Add change note

Author: owen-mc

java/ql/lib/change-notes/2026-02-12-pattern-annotation-ssrf-sanitizer.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* More ways of checking that a string matches a regular expression are now considered as sanitizers for various queries, including `java/ssrf` and `java/path-injection`. In particular, being annotated with `@javax.validation.constraints.Pattern` is now recognised as a sanitizer for those queries.