Fixes for CWE-Bench-Java

.github/workflows/CI_pipeline.yml

@@ -143,7 +143,7 @@ jobs:
 
           case "$CURRENT_JAVA_VERSION" in
             "8")
-              JAVA_HOME_TO_USE="/opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/8.0.482-8/x64"
+              JAVA_HOME_TO_USE="/opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/8.0.492-9/x64"
               ;;
             "11")
               JAVA_HOME_TO_USE="/opt/hostedtoolcache/Java_Temurin-Hotspot_jdk/11.0.23-9/x64"

README.md

@@ -10,6 +10,7 @@
 ⚠️ Code and data for the [ICLR 2025 Paper](https://arxiv.org/pdf/2405.17238) can be found in the v1 branch, license and citation below.
 
 ## 📰 News
+* **[Jun. 23, 2026]**: Updated missing fix information for the expansion of CWE-Bench-Java.
 * **[Nov. 29, 2025]**: Added a dataset with manually extracted source and sinks for the vulnerabilities in CodeQL format for 50 CVEs.
 * **[Nov. 24, 2025]**: Updated queries to version 1.8.1 to work with CodeQL 2.23.2.
 * **[Nov. 24, 2025]**: Updated the Docker integration in the main IRIS pipeline so that the container images include the project dependencies. The updated images can be found in [IRIS Docker Hub](https://hub.docker.com/r/irissast/cwe-bench-java-containers-v2). The instructions to use the Docker integration can be found in the [**Using Docker containers with IRIS**](#using-docker-containers-with-iris) section below. 

data/contributing.md

@@ -0,0 +1,26 @@
+# Contributing to CWE-Bench-Java
+
+Projects in CWE-Bench-Java follow a strict framework in how they are recorded. All projects should be logged in `project_info.csv`, `build_info.csv`, and `fix_info.csv`. Details on how each should be formatted are below.
+
+---
+
+## `project_info.csv`
+
+All fields must be filled out. 
+
+* The `project_slug` consists of: `[github_username]__[github_repository_name]_[cve_id]_[github_tag]`. 
+* If there are multiple fix commits, separate them via **semicolons** (`;`). 
+* If the commit exists in multiple branches, choose the branch closest to `main`.
+
+## `build_info.csv`
+
+Please include a single tested build configuration for each project. Do not include the project if it cannot be built using one of the included systems (Maven, Gradle, or Gradle Wrapper).
+
+## `fix_info.csv`
+
+Each row in this file represents a **single changed method**. Include every method for a project that fits the following criteria: 
+
+1.  An existing method is changed (a method is not purely added or removed). 
+2.  The method is related to the patch. 
+
+> **Note:** If a project has no such methods, do not include it. Line numbers should align with the fixed version, including whitespace and closing brackets.