From 2d7646640510b6e6c3545353697eaf34f6147f0b Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Tue, 28 Jan 2025 11:52:54 +0000
Subject: [PATCH] Add change note

---
 .../src/change-notes/2025-01-28-fix-xss-content-type-safe.md  | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md

diff --git a/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md b/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
new file mode 100644
index 000000000000..4e5692375b2a
--- /dev/null
+++ b/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.