From 7d0e1f00cc896830a7408fcc2578d88f793f74dd Mon Sep 17 00:00:00 2001
From: Andreas Dangel <andreas.dangel@pmd-code.org>
Date: Sat, 9 Sep 2023 12:11:19 +0200
Subject: [PATCH] [doc] Update release notes (#4649, #4646)

---
 docs/pages/release_notes.md                               | 6 ++++++
 .../pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/pages/release_notes.md b/docs/pages/release_notes.md
index 9532f360fb..dc87b8a57f 100644
--- a/docs/pages/release_notes.md
+++ b/docs/pages/release_notes.md
@@ -47,6 +47,8 @@ The remaining section describes the complete release notes for 7.0.0.
   * [#4621](https://github.com/pmd/pmd/issues/4621): \[core] Make `ClasspathClassLoader::getResource` child first
 * apex-design
   * [#4596](https://github.com/pmd/pmd/issues/4596): \[apex] ExcessivePublicCount ignores properties
+* apex-security
+  * [#4646](https://github.com/pmd/pmd/issues/4646): \[apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types
 * java
   * [#4401](https://github.com/pmd/pmd/issues/4401): \[java] PMD 7 fails to build under Java 19
 * java-bestpractices
@@ -57,6 +59,7 @@ The remaining section describes the complete release notes for 7.0.0.
 #### External Contributions
 * [#4528](https://github.com/pmd/pmd/pull/4528): \[apex] Update to apexlink - [Kevin Jones](https://github.com/nawforce) (@nawforce)
 * [#4637](https://github.com/pmd/pmd/pull/4637): \[java] fix #4634 - JUnit4TestShouldUseTestAnnotation false positive with TestNG - [Krystian Dabrowski](https://github.com/krdabrowski) (@krdabrowski)
+* [#4649](https://github.com/pmd/pmd/pull/4649): \[apex] Add SObjectType and SObjectField to list of injectable SOQL variable types - [Richard Corfield](https://github.com/rcorfieldffdc) (@rcorfieldffdc)
 
 ### 🚀 Major Features and Enhancements
 
@@ -411,6 +414,8 @@ Language specific fixes:
     * [#2667](https://github.com/pmd/pmd/issues/2667): \[apex] Integrate nawforce/ApexLink to build robust Unused rule
     * [#4509](https://github.com/pmd/pmd/issues/4509): \[apex] ExcessivePublicCount doesn't consider inner classes correctly
     * [#4596](https://github.com/pmd/pmd/issues/4596): \[apex] ExcessivePublicCount ignores properties
+* apex-security
+    * [#4646](https://github.com/pmd/pmd/issues/4646): \[apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types
 * java
     * [#520](https://github.com/pmd/pmd/issues/520):   \[java] Allow `@SuppressWarnings` with constants instead of literals
     * [#864](https://github.com/pmd/pmd/issues/864):   \[java] Similar/duplicated implementations for determining FQCN
@@ -617,6 +622,7 @@ Language specific fixes:
 * [#4542](https://github.com/pmd/pmd/pull/4542): \[java] Fix #4510: A false positive about ConstructorCallsOverridableMethod and @<!-- -->Value - [AnnaDev](https://github.com/LynnBroe) (@LynnBroe)
 * [#4553](https://github.com/pmd/pmd/pull/4553): \[java] Fix #4492: GuardLogStatement gives false positive when argument is a Java method reference - [Anastasiia Koba](https://github.com/anastasiia-koba) (@anastasiia-koba)
 * [#4637](https://github.com/pmd/pmd/pull/4637): \[java] fix #4634 - JUnit4TestShouldUseTestAnnotation false positive with TestNG - [Krystian Dabrowski](https://github.com/krdabrowski) (@krdabrowski)
+* [#4649](https://github.com/pmd/pmd/pull/4649): \[apex] Add SObjectType and SObjectField to list of injectable SOQL variable types - [Richard Corfield](https://github.com/rcorfieldffdc) (@rcorfieldffdc)
 
 ### 📈 Stats
 * 4694 commits
diff --git a/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml b/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml
index a740f9e6cc..1b1055f776 100644
--- a/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml
+++ b/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml
@@ -63,7 +63,7 @@ public class Foo {
     </test-code>
 
     <test-code>
-        <description>SObjectType and Field as parameters are safe to use in SOQL query string building</description>
+        <description>SObjectType and Field as parameters are safe to use in SOQL query string building #4646</description>
         <expected-problems>0</expected-problems>
         <code><![CDATA[
 public with sharing class Foo {
@@ -76,7 +76,7 @@ public with sharing class Foo {
     </test-code>
 
     <test-code>
-        <description>SObjectType and Field as variables are safe to use in SOQL query string building</description>
+        <description>SObjectType and Field as variables are safe to use in SOQL query string building #4646</description>
         <expected-problems>0</expected-problems>
         <code><![CDATA[
 public with sharing class Foo {
@@ -91,7 +91,7 @@ public with sharing class Foo {
     </test-code>
 
     <test-code>
-        <description>Schema.SObjectType and Field as parameters are safe to use in SOQL query string building</description>
+        <description>Schema.SObjectType and Field as parameters are safe to use in SOQL query string building #4646</description>
         <expected-problems>0</expected-problems>
         <code><![CDATA[
 public with sharing class Foo {
@@ -104,7 +104,7 @@ public with sharing class Foo {
     </test-code>
 
     <test-code>
-        <description>Schema.SObjectType and Field as variables are safe to use in SOQL query string building</description>
+        <description>Schema.SObjectType and Field as variables are safe to use in SOQL query string building #4646</description>
         <expected-problems>0</expected-problems>
         <code><![CDATA[
 public with sharing class Foo {