods now takes nested field reads/writes into account.
+  For example, the library is able to track flow from `"taint"` to `sink()` via the method
+  `getF2F1()` in
   ```java
   class C1 {
     String f1;

From 948c2f7f7e6f7dca7b64cb110c16886a8d813934 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Thu, 7 May 2020 16:01:55 +0200
Subject: [PATCH 4/5] C++: Add change note

---
 change-notes/1.25/analysis-cpp.md | 41 +++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 change-notes/1.25/analysis-cpp.md

diff --git a/change-notes/1.25/analysis-cpp.md b/change-notes/1.25/analysis-cpp.md
new file mode 100644
index 000000000000..908dc3280c8e
--- /dev/null
+++ b/change-notes/1.25/analysis-cpp.md
@@ -0,0 +1,41 @@
+# Improvements to C/C++ analysis
+
+The following changes in version 1.25 affect C/C++ analysis in all applications.
+
+## General improvements
+
+## New queries
+
+| **Query**                   | **Tags**  | **Purpose**                                                        |
+|-----------------------------|-----------|--------------------------------------------------------------------|
+
+## Changes to existing queries
+
+| **Query**                  | **Expected impact**    | **Change**                                                       |
+|----------------------------|------------------------|------------------------------------------------------------------|
+
+## Changes to libraries
+
+* The data-flow library has been improved, which affects most security queries by potentially
+  adding more results. Flow through functions now takes nested field reads/writes into account.
+  For example, the library is able to track flow from `"taint"` to `sink()` via the method
+  `getf2f1()` in
+  ```c
+  struct C {
+      int f1;
+  };
+
+  struct C2
+  {
+    C f2;
+
+      int getf2f1() {
+          return f2.f1; // Nested field read
+      }
+
+      void m() {
+          f2.f1 = taint();
+          sink(getf2f1()); // NEW: "taint" reaches here
+      }
+  };
+  ```
\ No newline at end of file

From c837ab7d1a21ed2eeb066f931f2bbf1b194d1114 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Mon, 11 May 2020 11:42:50 +0200
Subject: [PATCH 5/5] Apply suggestions from code review

Co-authored-by: Jonas Jensen <jbj@github.com>
---
 change-notes/1.25/analysis-cpp.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/change-notes/1.25/analysis-cpp.md b/change-notes/1.25/analysis-cpp.md
index 908dc3280c8e..d282441b0925 100644
--- a/change-notes/1.25/analysis-cpp.md
+++ b/change-notes/1.25/analysis-cpp.md
@@ -18,7 +18,7 @@ The following changes in version 1.25 affect C/C++ analysis in all applications.
 
 * The data-flow library has been improved, which affects most security queries by potentially
   adding more results. Flow through functions now takes nested field reads/writes into account.
-  For example, the library is able to track flow from `"taint"` to `sink()` via the method
+  For example, the library is able to track flow from `taint()` to `sink()` via the method
   `getf2f1()` in
   ```c
   struct C {
@@ -27,7 +27,7 @@ The following changes in version 1.25 affect C/C++ analysis in all applications.
 
   struct C2
   {
-    C f2;
+      C f2;
 
       int getf2f1() {
           return f2.f1; // Nested field read
@@ -35,7 +35,7 @@ The following changes in version 1.25 affect C/C++ analysis in all applications.
 
       void m() {
           f2.f1 = taint();
-          sink(getf2f1()); // NEW: "taint" reaches here
+          sink(getf2f1()); // NEW: taint() reaches here
       }
   };
-  ```
\ No newline at end of file
+  ```