Release preparation for version 2.23.0

2025-12-16 08:43:11 +01:00 · 2025-09-02 11:09:32 +00:00
parent 7ae5d405fc
commit 0bfa93828b
185 changed files with 473 additions and 184 deletions
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.16
+
+No user-facing changes.
+
 ## 0.4.15

 No user-facing changes.
--- a/actions/ql/lib/change-notes/released/0.4.16.md
+++ b/actions/ql/lib/change-notes/released/0.4.16.md
@@ -0,0 +1,3 @@
+## 0.4.16
+
+No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.15
+lastReleaseVersion: 0.4.16
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.16-dev
+version: 0.4.16
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.6.8
+
+No user-facing changes.
+
 ## 0.6.7

 No user-facing changes.
--- a/actions/ql/src/change-notes/released/0.6.8.md
+++ b/actions/ql/src/change-notes/released/0.6.8.md
@@ -0,0 +1,3 @@
+## 0.6.8
+
+No user-facing changes.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.7
+lastReleaseVersion: 0.6.8
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.8-dev
+version: 0.6.8
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 5.5.0
+
+### New Features
+
+* Added a new class `PchFile` representing precompiled header (PCH) files used during project compilation.
+
+### Minor Analysis Improvements
+
+* Added flow summaries for the `Microsoft::WRL::ComPtr` member functions.
+* The new dataflow/taint-tracking library (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now resolves virtual function calls more precisely. This results in fewer false positives when running dataflow/taint-tracking queries on C++ projects.
+
 ## 5.4.1

 ### Minor Analysis Improvements
--- a/cpp/ql/lib/change-notes/2025-08-19-virtual-dispatch.md
+++ b/cpp/ql/lib/change-notes/2025-08-19-virtual-dispatch.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The new dataflow/taint-tracking library (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now resolves virtual function calls more precisely. This results in fewer false positives when running dataflow/taint-tracking queries on C++ projects.
--- a/cpp/ql/lib/change-notes/2025-08-27-pch.md
+++ b/cpp/ql/lib/change-notes/2025-08-27-pch.md
@@ -1,5 +0,0 @@
---
-category: feature
---
-* Added a new class `PchFile` representing precompiled header (PCH) files used during project compilation.
-
--- a/cpp/ql/lib/change-notes/2025-08-28-comptr.md
+++ b/cpp/ql/lib/change-notes/2025-08-28-comptr.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added flow summaries for the `Microsoft::WRL::ComPtr` member functions.
--- a/cpp/ql/lib/change-notes/released/5.5.0.md
+++ b/cpp/ql/lib/change-notes/released/5.5.0.md
@@ -0,0 +1,10 @@
+## 5.5.0
+
+### New Features
+
+* Added a new class `PchFile` representing precompiled header (PCH) files used during project compilation.
+
+### Minor Analysis Improvements
+
+* Added flow summaries for the `Microsoft::WRL::ComPtr` member functions.
+* The new dataflow/taint-tracking library (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now resolves virtual function calls more precisely. This results in fewer false positives when running dataflow/taint-tracking queries on C++ projects.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.4.1
+lastReleaseVersion: 5.5.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 5.4.2-dev
+version: 5.5.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.4.7
+
+### Bug Fixes
+
+* Fixed an inconsistency across languages where most have a `Customizations.qll` file for adding customizations, but not all did.
+
 ## 1.4.6

 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/2025-08-20-add-customizations.md
+++ b/cpp/ql/src/change-notes/2025-08-20-add-customizations.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* Fixed an inconsistency across languages where most have a `Customizations.qll` file for adding customizations, but not all did.
--- a/swift/ql/src/change-notes/2025-08-20-add-customizations.md
+++ b/swift/ql/src/change-notes/2025-08-20-add-customizations.md
@@ -1,4 +1,5 @@
---
-category: fix
---
-* Fixed an inconsistency across languages where most have a `Customizations.qll` file for adding customizations, but not all did.
+## 1.4.7
+
+### Bug Fixes
+
+* Fixed an inconsistency across languages where most have a `Customizations.qll` file for adding customizations, but not all did.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.6
+lastReleaseVersion: 1.4.7
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.7-dev
+version: 1.4.7
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.47
+
+No user-facing changes.
+
 ## 1.7.46

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.47.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.47.md
@@ -0,0 +1,3 @@
+## 1.7.47
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.46
+lastReleaseVersion: 1.7.47
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.47-dev
+version: 1.7.47
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.47
+
+No user-facing changes.
+
 ## 1.7.46

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.47.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.47.md
@@ -0,0 +1,3 @@
+## 1.7.47
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.46
+lastReleaseVersion: 1.7.47
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.47-dev
+version: 1.7.47
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,12 @@
+## 5.2.3
+
+### Minor Analysis Improvements
+
+* A bug has been fixed in the data flow analysis, which means that flow through calls using the `base` qualifier may now be tracked more accurately.
+* Added summary models for `System.Xml.XmlReader`, `System.Xml.XmlTextReader` and `System.Xml.XmlDictionaryReader`.
+* Models-as-data summaries for byte and char arrays and pointers now treat the entire collection as tainted, reflecting their common use as string alternatives.
+* The default taint tracking configuration now allows implicit reads from collections at sinks and in additional flow steps. This increases flow coverage for many taint tracking queries and helps reduce false negatives.
+
 ## 5.2.2

 No user-facing changes.
--- a/csharp/ql/lib/change-notes/2025-08-18-byte-char-bulk-types.md
+++ b/csharp/ql/lib/change-notes/2025-08-18-byte-char-bulk-types.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Models-as-data summaries for byte and char arrays and pointers now treat the entire collection as tainted, reflecting their common use as string alternatives.
--- a/csharp/ql/lib/change-notes/2025-08-18-implicit-reads-at-sinks.md
+++ b/csharp/ql/lib/change-notes/2025-08-18-implicit-reads-at-sinks.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The default taint tracking configuration now allows implicit reads from collections at sinks and in additional flow steps. This increases flow coverage for many taint tracking queries and helps reduce false negatives.
--- a/csharp/ql/lib/change-notes/2025-08-26-xmlreader-models.md
+++ b/csharp/ql/lib/change-notes/2025-08-26-xmlreader-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added summary models for `System.Xml.XmlReader`, `System.Xml.XmlTextReader` and `System.Xml.XmlDictionaryReader`.
--- a/csharp/ql/lib/change-notes/2025-08-29-base-qualifier-dispatch.md
+++ b/csharp/ql/lib/change-notes/2025-08-29-base-qualifier-dispatch.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* A bug has been fixed in the data flow analysis, which means that flow through calls using the `base` qualifier may now be tracked more accurately.
--- a/csharp/ql/lib/change-notes/released/5.2.3.md
+++ b/csharp/ql/lib/change-notes/released/5.2.3.md
@@ -0,0 +1,8 @@
+## 5.2.3
+
+### Minor Analysis Improvements
+
+* A bug has been fixed in the data flow analysis, which means that flow through calls using the `base` qualifier may now be tracked more accurately.
+* Added summary models for `System.Xml.XmlReader`, `System.Xml.XmlTextReader` and `System.Xml.XmlDictionaryReader`.
+* Models-as-data summaries for byte and char arrays and pointers now treat the entire collection as tainted, reflecting their common use as string alternatives.
+* The default taint tracking configuration now allows implicit reads from collections at sinks and in additional flow steps. This increases flow coverage for many taint tracking queries and helps reduce false negatives.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.2.2
+lastReleaseVersion: 5.2.3
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.2.3-dev
+version: 5.2.3
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.3.4
+
+No user-facing changes.
+
 ## 1.3.3

 No user-facing changes.
--- a/csharp/ql/src/change-notes/released/1.3.4.md
+++ b/csharp/ql/src/change-notes/released/1.3.4.md
@@ -0,0 +1,3 @@
+## 1.3.4
+
+No user-facing changes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.3
+lastReleaseVersion: 1.3.4
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.3.4-dev
+version: 1.3.4
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.30
+
+No user-facing changes.
+
 ## 1.0.29

 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.30.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.30.md
@@ -0,0 +1,3 @@
+## 1.0.30
+
+No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.29
+lastReleaseVersion: 1.0.30
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.30-dev
+version: 1.0.30
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.3.3
+
+No user-facing changes.
+
 ## 4.3.2

 No user-facing changes.
--- a/go/ql/lib/change-notes/released/4.3.3.md
+++ b/go/ql/lib/change-notes/released/4.3.3.md
@@ -0,0 +1,3 @@
+## 4.3.3
+
+No user-facing changes.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.3.2
+lastReleaseVersion: 4.3.3
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.3.3-dev
+version: 4.3.3
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.4.4
+
+No user-facing changes.
+
 ## 1.4.3

 No user-facing changes.
--- a/go/ql/src/change-notes/released/1.4.4.md
+++ b/go/ql/src/change-notes/released/1.4.4.md
@@ -0,0 +1,3 @@
+## 1.4.4
+
+No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.3
+lastReleaseVersion: 1.4.4
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.4.4-dev
+version: 1.4.4
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 7.6.1
+
+No user-facing changes.
+
 ## 7.6.0

 ### Major Analysis Improvements
--- a/java/ql/lib/change-notes/released/7.6.1.md
+++ b/java/ql/lib/change-notes/released/7.6.1.md
@@ -0,0 +1,3 @@
+## 7.6.1
+
+No user-facing changes.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.6.0
+lastReleaseVersion: 7.6.1
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.6.1-dev
+version: 7.6.1
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,19 @@
+## 1.7.0
+
+### New Queries
+
+* The query `java/insecure-spring-actuator-config` has been promoted from experimental to the main query pack as `java/spring-boot-exposed-actuators-config`. Its results will now appear by default. This query detects exposure of Spring Boot actuators through configuration files. It was originally submitted as an experimental query [by @luchua-bc](https://github.com/github/codeql/pull/5384).
+
+### Query Metadata Changes
+
+* The tag `maintainability` has been removed from `java/run-finalizers-on-exit` and the tags `quality`, `correctness`, and `performance` have been added.
+* The tag `maintainability` has been removed from `java/garbage-collection` and the tags `quality` and `correctness` have been added.
+
+### Minor Analysis Improvements
+
+* Fixed a bug that was causing false negatives in rare cases in the query `java/dereferenced-value-may-be-null`.
+* Removed the `java/empty-statement` query that was subsumed by the `java/empty-block` query.
+
 ## 1.6.3

 No user-facing changes.
--- a/java/ql/src/change-notes/2024-10-03-remove-java-query.md
+++ b/java/ql/src/change-notes/2024-10-03-remove-java-query.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Removed the `java/empty-statement` query that was subsumed by the `java/empty-block` query.
--- a/java/ql/src/change-notes/2025-07-17-spring-actuators-config-promo.md
+++ b/java/ql/src/change-notes/2025-07-17-spring-actuators-config-promo.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* The query `java/insecure-spring-actuator-config` has been promoted from experimental to the main query pack as `java/spring-boot-exposed-actuators-config`. Its results will now appear by default. This query detects exposure of Spring Boot actuators through configuration files. It was originally submitted as an experimental query [by @luchua-bc](https://github.com/github/codeql/pull/5384).
--- a/java/ql/src/change-notes/2025-07-19-adjust-tags.md
+++ b/java/ql/src/change-notes/2025-07-19-adjust-tags.md
@@ -1,5 +0,0 @@
---
-category: queryMetadata
---
-* The tag `maintainability` has been removed from `java/run-finalizers-on-exit` and the tags `quality`, `correctness`, and `performance` have been added.
-* The tag `maintainability` has been removed from `java/garbage-collection` and the tags `quality` and `correctness` have been added.
--- a/java/ql/src/change-notes/2025-08-22-nullness-fn.md
+++ b/java/ql/src/change-notes/2025-08-22-nullness-fn.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed a bug that was causing false negatives in rare cases in the query `java/dereferenced-value-may-be-null`.
--- a/java/ql/src/change-notes/released/1.7.0.md
+++ b/java/ql/src/change-notes/released/1.7.0.md
@@ -0,0 +1,15 @@
+## 1.7.0
+
+### New Queries
+
+* The query `java/insecure-spring-actuator-config` has been promoted from experimental to the main query pack as `java/spring-boot-exposed-actuators-config`. Its results will now appear by default. This query detects exposure of Spring Boot actuators through configuration files. It was originally submitted as an experimental query [by @luchua-bc](https://github.com/github/codeql/pull/5384).
+
+### Query Metadata Changes
+
+* The tag `maintainability` has been removed from `java/run-finalizers-on-exit` and the tags `quality`, `correctness`, and `performance` have been added.
+* The tag `maintainability` has been removed from `java/garbage-collection` and the tags `quality` and `correctness` have been added.
+
+### Minor Analysis Improvements
+
+* Fixed a bug that was causing false negatives in rare cases in the query `java/dereferenced-value-may-be-null`.
+* Removed the `java/empty-statement` query that was subsumed by the `java/empty-block` query.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.3
+lastReleaseVersion: 1.7.0
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.6.4-dev
+version: 1.7.0
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 2.6.10
+
+### Minor Analysis Improvements
+
+* Removed `libxmljs` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/GNOME/libxml2/blob/0c948334a8f5c66d50e9f8992e62998017dc4fc6/NEWS#L905-L908) that prevents XML bomb attacks.
+
 ## 2.6.9

 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/2025-07-15-xml-bomb-sinks.md
+++ b/javascript/ql/lib/change-notes/2025-07-15-xml-bomb-sinks.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 2.6.10
+
+### Minor Analysis Improvements
+
 * Removed `libxmljs` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/GNOME/libxml2/blob/0c948334a8f5c66d50e9f8992e62998017dc4fc6/NEWS#L905-L908) that prevents XML bomb attacks.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.9
+lastReleaseVersion: 2.6.10
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.10-dev
+version: 2.6.10
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 2.0.3
+
+No user-facing changes.
+
 ## 2.0.2

 ### Minor Analysis Improvements
--- a/javascript/ql/src/change-notes/released/2.0.3.md
+++ b/javascript/ql/src/change-notes/released/2.0.3.md
@@ -0,0 +1,3 @@
+## 2.0.3
+
+No user-facing changes.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.0.2
+lastReleaseVersion: 2.0.3
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 2.0.3-dev
+version: 2.0.3
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.30
+
+No user-facing changes.
+
 ## 1.0.29

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/1.0.30.md
+++ b/misc/suite-helpers/change-notes/released/1.0.30.md
@@ -0,0 +1,3 @@
+## 1.0.30
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.29
+lastReleaseVersion: 1.0.30
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.30-dev
+version: 1.0.30
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 4.0.14
+
+### Minor Analysis Improvements
+
+- The modelling of Psycopg2 now supports the use of `psycopg2.pool` connection pools for handling database connections.
+* Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks. 
+
 ## 4.0.13

 No user-facing changes.
--- a/python/ql/lib/change-notes/2025-08-25-psycopg2-connection-pool-modelling.md
+++ b/python/ql/lib/change-notes/2025-08-25-psycopg2-connection-pool-modelling.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-
- The modelling of Psycopg2 now supports the use of `psycopg2.pool` connection pools for handling database connections.
--- a/python/ql/lib/change-notes/2025-07-15-xml-bomb-sinks-python.md
+++ b/python/ql/lib/change-notes/2025-07-15-xml-bomb-sinks-python.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 4.0.14
+
+### Minor Analysis Improvements
+
+- The modelling of Psycopg2 now supports the use of `psycopg2.pool` connection pools for handling database connections.
 * Removed `lxml` as an XML bomb sink. The underlying libxml2 library now includes [entity reference loop detection](https://github.com/lxml/lxml/blob/f33ac2c2f5f9c4c4c1fc47f363be96db308f2fa6/doc/FAQ.txt#L1077) that prevents XML bomb attacks. 
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.13
+lastReleaseVersion: 4.0.14
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 4.0.14-dev
+version: 4.0.14
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 1.6.4
+
+### Minor Analysis Improvements
+
+* The `py/unexpected-raise-in-special-method` query has been modernized. It produces additional results in cases where the exception is 
+only raised conditionally. Its precision has been changed from `very-high` to `high`.
+* The queries `py/incomplete-ordering`, `py/inconsistent-equality`, and `py/equals-hash-mismatch` have been modernized; no longer relying on outdated libraries, improved documentation, and no longer producing alerts for problems specific to Python 2.
+
 ## 1.6.3

 No user-facing changes.
--- a/python/ql/src/change-notes/2025-07-14-comparisons.md
+++ b/python/ql/src/change-notes/2025-07-14-comparisons.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The queries `py/incomplete-ordering`, `py/inconsistent-equality`, and `py/equals-hash-mismatch` have been modernized; no longer relying on outdated libraries, improved documentation, and no longer producing alerts for problems specific to Python 2.
--- a/python/ql/src/change-notes/2025-07-25-unexpected-raise-special-method.md
+++ b/python/ql/src/change-notes/2025-07-25-unexpected-raise-special-method.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* The `py/unexpected-raise-in-special-method` query has been modernized. It produces additional results in cases where the exception is 
-only raised conditionally. Its precision has been changed from `very-high` to `high`.
--- a/python/ql/src/change-notes/released/1.6.4.md
+++ b/python/ql/src/change-notes/released/1.6.4.md
@@ -0,0 +1,7 @@
+## 1.6.4
+
+### Minor Analysis Improvements
+
+* The `py/unexpected-raise-in-special-method` query has been modernized. It produces additional results in cases where the exception is 
+only raised conditionally. Its precision has been changed from `very-high` to `high`.
+* The queries `py/incomplete-ordering`, `py/inconsistent-equality`, and `py/equals-hash-mismatch` have been modernized; no longer relying on outdated libraries, improved documentation, and no longer producing alerts for problems specific to Python 2.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.3
+lastReleaseVersion: 1.6.4
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.6.4-dev
+version: 1.6.4
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 5.0.3
+
+No user-facing changes.
+
 ## 5.0.2

 ### Bug Fixes
--- a/ruby/ql/lib/change-notes/released/5.0.3.md
+++ b/ruby/ql/lib/change-notes/released/5.0.3.md
@@ -0,0 +1,3 @@
+## 5.0.3
+
+No user-facing changes.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.2
+lastReleaseVersion: 5.0.3
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 5.0.3-dev
+version: 5.0.3
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.4.4
+
+No user-facing changes.
+
 ## 1.4.3

 No user-facing changes.
--- a/ruby/ql/src/change-notes/released/1.4.4.md
+++ b/ruby/ql/src/change-notes/released/1.4.4.md
@@ -0,0 +1,3 @@
+## 1.4.4
+
+No user-facing changes.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.3
+lastReleaseVersion: 1.4.4
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 1.4.4-dev
+version: 1.4.4
 groups:
  - ruby
  - queries
--- a/rust/ql/lib/CHANGELOG.md
+++ b/rust/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.1.15
+
+### Major Analysis Improvements
+
+* Path resolution has been removed from the Rust extractor. For the majority of purposes CodeQL computed paths have been in use for several previous releases, this completes the transition. Extraction is now faster and more reliable.
+
+### Minor Analysis Improvements
+
+* Attribute macros are now taken into account when identifying macro-expanded code. This affects the queries `rust/unused-variable` and `rust/unused-value`, which exclude results in macro-expanded code.
+* Improved modelling of the `std::fs`, `async_std::fs` and `tokio::fs` libraries. This may cause more alerts to be found by Rust injection queries, particularly `rust/path-injection`.
+
 ## 0.1.14

 ### Minor Analysis Improvements
--- a/rust/ql/lib/change-notes/2025-08-22-fs.md
+++ b/rust/ql/lib/change-notes/2025-08-22-fs.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Improved modelling of the `std::fs`, `async_std::fs` and `tokio::fs` libraries. This may cause more alerts to be found by Rust injection queries, particularly `rust/path-injection`.
--- a/rust/ql/lib/change-notes/2025-08-25-in-macro-expansion.md
+++ b/rust/ql/lib/change-notes/2025-08-25-in-macro-expansion.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Attribute macros are now taken into account when identifying macro-expanded code. This affects the queries `rust/unused-variable` and `rust/unused-value`, which exclude results in macro-expanded code.
--- a/rust/ql/lib/change-notes/2025-08-28-path-resolution.md
+++ b/rust/ql/lib/change-notes/2025-08-28-path-resolution.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Path resolution has been removed from the Rust extractor. For the majority of purposes CodeQL computed paths have been in use for several previous releases, this completes the transition. Extraction is now faster and more reliable.
--- a/rust/ql/lib/change-notes/released/0.1.15.md
+++ b/rust/ql/lib/change-notes/released/0.1.15.md
@@ -0,0 +1,10 @@
+## 0.1.15
+
+### Major Analysis Improvements
+
+* Path resolution has been removed from the Rust extractor. For the majority of purposes CodeQL computed paths have been in use for several previous releases, this completes the transition. Extraction is now faster and more reliable.
+
+### Minor Analysis Improvements
+
+* Attribute macros are now taken into account when identifying macro-expanded code. This affects the queries `rust/unused-variable` and `rust/unused-value`, which exclude results in macro-expanded code.
+* Improved modelling of the `std::fs`, `async_std::fs` and `tokio::fs` libraries. This may cause more alerts to be found by Rust injection queries, particularly `rust/path-injection`.
--- a/Show More
+++ b/Show More