hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit

Browse Source
This commit is contained in:
aegilops
2025-11-20 12:22:39 +00:00
parent 62ee6d3a33 7b25e22a37
commit 1e67907516
795 changed files with 63338 additions and 33702 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/change-notes/2025-06-22-query-escaping.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `java/escaping`, to detect values escaping from classes marked as `@ThreadSafe`.

4
java/ql/src/change-notes/2025-06-22-query-not-thread-safe.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `java/not-threadsafe`, to detect data races in classes marked as `@ThreadSafe`.

4
java/ql/src/change-notes/2025-06-22-query-safe-publication.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* Added a new query, `java/safe-publication`, to detect unsafe publication in classes marked as `@ThreadSafe`.

4
java/ql/src/change-notes/2025-10-02-http-only-cookie-promote.md
View File

@@ -1,4 +0,0 @@
---
category: newQuery
---
* The `java/sensitive-cookie-not-httponly` query has been promoted from experimental to the main query pack.

5
java/ql/src/change-notes/2025-10-22-adjust-query-severity.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: queryMetadata
---
* Reduced the `security-severity` score of the `java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact.

4
java/ql/src/change-notes/2025-10-24-request-forgery-matches-sanitizer.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Calls to `String.matches` are now treated as sanitizers for the `java/ssrf` query.

4
java/ql/src/change-notes/2025-11-13-maven-default-java-17 Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Java analysis now selects the Java version to use informed by Maven POM files across all project modules. It also tries to use Java 17 or higher for all Maven projects if possible, for improved build compatibility.

12
java/ql/src/change-notes/released/1.9.0.md Normal file
View File

@@ -0,0 +1,12 @@
## 1.9.0
### New Queries
* The `java/sensitive-cookie-not-httponly` query has been promoted from experimental to the main query pack.
* Added a new query, `java/escaping`, to detect values escaping from classes marked as `@ThreadSafe`.
* Added a new query, `java/not-threadsafe`, to detect data races in classes marked as `@ThreadSafe`.
* Added a new query, `java/safe-publication`, to detect unsafe publication in classes marked as `@ThreadSafe`.
### Minor Analysis Improvements
* Calls to `String.matches` are now treated as sanitizers for the `java/ssrf` query.