Add change note

owen-mc · owen-mc · commit d8d003313660 · 2025-03-18T15:02:29.000Z
diff --git a/go/ql/lib/change-notes/2025-03-18-loggercall-type-format-specifier.md b/go/ql/lib/change-notes/2025-03-18-loggercall-type-format-specifier.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `LoggerCall::getAMessageComponent` no longer returns arguments to logger calls which correspond to the verb `%T` in a format specifier. This will remove false positives in "Log entries created from user input" (`go/log-injection`) and "Clear-text logging of sensitive information" (`go/clear-text-logging`), and it may lead to more results in "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`).
