hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.23.1

Browse Source
This commit is contained in:
github-actions[bot]
2025-09-16 14:14:42 +00:00
parent 7670a2bd77
commit 02a1b1efcb
182 changed files with 500 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,18 @@
## 7.7.0
### New Features
* The Java extractor and QL libraries now support Java 25.
* Added support for Java 25 compact source files (JEP 512). The new predicate `Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate `CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.
* Added support for Java 25 module import declarations.
* Add `ModuleImportDeclaration` class.
### Minor Analysis Improvements
* Improved support for various assertion libraries, in particular JUnit. This affects the control-flow graph slightly, and in turn affects several queries (mainly quality queries). Most queries should see improved precision (new true positives and fewer false positives), in particular `java/constant-comparison`, `java/index-out-of-bounds`, `java/dereferenced-value-may-be-null`, and `java/useless-null-check`. Some medium precision queries like `java/toctou-race-condition` and `java/unreleased-lock` may see mixed result changes (both slight improvements and slight regressions).
* Added taint flow model for `java.crypto.KDF`.
* Added taint flow model for `java.lang.ScopedValue`.
## 7.6.1
No user-facing changes.

5
java/ql/lib/change-notes/2025-07-21-module-import-declarations.md
View File

@@ -1,5 +0,0 @@
---
category: feature
---
* Added support for Java 25 module import declarations.
* Add `ModuleImportDeclaration` class.

4
java/ql/lib/change-notes/2025-07-23-compact-source-files.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* Added support for Java 25 compact source files (JEP 512). The new predicate `Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate `CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.

4
java/ql/lib/change-notes/2025-09-02-kdf-api.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added taint flow model for `java.crypto.KDF`.

4
java/ql/lib/change-notes/2025-09-02-scoped-values.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added taint flow model for `java.lang.ScopedValue`.

4
java/ql/lib/change-notes/2025-09-11-assertions-cfg.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Improved support for various assertion libraries, in particular JUnit. This affects the control-flow graph slightly, and in turn affects several queries (mainly quality queries). Most queries should see improved precision (new true positives and fewer false positives), in particular `java/constant-comparison`, `java/index-out-of-bounds`, `java/dereferenced-value-may-be-null`, and `java/useless-null-check`. Some medium precision queries like `java/toctou-race-condition` and `java/unreleased-lock` may see mixed result changes (both slight improvements and slight regressions).

4
java/ql/lib/change-notes/2025-09-11-support-java-25.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* The Java extractor and QL libraries now support Java 25.

14
java/ql/lib/change-notes/released/7.7.0.md Normal file
View File

@@ -0,0 +1,14 @@
## 7.7.0
### New Features
* The Java extractor and QL libraries now support Java 25.
* Added support for Java 25 compact source files (JEP 512). The new predicate `Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate `CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.
* Added support for Java 25 module import declarations.
* Add `ModuleImportDeclaration` class.
### Minor Analysis Improvements
* Improved support for various assertion libraries, in particular JUnit. This affects the control-flow graph slightly, and in turn affects several queries (mainly quality queries). Most queries should see improved precision (new true positives and fewer false positives), in particular `java/constant-comparison`, `java/index-out-of-bounds`, `java/dereferenced-value-may-be-null`, and `java/useless-null-check`. Some medium precision queries like `java/toctou-race-condition` and `java/unreleased-lock` may see mixed result changes (both slight improvements and slight regressions).
* Added taint flow model for `java.crypto.KDF`.
* Added taint flow model for `java.lang.ScopedValue`.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.6.1
lastReleaseVersion: 7.7.0

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 7.6.2-dev
version: 7.7.0
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

10
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,13 @@
## 1.8.0
### Major Analysis Improvements
* The implementation of `java/dereferenced-value-may-be-null` has been completely replaced with a new general control-flow reachability library. This improves precision by reducing false positives. However, since the entire calculation has been reworked, there can be small corner cases where precision regressions might occur and new false positives may occur, but these cases should be rare.
### Bug Fixes
* The message for `java/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
## 1.7.0
### New Queries

4
java/ql/src/change-notes/2025-09-04-database-diagnostics.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* The message for `java/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.

11
java/ql/src/change-notes/2025-09-15-nullness-reimp.md → java/ql/src/change-notes/released/1.8.0.md
View File

@@ -1,4 +1,9 @@
---
category: majorAnalysis
---
## 1.8.0
### Major Analysis Improvements
* The implementation of `java/dereferenced-value-may-be-null` has been completely replaced with a new general control-flow reachability library. This improves precision by reducing false positives. However, since the entire calculation has been reworked, there can be small corner cases where precision regressions might occur and new false positives may occur, but these cases should be rare.
### Bug Fixes
* The message for `java/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.0
lastReleaseVersion: 1.8.0

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.7.1-dev
version: 1.8.0
groups:
- java
- queries