# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
        language: ['java']
        # Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.

            // TODO use kryo.register for security
            // SECURITY WARNING: setRegistrationRequired(false) allows deserialization of arbitrary classes
            // which could potentially lead to remote code execution vulnerabilities.
            // This should be replaced with explicit class registration using kryo.register()
            // for all classes that need to be serialized/deserialized.
            kryo.setRegistrationRequired(false);

     * in the data store plugin directory and extracts component class names.
     *
     * <p>The method uses secure XML parsing features to prevent XXE attacks and
     * other XML-based vulnerabilities. Component class names are extracted from
     * the 'class' attribute of 'component' elements in the XML files.</p>
     *
     * @return sorted list of data store class simple names discovered from plugins
     */

     * <p>
     * WARNING: Use this only when you completely trust the data source and have
     * other security measures in place. Unrestricted deserialization can lead to
     * remote code execution vulnerabilities.
     * </p>
     *
     * @return an ObjectInputFilter that allows all classes
     */
    public static ObjectInputFilter createPermissiveFilter() {

     * </ul>
     *
     * <p><strong>Security Note:</strong> This method MUST be called on all user-supplied
     * input before using it in LDAP search filters to prevent LDAP injection vulnerabilities.
     *
     * @param filter the LDAP search filter to escape (null is treated as empty string)
     * @return the escaped filter string safe for use in LDAP queries (empty string if filter is null)

## Changelog since v1.32.7

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

## Changelog since v1.33.3

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference

## Changelog since v1.31.11

## Important Security Information

This release contains changes that address the following vulnerabilities:

### CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference