github
diff --git a/‎ruby/ql/lib/change-notes/2022-10-21-local-taint-step.md
+4 b/‎ruby/ql/lib/change-notes/2022-10-21-local-taint-step.md
+4
diff --git a/‎ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
+2-2 b/‎ruby/ql/lib/codeql/ruby/dataflow/internal/TaintTrackingPrivate.qll
+2-2
diff --git a/‎ruby/ql/test/library-tests/dataflow/local/TaintflowStep.expected renamed to ‎ruby/ql/test/library-tests/dataflow/local/InlineFlowTest.expected b/‎ruby/ql/test/library-tests/dataflow/local/TaintflowStep.expected renamed to ‎ruby/ql/test/library-tests/dataflow/local/InlineFlowTest.expected
diff --git a/‎ruby/ql/test/library-tests/dataflow/local/TaintflowStep.ql renamed to ‎ruby/ql/test/library-tests/dataflow/local/InlineFlowTest.ql b/‎ruby/ql/test/library-tests/dataflow/local/TaintflowStep.ql renamed to ‎ruby/ql/test/library-tests/dataflow/local/InlineFlowTest.ql
@@ -0,0 +1,4 @@
+---
+ category: minorAnalysis
+---
+ * There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
@@ -115,8 +115,8 @@ private module Cached {
    */
   cached
   predicate localTaintStepCached(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
-    defaultAdditionalTaintStep(nodeFrom, nodeTo)
-    or
+    DataFlow::localFlowStep(nodeFrom, nodeTo) or
+    defaultAdditionalTaintStep(nodeFrom, nodeTo) or
     // Simple flow through library code is included in the exposed local
     // step relation, even though flow is technically inter-procedural
     FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(nodeFrom, nodeTo, _)