Release preparation for version 2.22.1

2026-04-23 07:45:17 +02:00 · 2025-06-24 08:55:31 +00:00
parent 601e317bfe
commit 3e074b2425
184 changed files with 517 additions and 212 deletions
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 7.3.2
+
+### Minor Analysis Improvements
+
+* Java `assert` statements are now assumed to be executed for the purpose of analysing control flow. This improves precision for a number of queries.
+
 ## 7.3.1

 No user-facing changes.
--- a/java/ql/lib/change-notes/2025-06-12-assert-cfg.md
+++ b/java/ql/lib/change-notes/2025-06-12-assert-cfg.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 7.3.2
+
+### Minor Analysis Improvements
+
 * Java `assert` statements are now assumed to be executed for the purpose of analysing control flow. This improves precision for a number of queries.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.3.1
+lastReleaseVersion: 7.3.2
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.3.2-dev
+version: 7.3.2
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,24 @@
+## 1.6.0
+
+### Query Metadata Changes
+
+* The tag `quality` has been added to multiple Java quality queries for consistency. They have all been given a tag for one of the two top-level categories `reliability` or `maintainability`, and a tag for a sub-category. See [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags) for more information about these categories.
+* The tag `external/cwe/cwe-571` has been added to `java/equals-on-unrelated-types`.
+* The tag `readability` has been added to `java/missing-override-annotation`, `java/deprecated-call`, `java/inconsistent-javadoc-throws`, `java/unknown-javadoc-parameter`, `java/jdk-internal-api-access`, `java/underscore-identifier`, `java/misleading-indentation`, `java/inefficient-empty-string-test`, `java/non-static-nested-class`, `inefficient-string-constructor`, and `java/constants-only-interface`.
+* The tag `useless-code` has been added to `java/useless-type-test`, and `java/useless-tostring-call`.
+* The tag `complexity` has been added to `java/chained-type-tests`, and `java/abstract-to-concrete-cast`.
+* The tag `error-handling` has been added to `java/ignored-error-status-of-call`, and `java/uncaught-number-format-exception`.
+* The tag `correctness` has been added to `java/evaluation-to-constant`, `java/whitespace-contradicts-precedence`, `java/empty-container`, `java/string-buffer-char-init`, `java/call-to-object-tostring`, `java/print-array` and `java/internal-representation-exposure`.
+* The tag `performance` has been added to `java/input-resource-leak`, `java/database-resource-leak`, `java/output-resource-leak`, `java/inefficient-key-set-iterator`, `java/inefficient-output-stream`, and `java/inefficient-boxed-constructor`.
+* The tag `correctness` has been removed from `java/call-to-thread-run`, `java/unsafe-double-checked-locking`, `java/unsafe-double-checked-locking-init-order`, `java/non-sync-override`, `java/sync-on-boxed-types`, `java/unsynchronized-getter`, `java/input-resource-leak`, `java/output-resource-leak`, `java/database-resource-leak`, and `java/ignored-error-status-of-call`.
+* The tags `maintainability` has been removed from `java/string-buffer-char-init`, `java/inefficient-key-set-iterator`, `java/inefficient-boxed-constructor`, and `java/internal-representation-exposure`.
+* The tags `reliability` has been removed from `java/subtle-inherited-call`, `java/print-array`, and `java/call-to-object-tostring`.
+* The tags `maintainability` and `useless-code` have been removed from `java/evaluation-to-constant`.
+* The tags `maintainability` and `readability` have been removed from `java/whitespace-contradicts-precedence`.
+* The tags `maintainability` and `useless-code` have been removed from `java/empty-container`.
+* Adjusts the `@precision` from high to medium for `java/concatenated-command-line` because it is producing false positive alerts when the concatenated strings are hard-coded.
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `java/tainted-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
+
 ## 1.5.2

 No user-facing changes.
--- a/java/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
+++ b/java/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md
@@ -1,4 +0,0 @@
---
-category: queryMetadata
---
-* Adjusts the `@security-severity` from 9.3 to 7.3 for `java/tainted-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
--- a/java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md
+++ b/java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md
@@ -1,4 +0,0 @@
---
-category: queryMetadata
---
-* Adjusts the `@precision` from high to medium for `java/concatenated-command-line` because it is producing false positive alerts when the concatenated strings are hard-coded.
--- a/java/ql/src/change-notes/2025-06-17-add-tags-to-quality-queries.md
+++ b/java/ql/src/change-notes/2025-06-17-add-tags-to-quality-queries.md
@@ -1,6 +1,7 @@
---
-category: queryMetadata
---
+## 1.6.0
+
+### Query Metadata Changes
+
 * The tag `quality` has been added to multiple Java quality queries for consistency. They have all been given a tag for one of the two top-level categories `reliability` or `maintainability`, and a tag for a sub-category. See [Query file metadata and alert message style guide](https://github.com/github/codeql/blob/main/docs/query-metadata-style-guide.md#quality-query-sub-category-tags) for more information about these categories.
 * The tag `external/cwe/cwe-571` has been added to `java/equals-on-unrelated-types`.
 * The tag `readability` has been added to `java/missing-override-annotation`, `java/deprecated-call`, `java/inconsistent-javadoc-throws`, `java/unknown-javadoc-parameter`, `java/jdk-internal-api-access`, `java/underscore-identifier`, `java/misleading-indentation`, `java/inefficient-empty-string-test`, `java/non-static-nested-class`, `inefficient-string-constructor`, and `java/constants-only-interface`.
@@ -15,3 +16,5 @@ category: queryMetadata
 * The tags `maintainability` and `useless-code` have been removed from `java/evaluation-to-constant`.
 * The tags `maintainability` and `readability` have been removed from `java/whitespace-contradicts-precedence`.
 * The tags `maintainability` and `useless-code` have been removed from `java/empty-container`.
+* Adjusts the `@precision` from high to medium for `java/concatenated-command-line` because it is producing false positive alerts when the concatenated strings are hard-coded.
+* Adjusts the `@security-severity` from 9.3 to 7.3 for `java/tainted-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.2
+lastReleaseVersion: 1.6.0
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.5.3-dev
+version: 1.6.0
 groups:
  - java
  - queries