Release preparation for version 2.24.1

2026-02-11 20:51:06 +01:00 · 2026-02-02 12:09:09 +00:00
parent 4a04f7b66f
commit 0db542e9f0
186 changed files with 477 additions and 187 deletions
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,24 @@
+## 8.0.0
+
+### Breaking Changes
+
+* Support for Kotlin 1.6.x and 1.7.x series has been dropped
+
+### New Features
+
+* Kotlin versions up to 2.3.0\ *x* are now supported.
+
+### Minor Analysis Improvements
+
+* Added support for Struts 7.x package names in the Struts framework library. The library now recognizes both the legacy `com.opensymphony.xwork2` package names (Struts 2.x-6.x) and the new `org.apache.struts2` package names (Struts 7.x+), maintaining backward compatibility while enabling analysis of code using the latest Struts versions.
+* The query `java/unreleased-lock` no longer applies to lock types with names ending in "Pool", as these typically manage a collection of resources and the `lock` and `unlock` methods typically only lock one resource at a time. This may lead to a reduction in false positives.
+* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
+* When Maven-compatible private package registries are configured for an organisation for Default Setup, CodeQL will now configure Maven to also use these as plugin repositories. CodeQL previously already configured Maven to use them as regular package repositories. This should now allow Maven plugins to be obtained from private registries.
+
+### Bug Fixes
+
+* Kotlin: The Kotlin extractor now registers as the last IR generation extension, ensuring that code generated by other compiler plugins (such as kotlinx.serialization) is correctly captured.
+
 ## 7.8.4

 ### Minor Analysis Improvements
--- a/java/ql/lib/change-notes/2026-01-07-kotlin-2_3.md
+++ b/java/ql/lib/change-notes/2026-01-07-kotlin-2_3.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Kotlin versions up to 2.3.0\ *x* are now supported.
--- a/java/ql/lib/change-notes/2026-01-07-kotlin-mimimum_suppoted_version.md
+++ b/java/ql/lib/change-notes/2026-01-07-kotlin-mimimum_suppoted_version.md
@@ -1,4 +0,0 @@
---
-category: breaking
---
-* Support for Kotlin 1.6.x and 1.7.x series has been dropped
--- a/java/ql/lib/change-notes/2026-01-09-maven-plugin-registries.md
+++ b/java/ql/lib/change-notes/2026-01-09-maven-plugin-registries.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* When Maven-compatible private package registries are configured for an organisation for Default Setup, CodeQL will now configure Maven to also use these as plugin repositories. CodeQL previously already configured Maven to use them as regular package repositories. This should now allow Maven plugins to be obtained from private registries.
--- a/java/ql/lib/change-notes/2026-01-16-summarized-callable.md
+++ b/java/ql/lib/change-notes/2026-01-16-summarized-callable.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
--- a/java/ql/lib/change-notes/2026-01-26-kotlin-extractor-load-last.md
+++ b/java/ql/lib/change-notes/2026-01-26-kotlin-extractor-load-last.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* Kotlin: The Kotlin extractor now registers as the last IR generation extension, ensuring that code generated by other compiler plugins (such as kotlinx.serialization) is correctly captured.
--- a/java/ql/lib/change-notes/2026-01-27-struts-7-support.md
+++ b/java/ql/lib/change-notes/2026-01-27-struts-7-support.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added support for Struts 7.x package names in the Struts framework library. The library now recognizes both the legacy `com.opensymphony.xwork2` package names (Struts 2.x-6.x) and the new `org.apache.struts2` package names (Struts 7.x+), maintaining backward compatibility while enabling analysis of code using the latest Struts versions.
--- a/java/ql/lib/change-notes/2026-01-27-unreleased-lock-pools.md
+++ b/java/ql/lib/change-notes/2026-01-27-unreleased-lock-pools.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query `java/unreleased-lock` no longer applies to lock types with names ending in "Pool", as these typically manage a collection of resources and the `lock` and `unlock` methods typically only lock one resource at a time. This may lead to a reduction in false positives.
--- a/java/ql/lib/change-notes/released/8.0.0.md
+++ b/java/ql/lib/change-notes/released/8.0.0.md
@@ -0,0 +1,20 @@
+## 8.0.0
+
+### Breaking Changes
+
+* Support for Kotlin 1.6.x and 1.7.x series has been dropped
+
+### New Features
+
+* Kotlin versions up to 2.3.0\ *x* are now supported.
+
+### Minor Analysis Improvements
+
+* Added support for Struts 7.x package names in the Struts framework library. The library now recognizes both the legacy `com.opensymphony.xwork2` package names (Struts 2.x-6.x) and the new `org.apache.struts2` package names (Struts 7.x+), maintaining backward compatibility while enabling analysis of code using the latest Struts versions.
+* The query `java/unreleased-lock` no longer applies to lock types with names ending in "Pool", as these typically manage a collection of resources and the `lock` and `unlock` methods typically only lock one resource at a time. This may lead to a reduction in false positives.
+* The predicate `SummarizedCallable.propagatesFlow` has been extended with the columns `Provenance p` and `boolean isExact`, and as a consequence the predicates `SummarizedCallable.hasProvenance` and `SummarizedCallable.hasExactModel` have been removed.
+* When Maven-compatible private package registries are configured for an organisation for Default Setup, CodeQL will now configure Maven to also use these as plugin repositories. CodeQL previously already configured Maven to use them as regular package repositories. This should now allow Maven plugins to be obtained from private registries.
+
+### Bug Fixes
+
+* Kotlin: The Kotlin extractor now registers as the last IR generation extension, ensuring that code generated by other compiler plugins (such as kotlinx.serialization) is correctly captured.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.8.4
+lastReleaseVersion: 8.0.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.8.5-dev
+version: 8.0.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.10.6
+
+No user-facing changes.
+
 ## 1.10.5

 ### Minor Analysis Improvements
--- a/java/ql/src/change-notes/released/1.10.6.md
+++ b/java/ql/src/change-notes/released/1.10.6.md
@@ -0,0 +1,3 @@
+## 1.10.6
+
+No user-facing changes.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.10.5
+lastReleaseVersion: 1.10.6
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.10.6-dev
+version: 1.10.6
 groups:
  - java
  - queries