Release preparation for version 2.15.1

2026-05-02 20:25:13 +02:00 · 2023-10-16 17:49:39 +00:00
parent e4e472ee74
commit 3b3c036626
140 changed files with 446 additions and 217 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.10.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`.
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+
 ## 0.10.0

 ### Minor Analysis Improvements
--- a/cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
+++ b/cpp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
@@ -1,5 +1,6 @@
---
-category: minorAnalysis
---
+## 0.10.1
+
+### Minor Analysis Improvements
+
 * Deleted the deprecated `AnalysedString` class, use the new name `AnalyzedString`.
 * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.10.0
+lastReleaseVersion: 0.10.1
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.10.1-dev
+version: 0.10.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.8.1
+
+### New Queries
+
+* The query `cpp/redundant-null-check-simple` has been promoted to Code Scanning. The query finds cases where a pointer is compared to null after it has already been dereferenced. Such comparisons likely indicate a bug at the place where the pointer is dereferenced, or where the pointer is compared to null.
+
+  Note: This query was incorrectly noted as being promoted to Code Scanning in CodeQL version 2.14.6.
+
 ## 0.8.0

 ### Query Metadata Changes
--- a/cpp/ql/src/change-notes/2023-10-16-redundant-null-check-simple.md
+++ b/cpp/ql/src/change-notes/2023-10-16-redundant-null-check-simple.md
@@ -1,6 +1,7 @@
---
-category: newQuery
---
+## 0.8.1
+
+### New Queries
+
 * The query `cpp/redundant-null-check-simple` has been promoted to Code Scanning. The query finds cases where a pointer is compared to null after it has already been dereferenced. Such comparisons likely indicate a bug at the place where the pointer is dereferenced, or where the pointer is compared to null.

  Note: This query was incorrectly noted as being promoted to Code Scanning in CodeQL version 2.14.6.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.8.1-dev
+version: 0.8.1
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.1
+
+No user-facing changes.
+
 ## 1.7.0

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.1.md
@@ -0,0 +1,3 @@
+## 1.7.1
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.0
+lastReleaseVersion: 1.7.1
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.1-dev
+version: 1.7.1
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.1
+
+No user-facing changes.
+
 ## 1.7.0

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.1.md
@@ -0,0 +1,3 @@
+## 1.7.1
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.0
+lastReleaseVersion: 1.7.1
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.1-dev
+version: 1.7.1
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+
 ## 0.8.0

 No user-facing changes.
--- a/csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
+++ b/csharp/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
--- a/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
+++ b/go/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.8.1
+
+### Minor Analysis Improvements
+
 * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.1-dev
+version: 0.8.1
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes.
+
 ## 0.8.0

 ### New Queries
--- a/csharp/ql/src/change-notes/2023-10-13-accesscontrol-idor-updates.md
+++ b/csharp/ql/src/change-notes/2023-10-13-accesscontrol-idor-updates.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
-* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes.
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.1-dev
+version: 0.8.1
 groups:
  - csharp
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris).
+* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default
+
 ## 0.7.0

 ### Minor Analysis Improvements
--- a/go/ql/lib/change-notes/2023-09-21-enable-gokit-framework-by-default.md
+++ b/go/ql/lib/change-notes/2023-09-21-enable-gokit-framework-by-default.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default
--- a/go/ql/lib/change-notes/2023-09-25-add-new-file-system-access-sinks.md
+++ b/go/ql/lib/change-notes/2023-09-25-add-new-file-system-access-sinks.md
@@ -1,4 +1,7 @@
---
-category: minorAnalysis
---
-* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris).
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Support has been added for file system access sinks in the following libraries: [net/http](https://pkg.go.dev/net/http), [Afero](https://github.com/spf13/afero), [beego](https://pkg.go.dev/github.com/astaxie/beego), [Echo](https://pkg.go.dev/github.com/labstack/echo), [Fiber](https://github.com/kataras/iris), [Gin](https://pkg.go.dev/github.com/gin-gonic/gin), [Iris](https://github.com/kataras/iris).
+* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.1-dev
+version: 0.7.1
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.7.1
+
+### Minor Analysis Improvements
+
+* The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results.
+
 ## 0.7.0

 No user-facing changes.
--- a/go/ql/src/change-notes/2023-10-03-incorrect-integer-conversion-improved.md
+++ b/go/ql/src/change-notes/2023-10-03-incorrect-integer-conversion-improved.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.7.1
+
+### Minor Analysis Improvements
+
 * The query "Incorrect conversion between integer types" (`go/incorrect-integer-conversion`) has been improved. It can now detect parsing an unsigned integer type (like `uint32`) and converting it to the signed integer type of the same size (like `int32`), which may lead to more results. It also treats `int` and `uint` more carefully, which may lead to more results or fewer incorrect results.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.1-dev
+version: 0.7.1
 groups:
  - go
  - queries
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.6
+
+No user-facing changes.
+
 ## 0.0.5

 No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/0.0.6.md
+++ b/java/ql/automodel/src/change-notes/released/0.0.6.md
@@ -0,0 +1,3 @@
+## 0.0.6
+
+No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.6-dev
+version: 0.0.6
 groups:
    - java
    - automodel
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,41 @@
+## 0.8.1
+
+### New Features
+
+* Added predicate `MemberRefExpr::getReceiverExpr`
+
+### Minor Analysis Improvements
+
+* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations.
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Deleted the deprecated `getAValue` predicate from the `Annotation` class.
+* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead.
+* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class.
+* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class.
+* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class.
+* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`.
+* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead.
+* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead.
+* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes.
+  There are no changes to results unless you add source models using the `environment` or `file` source kinds.
+* Added `environment` source models for the following methods:
+  * `java.lang.System#getenv`
+  * `java.lang.System#getProperties`
+  * `java.lang.System#getProperty`
+  * `java.util.Properties#get`
+  * `java.util.Properties#getProperty`
+* Added `file` source models for the following methods:
+  * the `java.io.FileInputStream` constructor
+  * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded`
+  * `hudson.FilePath#openInputStream`
+  * `hudson.FilePath#read`
+  * `hudson.FilePath#readFromOffset`
+  * `hudson.FilePath#readToString`
+* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes.
+  There are no changes to results unless you add source models using the `database` source kind.
+* Added `database` source models for the following method:
+  * `java.sql.ResultSet#getString`
+
 ## 0.8.0

 ### New Features
--- a/java/ql/lib/change-notes/2023-10-05-moved-localuserinput-to-mad.md
+++ b/java/ql/lib/change-notes/2023-10-05-moved-localuserinput-to-mad.md
@@ -1,22 +0,0 @@
---
-category: minorAnalysis
---
-* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes.
-  There are no changes to results unless you add source models using the `environment` or `file` source kinds.
-* Added `environment` source models for the following methods:
-  * `java.lang.System#getenv`
-  * `java.lang.System#getProperties`
-  * `java.lang.System#getProperty`
-  * `java.util.Properties#get`
-  * `java.util.Properties#getProperty`
-* Added `file` source models for the following methods:
-  * the `java.io.FileInputStream` constructor
-  * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded`
-  * `hudson.FilePath#openInputStream`
-  * `hudson.FilePath#read`
-  * `hudson.FilePath#readFromOffset`
-  * `hudson.FilePath#readToString`
-* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes.
-  There are no changes to results unless you add source models using the `database` source kind.
-* Added `database` source models for the following method:
-  * `java.sql.ResultSet#getString`
--- a/java/ql/lib/change-notes/2023-10-07-MemberRefExpr-getReceiverExpr.md
+++ b/java/ql/lib/change-notes/2023-10-07-MemberRefExpr-getReceiverExpr.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Added predicate `MemberRefExpr::getReceiverExpr`
--- a/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
+++ b/java/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
@@ -1,12 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
-* Deleted the deprecated `getAValue` predicate from the `Annotation` class.
-* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead.
-* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class.
-* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class.
-* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class.
-* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`.
-* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead.
-* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead.
--- a/java/ql/lib/change-notes/2023-10-12-sync-local-and-remote-dataflow-configurations.md
+++ b/java/ql/lib/change-notes/2023-10-12-sync-local-and-remote-dataflow-configurations.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations.
--- a/java/ql/lib/change-notes/released/0.8.1.md
+++ b/java/ql/lib/change-notes/released/0.8.1.md
@@ -0,0 +1,37 @@
+## 0.8.1
+
+### New Features
+
+* Added predicate `MemberRefExpr::getReceiverExpr`
+
+### Minor Analysis Improvements
+
+* The `isBarrier`, `isBarrierIn`, `isBarrierOut`, and `isAdditionalFlowStep` methods of the taint-tracking configurations for local queries in the `ArithmeticTaintedLocalQuery`, `ExternallyControlledFormatStringLocalQuery`, `ImproperValidationOfArrayIndexQuery`, `NumericCastTaintedQuery`, `ResponseSplittingLocalQuery`, `SqlTaintedLocalQuery`, and `XssLocalQuery` libraries have been changed to match their remote counterpart configurations.
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Deleted the deprecated `getAValue` predicate from the `Annotation` class.
+* Deleted the deprecated alias `FloatingPointLiteral`, use `FloatLiteral` instead.
+* Deleted the deprecated `getASuppressedWarningLiteral` predicate from the `SuppressWarningsAnnotation` class.
+* Deleted the deprecated `getATargetExpression` predicate form the `TargetAnnotation` class.
+* Deleted the deprecated `getRetentionPolicyExpression` predicate from the `RetentionAnnotation` class.
+* Deleted the deprecated `conditionCheck` predicate from `Preconditions.qll`.
+* Deleted the deprecated `semmle.code.java.security.performance` folder, use `semmle.code.java.security.regexp` instead.
+* Deleted the deprecated `ExternalAPI` class from `ExternalApi.qll`, use `ExternalApi` instead.
+* Modified the `EnvInput` class in `semmle.code.java.dataflow.FlowSources` to include `environment` and `file` source nodes.
+  There are no changes to results unless you add source models using the `environment` or `file` source kinds.
+* Added `environment` source models for the following methods:
+  * `java.lang.System#getenv`
+  * `java.lang.System#getProperties`
+  * `java.lang.System#getProperty`
+  * `java.util.Properties#get`
+  * `java.util.Properties#getProperty`
+* Added `file` source models for the following methods:
+  * the `java.io.FileInputStream` constructor
+  * `hudson.FilePath#newInputStreamDenyingSymlinkAsNeeded`
+  * `hudson.FilePath#openInputStream`
+  * `hudson.FilePath#read`
+  * `hudson.FilePath#readFromOffset`
+  * `hudson.FilePath#readToString`
+* Modified the `DatabaseInput` class in `semmle.code.java.dataflow.FlowSources` to include `database` source nodes.
+  There are no changes to results unless you add source models using the `database` source kind.
+* Added `database` source models for the following method:
+  * `java.sql.ResultSet#getString`
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.1-dev
+version: 0.8.1
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed.
+
 ## 0.8.0

 No user-facing changes.
--- a/java/ql/src/change-notes/2023-10-06-threat-models.md
+++ b/java/ql/src/change-notes/2023-10-06-threat-models.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
-* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed.
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* Most data flow queries that track flow from *remote* flow sources now use the current *threat model* configuration instead. This doesn't lead to any changes in the produced alerts (as the default configuration is *remote* flow sources) unless the threat model configuration is changed.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.1-dev
+version: 0.8.1
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,21 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* The contents of `.jsp` files are now extracted, and any `<script>` tags inside these files will be parsed as JavaScript.
+* [Import attributes](https://github.com/tc39/proposal-import-attributes) are now supported in JavaScript code.
+  Note that import attributes are an evolution of an earlier proposal called "import assertions", which were implemented in TypeScript 4.5.
+  The QL library includes new predicates named `getImportAttributes()` that should be used in favor of the now deprecated `getImportAssertion()`;
+  in addition, the `getImportAttributes()` method of the `DynamicImportExpr` has been renamed to `getImportOptions()`. 
+* Deleted the deprecated `getAnImmediateUse`, `getAUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class.
+* Deleted the deprecated `mayReferToParameter` predicate from `DataFlow::Node`.
+* Deleted the deprecated `getStaticMethod` and `getAStaticMethod` predicates from `DataFlow::ClassNode`.
+* Deleted the deprecated `isLibaryFile` predicate from `ClassifyFiles.qll`, use `isLibraryFile` instead.
+* Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead.
+* Deleted the deprecated `semmle.javascript.security.performance` folder, use `semmle.javascript.security.regexp` instead.
+* Tagged template literals have been added to `DataFlow::CallNode`. This allows the analysis to find flow into functions called with a tagged template literal, 
+  and the arguments to a tagged template literal are part of the API-graph in `ApiGraphs.qll`.
+
 ## 0.8.0

 No user-facing changes.
--- a/javascript/ql/lib/change-notes/2023-10-07-tagged-template-litterals.md
+++ b/javascript/ql/lib/change-notes/2023-10-07-tagged-template-litterals.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Tagged template literals have been added to `DataFlow::CallNode`. This allows the analysis to find flow into functions called with a tagged template literal, 
-  and the arguments to a tagged template literal are part of the API-graph in `ApiGraphs.qll`.
--- a/javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
+++ b/javascript/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
@@ -1,9 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted the deprecated `getAnImmediateUse`, `getAUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class.
-* Deleted the deprecated `mayReferToParameter` predicate from `DataFlow::Node`.
-* Deleted the deprecated `getStaticMethod` and `getAStaticMethod` predicates from `DataFlow::ClassNode`.
-* Deleted the deprecated `isLibaryFile` predicate from `ClassifyFiles.qll`, use `isLibraryFile` instead.
-* Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead.
-* Deleted the deprecated `semmle.javascript.security.performance` folder, use `semmle.javascript.security.regexp` instead.
--- a/javascript/ql/lib/change-notes/2023-10-10-import-attributes.md
+++ b/javascript/ql/lib/change-notes/2023-10-10-import-attributes.md
@@ -1,7 +0,0 @@
---
-category: minorAnalysis
---
-* [Import attributes](https://github.com/tc39/proposal-import-attributes) are now supported in JavaScript code.
-  Note that import attributes are an evolution of an earlier proposal called "import assertions", which were implemented in TypeScript 4.5.
-  The QL library includes new predicates named `getImportAttributes()` that should be used in favor of the now deprecated `getImportAssertion()`;
-  in addition, the `getImportAttributes()` method of the `DynamicImportExpr` has been renamed to `getImportOptions()`. 
--- a/javascript/ql/lib/change-notes/2023-10-13-jsp-extraction.md
+++ b/javascript/ql/lib/change-notes/2023-10-13-jsp-extraction.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The contents of `.jsp` files are now extracted, and any `<script>` tags inside these files will be parsed as JavaScript.
--- a/javascript/ql/lib/change-notes/released/0.8.1.md
+++ b/javascript/ql/lib/change-notes/released/0.8.1.md
@@ -0,0 +1,17 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* The contents of `.jsp` files are now extracted, and any `<script>` tags inside these files will be parsed as JavaScript.
+* [Import attributes](https://github.com/tc39/proposal-import-attributes) are now supported in JavaScript code.
+  Note that import attributes are an evolution of an earlier proposal called "import assertions", which were implemented in TypeScript 4.5.
+  The QL library includes new predicates named `getImportAttributes()` that should be used in favor of the now deprecated `getImportAssertion()`;
+  in addition, the `getImportAttributes()` method of the `DynamicImportExpr` has been renamed to `getImportOptions()`. 
+* Deleted the deprecated `getAnImmediateUse`, `getAUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class.
+* Deleted the deprecated `mayReferToParameter` predicate from `DataFlow::Node`.
+* Deleted the deprecated `getStaticMethod` and `getAStaticMethod` predicates from `DataFlow::ClassNode`.
+* Deleted the deprecated `isLibaryFile` predicate from `ClassifyFiles.qll`, use `isLibraryFile` instead.
+* Deleted many library models that were build on the AST. Use the new models that are build on the dataflow library instead.
+* Deleted the deprecated `semmle.javascript.security.performance` folder, use `semmle.javascript.security.regexp` instead.
+* Tagged template literals have been added to `DataFlow::CallNode`. This allows the analysis to find flow into functions called with a tagged template literal, 
+  and the arguments to a tagged template literal are part of the API-graph in `ApiGraphs.qll`.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.8.1-dev
+version: 0.8.1
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* Added the `AmdModuleDefinition::Range` class, making it possible to define custom aliases for the AMD `define` function.
+
 ## 0.8.0

 No user-facing changes.
--- a/javascript/ql/src/change-notes/2023-10-05-amd-range.md
+++ b/javascript/ql/src/change-notes/2023-10-05-amd-range.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.8.1
+
+### Minor Analysis Improvements
+
 * Added the `AmdModuleDefinition::Range` class, making it possible to define custom aliases for the AMD `define` function.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.8.1-dev
+version: 0.8.1
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.7.1
+
+No user-facing changes.
+
 ## 0.7.0

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/0.7.1.md
+++ b/misc/suite-helpers/change-notes/released/0.7.1.md
@@ -0,0 +1,3 @@
+## 0.7.1
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.0
+lastReleaseVersion: 0.7.1
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 0.7.1-dev
+version: 0.7.1
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,16 @@
+## 0.11.1
+
+### Minor Analysis Improvements
+
+* Added better support for API graphs when encountering `from ... import *`. For example in the code `from foo import *; Bar()`, we will now find a result for `API::moduleImport("foo").getMember("Bar").getACall()`
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Deleted the deprecated `getAUse`, `getAnImmediateUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class.
+* Deleted the deprecated `fullyQualifiedToAPIGraphPath` class from `SubclassFinder.qll`, use `fullyQualifiedToApiGraphPath` instead.
+* Deleted the deprecated `Paths.qll` file.
+* Deleted the deprecated `semmle.python.security.performance` folder, use `semmle.python.security.regexp` instead.
+* Deleted the deprecated `semmle.python.security.strings` and `semmle.python.web` folders.
+* Improved modeling of decoding through pickle related functions (which can lead to code execution), resulting in additional sinks for the _Deserializing untrusted input_ query (`py/unsafe-deserialization`). Added support for `pandas.read_pickle`, `numpy.load` and `joblib.load`.
+
 ## 0.11.0

 ### Minor Analysis Improvements
--- a/python/ql/lib/change-notes/2023-07-20-add-unsafe-deserialization-sinks.md
+++ b/python/ql/lib/change-notes/2023-07-20-add-unsafe-deserialization-sinks.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Improved modeling of decoding through pickle related functions (which can lead to code execution), resulting in additional sinks for the _Deserializing untrusted input_ query (`py/unsafe-deserialization`). Added support for `pandas.read_pickle`, `numpy.load` and `joblib.load`.
--- a/python/ql/lib/change-notes/2023-10-10-api-graphs-import-star.md
+++ b/python/ql/lib/change-notes/2023-10-10-api-graphs-import-star.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added better support for API graphs when encountering `from ... import *`. For example in the code `from foo import *; Bar()`, we will now find a result for `API::moduleImport("foo").getMember("Bar").getACall()`
--- a/python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
+++ b/python/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
@@ -1,9 +1,12 @@
---
-category: minorAnalysis
---
+## 0.11.1
+
+### Minor Analysis Improvements
+
+* Added better support for API graphs when encountering `from ... import *`. For example in the code `from foo import *; Bar()`, we will now find a result for `API::moduleImport("foo").getMember("Bar").getACall()`
 * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
 * Deleted the deprecated `getAUse`, `getAnImmediateUse`, `getARhs`, and `getAValueReachingRhs` predicates from the `API::Node` class.
 * Deleted the deprecated `fullyQualifiedToAPIGraphPath` class from `SubclassFinder.qll`, use `fullyQualifiedToApiGraphPath` instead.
 * Deleted the deprecated `Paths.qll` file.
 * Deleted the deprecated `semmle.python.security.performance` folder, use `semmle.python.security.regexp` instead.
 * Deleted the deprecated `semmle.python.security.strings` and `semmle.python.web` folders.
+* Improved modeling of decoding through pickle related functions (which can lead to code execution), resulting in additional sinks for the _Deserializing untrusted input_ query (`py/unsafe-deserialization`). Added support for `pandas.read_pickle`, `numpy.load` and `joblib.load`.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.11.0
+lastReleaseVersion: 0.11.1
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.11.1-dev
+version: 0.11.1
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.9.1
+
+No user-facing changes.
+
 ## 0.9.0

 ### New Queries
--- a/python/ql/src/change-notes/released/0.9.1.md
+++ b/python/ql/src/change-notes/released/0.9.1.md
@@ -0,0 +1,3 @@
+## 0.9.1
+
+No user-facing changes.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.0
+lastReleaseVersion: 0.9.1
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.9.1-dev
+version: 0.9.1
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.8.1
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
+* Deleted the deprecated `isWeak` predicate from the `CryptographicOperation` class.
+* Deleted the deprecated `getStringOrSymbol` and `isStringOrSymbol` predicates from the `ConstantValue` class.
+* Deleted the deprecated `getAPI` from the `IOOrFileMethodCall` class.
+* Deleted the deprecated `codeql.ruby.security.performance` folder, use `codeql.ruby.security.regexp` instead.
+* GraphQL enums are no longer considered remote flow sources.
+
 ## 0.8.0

 ### Major Analysis Improvements
--- a/ruby/ql/lib/change-notes/2023-09-18-graphql-sources.md
+++ b/ruby/ql/lib/change-notes/2023-09-18-graphql-sources.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* GraphQL enums are no longer considered remote flow sources.
--- a/ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
+++ b/ruby/ql/lib/change-notes/2023-10-09-outdated-deprecations.md
@@ -1,8 +1,10 @@
---
-category: minorAnalysis
---
+## 0.8.1
+
+### Minor Analysis Improvements
+
 * Deleted the deprecated `isBarrierGuard` predicate from the dataflow library and its uses, use `isBarrier` and the `BarrierGuard` module instead.
 * Deleted the deprecated `isWeak` predicate from the `CryptographicOperation` class.
 * Deleted the deprecated `getStringOrSymbol` and `isStringOrSymbol` predicates from the `ConstantValue` class.
 * Deleted the deprecated `getAPI` from the `IOOrFileMethodCall` class.
 * Deleted the deprecated `codeql.ruby.security.performance` folder, use `codeql.ruby.security.regexp` instead.
+* GraphQL enums are no longer considered remote flow sources.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.8.1-dev
+version: 0.8.1
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.8.1
+
+### New Queries
+
+* Added a new experimental query, `rb/jwt-empty-secret-or-algorithm`, to detect when application uses an empty secret or weak algorithm.
+* Added a new experimental query, `rb/jwt-missing-verification`, to detect when the application does not verify a JWT payload.
+
 ## 0.8.0

 ### Minor Analysis Improvements
--- a/ruby/ql/src/change-notes/2023-09-16-jwt-security-query.md
+++ b/ruby/ql/src/change-notes/2023-09-16-jwt-security-query.md
@@ -1,5 +1,6 @@
---
-category: newQuery
---
+## 0.8.1
+
+### New Queries
+
 * Added a new experimental query, `rb/jwt-empty-secret-or-algorithm`, to detect when application uses an empty secret or weak algorithm.
-* Added a new experimental query, `rb/jwt-missing-verification`, to detect when the application does not verify a JWT payload.
+* Added a new experimental query, `rb/jwt-missing-verification`, to detect when the application does not verify a JWT payload.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.0
+lastReleaseVersion: 0.8.1
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.8.1-dev
+version: 0.8.1
 groups:
  - ruby
  - queries
--- a/shared/controlflow/CHANGELOG.md
+++ b/shared/controlflow/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.1.1
+
+No user-facing changes.
+
 ## 0.1.0

 No user-facing changes.
--- a/shared/controlflow/change-notes/released/0.1.1.md
+++ b/shared/controlflow/change-notes/released/0.1.1.md
@@ -0,0 +1,3 @@
+## 0.1.1
+
+No user-facing changes.
--- a/shared/controlflow/codeql-pack.release.yml
+++ b/shared/controlflow/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/shared/controlflow/qlpack.yml
+++ b/shared/controlflow/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/controlflow
-version: 0.1.1-dev
+version: 0.1.1
 groups: shared
 library: true
 dependencies:
--- a/shared/dataflow/CHANGELOG.md
+++ b/shared/dataflow/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.1.1
+
+No user-facing changes.
+
 ## 0.1.0

 ### Major Analysis Improvements
--- a/shared/dataflow/change-notes/released/0.1.1.md
+++ b/shared/dataflow/change-notes/released/0.1.1.md
@@ -0,0 +1,3 @@
+## 0.1.1
+
+No user-facing changes.
--- a/shared/dataflow/codeql-pack.release.yml
+++ b/shared/dataflow/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
--- a/shared/dataflow/qlpack.yml
+++ b/shared/dataflow/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/dataflow
-version: 0.1.1-dev
+version: 0.1.1
 groups: shared
 library: true
 dependencies:
--- a/shared/mad/CHANGELOG.md
+++ b/shared/mad/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.2.1
+
+No user-facing changes.
+
 ## 0.2.0

 No user-facing changes.
--- a/shared/mad/change-notes/released/0.2.1.md
+++ b/shared/mad/change-notes/released/0.2.1.md
@@ -0,0 +1,3 @@
+## 0.2.1
+
+No user-facing changes.
--- a/shared/mad/codeql-pack.release.yml
+++ b/shared/mad/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.0
+lastReleaseVersion: 0.2.1
--- a/shared/mad/qlpack.yml
+++ b/shared/mad/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/mad
-version: 0.2.1-dev
+version: 0.2.1
 groups: shared
 library: true
 dependencies: null
--- a/shared/regex/CHANGELOG.md
+++ b/shared/regex/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.2.1
+
+No user-facing changes.
+
 ## 0.2.0

 No user-facing changes.
--- a/shared/regex/change-notes/released/0.2.1.md
+++ b/shared/regex/change-notes/released/0.2.1.md
@@ -0,0 +1,3 @@
+## 0.2.1
+
+No user-facing changes.
--- a/shared/regex/codeql-pack.release.yml
+++ b/shared/regex/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.0
+lastReleaseVersion: 0.2.1
--- a/Show More
+++ b/Show More