diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 01d30a387ee..bb223d04ae5 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,5 +1,12 @@ +## 0.0.10 + +### New Features + +* Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration. + ## 0.0.9 + ## 0.0.8 ### Deprecated APIs diff --git a/cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md b/cpp/ql/lib/change-notes/released/0.0.10.md similarity index 84% rename from cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md rename to cpp/ql/lib/change-notes/released/0.0.10.md index 999cbd83d18..aa49a7c2ff2 100644 --- a/cpp/ql/lib/change-notes/2022-02-21-structured-binding-data.md +++ b/cpp/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: feature ---- +## 0.0.10 + +### New Features + * Added a `isStructuredBinding` predicate to the `Variable` class which holds when the variable is declared as part of a structured binding declaration. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 4424055e172..a9ab7825b7f 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.0.10-dev +version: 0.0.10 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 2a5e4775e18..7286cd6b0d2 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### Deprecated Queries + +* The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated. + ## 0.0.9 ### New Queries diff --git a/cpp/ql/src/change-notes/2022-02-11-code-duplication.md b/cpp/ql/src/change-notes/released/0.0.10.md similarity index 78% rename from cpp/ql/src/change-notes/2022-02-11-code-duplication.md rename to cpp/ql/src/change-notes/released/0.0.10.md index e9f676022b7..3e28f59663d 100644 --- a/cpp/ql/src/change-notes/2022-02-11-code-duplication.md +++ b/cpp/ql/src/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.0.10 + +### Deprecated Queries + * The `CodeDuplication.Copy`, `CodeDuplication.DuplicateBlock`, and `CodeDuplication.SimilarBlock` classes have been deprecated. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index ca4d832566f..0c848bae0ef 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.0.10-dev +version: 0.0.10 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index e6ee473d395..229de990843 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 1.0.4 + ## 1.0.3 ## 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md new file mode 100644 index 00000000000..8f1e57bce59 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.0.4.md @@ -0,0 +1 @@ +## 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 06fa75b96cb..03f7ea71b58 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 7c9df44253c..9443185144d 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.0.4-dev +version: 1.0.4 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index e6ee473d395..229de990843 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,5 @@ +## 1.0.4 + ## 1.0.3 ## 1.0.2 diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md new file mode 100644 index 00000000000..8f1e57bce59 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.0.4.md @@ -0,0 +1 @@ +## 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 06fa75b96cb..03f7ea71b58 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 45e39cb9a9d..cfaf1250ef0 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.0.4-dev +version: 1.0.4 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 761175ca743..193709d1260 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.10 + ## 0.0.9 ### Major Analysis Improvements diff --git a/csharp/ql/lib/change-notes/released/0.0.10.md b/csharp/ql/lib/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..979029c0162 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.0.10.md @@ -0,0 +1 @@ +## 0.0.10 diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index e38e027bbb9..c84e24aa1b4 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.0.10-dev +version: 0.0.10 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 0de57f8d135..b1769dbd7b3 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.10 + +### Query Metadata Changes + +The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and +`cs/hardcoded-connection-string-credentials`) have been downgraded to medium. + ## 0.0.9 ## 0.0.8 diff --git a/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md b/csharp/ql/src/change-notes/released/0.0.10.md similarity index 72% rename from csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md rename to csharp/ql/src/change-notes/released/0.0.10.md index a33c09ab18d..3111d5994f8 100644 --- a/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md +++ b/csharp/ql/src/change-notes/released/0.0.10.md @@ -1,5 +1,6 @@ ---- -category: queryMetadata ---- +## 0.0.10 + +### Query Metadata Changes + The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and -`cs/hardcoded-connection-string-credentials`) have been downgraded to medium. \ No newline at end of file +`cs/hardcoded-connection-string-credentials`) have been downgraded to medium. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index fe6c62e31b6..ee223c2abc7 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.0.10-dev +version: 0.0.10 groups: - csharp - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index dbdff648dbe..9d066ac3d17 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### New Features + +* Added predicates `ClassOrInterface.getAPermittedSubtype` and `isSealed` exposing information about sealed classes. + ## 0.0.9 ## 0.0.8 diff --git a/java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md b/java/ql/lib/change-notes/released/0.0.10.md similarity index 80% rename from java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md rename to java/ql/lib/change-notes/released/0.0.10.md index 294897514ce..17a23f74068 100644 --- a/java/ql/lib/change-notes/2022-02-14-sealed-classes-predicates.md +++ b/java/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: feature ---- +## 0.0.10 + +### New Features + * Added predicates `ClassOrInterface.getAPermittedSubtype` and `isSealed` exposing information about sealed classes. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 7c06a164ee9..7bf7d8052a2 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.0.10-dev +version: 0.0.10 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index e769bcddb4f..72a5dc97064 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,20 @@ +## 0.0.10 + +### Breaking Changes + +* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`. + Identify request splitting differently from response splitting in query results. + Support addional classes: + * `io.netty.handler.codec.http.CombinedHttpHeaders` + * `io.netty.handler.codec.http.DefaultHttpRequest` + * `io.netty.handler.codec.http.DefaultFullHttpRequest` + +### New Queries + +* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added. + This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. + This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388). + ## 0.0.9 ### New Queries diff --git a/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md b/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md deleted file mode 100644 index 3aba8c9581e..00000000000 --- a/java/ql/src/change-notes/2021-01-02-netty-response-splitting-improve.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -category: breaking ---- -* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`. - Identify request splitting differently from response splitting in query results. - Support addional classes: - * `io.netty.handler.codec.http.CombinedHttpHeaders` - * `io.netty.handler.codec.http.DefaultHttpRequest` - * `io.netty.handler.codec.http.DefaultFullHttpRequest` diff --git a/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md b/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md deleted file mode 100644 index 23f3a476e79..00000000000 --- a/java/ql/src/change-notes/2022-02-04-local-temp-file-or-directory-information-disclosure.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: newQuery ---- -* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added. - This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. - This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388). \ No newline at end of file diff --git a/java/ql/src/change-notes/released/0.0.10.md b/java/ql/src/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..0b868cd5dce --- /dev/null +++ b/java/ql/src/change-notes/released/0.0.10.md @@ -0,0 +1,16 @@ +## 0.0.10 + +### Breaking Changes + +* Add more classes to Netty request/response splitting. Change identification to `java/netty-http-request-or-response-splitting`. + Identify request splitting differently from response splitting in query results. + Support addional classes: + * `io.netty.handler.codec.http.CombinedHttpHeaders` + * `io.netty.handler.codec.http.DefaultHttpRequest` + * `io.netty.handler.codec.http.DefaultFullHttpRequest` + +### New Queries + +* A new query titled "Local information disclosure in a temporary directory" (`java/local-temp-file-or-directory-information-disclosure`) has been added. + This query finds uses of APIs that leak potentially sensitive information to other local users via the system temporary directory. + This query was originally [submitted as query by @JLLeitschuh](https://github.com/github/codeql/pull/4388). diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index f2225594008..ec135f007c9 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.0.10-dev +version: 0.0.10 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 31ae8e8b3e0..b7b52ff7c15 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,5 @@ +## 0.0.11 + ## 0.0.10 ## 0.0.9 diff --git a/javascript/ql/lib/change-notes/released/0.0.11.md b/javascript/ql/lib/change-notes/released/0.0.11.md new file mode 100644 index 00000000000..eba254bd51f --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.0.11.md @@ -0,0 +1 @@ +## 0.0.11 diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index b740014e5ae..e679dc42092 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.10 +lastReleaseVersion: 0.0.11 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index bce145e72e1..096fc468dc2 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.0.11-dev +version: 0.0.11 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index d7257168de8..af7e04b0c8a 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,25 @@ +## 0.0.11 + +### New Queries + +* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements + that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links. + The query is run by default. + +### Query Metadata Changes + +* The `js/request-forgery` query previously flagged both server-side and client-side request forgery, + but these are now handled by two different queries: + * `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to + `high` and is now shown by default (it was previously in the `security-extended` suite). + * `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query + but simply flags a subset of what the old query did. + This has precision `medium` and is part of the `security-extended` suite. + +### Minor Analysis Improvements + +* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library. + ## 0.0.10 ### New Queries diff --git a/javascript/ql/src/change-notes/2022-02-10-snapdragon.md b/javascript/ql/src/change-notes/2022-02-10-snapdragon.md deleted file mode 100644 index e7445eb85e4..00000000000 --- a/javascript/ql/src/change-notes/2022-02-10-snapdragon.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md b/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md deleted file mode 100644 index 03f7e81c1d7..00000000000 --- a/javascript/ql/src/change-notes/2022-02-14-functionality-from-untrusted-source.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: newQuery ---- -* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements - that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links. - The query is run by default. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md b/javascript/ql/src/change-notes/released/0.0.11.md similarity index 58% rename from javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md rename to javascript/ql/src/change-notes/released/0.0.11.md index 82aa3af24ff..ea4c2283773 100644 --- a/javascript/ql/src/change-notes/2022-02-16-split-request-forgery.md +++ b/javascript/ql/src/change-notes/released/0.0.11.md @@ -1,6 +1,13 @@ ---- -category: queryMetadata ---- +## 0.0.11 + +### New Queries + +* A new query, `js/functionality-from-untrusted-source`, has been added to the query suite. It finds DOM elements + that load functionality from untrusted sources, like `script` or `iframe` elements using `http` links. + The query is run by default. + +### Query Metadata Changes + * The `js/request-forgery` query previously flagged both server-side and client-side request forgery, but these are now handled by two different queries: * `js/request-forgery` is now specific to server-side request forgery. Its precision has been raised to @@ -8,3 +15,7 @@ category: queryMetadata * `js/client-side-request-forgery` is specific to client-side request forgery. This is technically a new query but simply flags a subset of what the old query did. This has precision `medium` and is part of the `security-extended` suite. + +### Minor Analysis Improvements + +* Added dataflow through the [`snapdragon`](https://npmjs.com/package/snapdragon) library. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index b740014e5ae..e679dc42092 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.10 +lastReleaseVersion: 0.0.11 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 6ec78f2d55b..87d52f2c60a 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.0.11-dev +version: 0.0.11 groups: - javascript - queries diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 6bbd554af1e..c3e5859574b 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### Deprecated APIs + +* The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead. + ## 0.0.9 ## 0.0.8 diff --git a/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md b/python/ql/lib/change-notes/released/0.0.10.md similarity index 78% rename from python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md rename to python/ql/lib/change-notes/released/0.0.10.md index 969e398931b..3e485f11477 100644 --- a/python/ql/lib/change-notes/2022-01-19-deprecate-old-library-modeling.md +++ b/python/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 0.0.10 + +### Deprecated APIs + * The old points-to based modeling has been deprecated. Use the new type-tracking/API-graphs based modeling instead. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index bce626bd1ab..06979bad5e0 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.0.10-dev +version: 0.0.10 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 0e4896756cf..d0bd0e98da3 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.0.10 + +### New Queries + +* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443). +* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182). + ## 0.0.9 ### Bug Fixes diff --git a/python/ql/src/change-notes/2022-02-25-promote-log-injection.md b/python/ql/src/change-notes/2022-02-25-promote-log-injection.md deleted file mode 100644 index 79d3aa23ab7..00000000000 --- a/python/ql/src/change-notes/2022-02-25-promote-log-injection.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182). diff --git a/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md b/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md deleted file mode 100644 index abdb933fe2a..00000000000 --- a/python/ql/src/change-notes/2022-02-28-promote-ldap-injection.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443). diff --git a/python/ql/src/change-notes/released/0.0.10.md b/python/ql/src/change-notes/released/0.0.10.md new file mode 100644 index 00000000000..47b2f749219 --- /dev/null +++ b/python/ql/src/change-notes/released/0.0.10.md @@ -0,0 +1,6 @@ +## 0.0.10 + +### New Queries + +* The query "LDAP query built from user-controlled sources" (`py/ldap-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @jorgectf](https://github.com/github/codeql/pull/5443). +* The query "Log Injection" (`py/log-injection`) has been promoted from experimental to the main query pack. Its results will now appear when `security-extended` is used. This query was originally [submitted as an experimental query by @haby0](https://github.com/github/codeql/pull/6182). diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index ee2e09bf960..73763776b9e 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.0.10-dev +version: 0.0.10 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 56e699dfe01..1375344ef2c 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### Minor Analysis Improvements + +* Added `FileSystemWriteAccess` concept to model data written to the filesystem. + ## 0.0.9 ## 0.0.8 diff --git a/ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md b/ruby/ql/lib/change-notes/released/0.0.10.md similarity index 64% rename from ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md rename to ruby/ql/lib/change-notes/released/0.0.10.md index 9e386c1908f..947bc1b318b 100644 --- a/ruby/ql/lib/change-notes/2022-02-20-file-system-write-access.md +++ b/ruby/ql/lib/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.0.10 + +### Minor Analysis Improvements + * Added `FileSystemWriteAccess` concept to model data written to the filesystem. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 04d55b7ffdf..bdee09c770a 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.0.10-dev +version: 0.0.10 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 87fcfbf935f..6be0a65018d 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.0.10 + +### New Queries + +* Added a new query, `rb/clear-text-logging-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are logged as cleartext. + ## 0.0.9 ## 0.0.8 diff --git a/ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md b/ruby/ql/src/change-notes/released/0.0.10.md similarity index 85% rename from ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md rename to ruby/ql/src/change-notes/released/0.0.10.md index 50ead197b58..353c9174664 100644 --- a/ruby/ql/src/change-notes/2022-01-28-rb-clear-text-logging-sensitive-data.md +++ b/ruby/ql/src/change-notes/released/0.0.10.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.0.10 + +### New Queries + * Added a new query, `rb/clear-text-logging-sensitive-data`. The query finds cases where sensitive information, such as user credentials, are logged as cleartext. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index ecdd64fbab8..b740014e5ae 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.9 +lastReleaseVersion: 0.0.10 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 3616007ddd8..be8d0483e06 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.0.10-dev +version: 0.0.10 groups: - ruby - queries