diff --git a/.github/workflows/compile-queries.yml b/.github/workflows/compile-queries.yml deleted file mode 100644 index c8f6301bb53..00000000000 --- a/.github/workflows/compile-queries.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: "Compile all queries using the latest stable CodeQL CLI" - -on: - push: - branches: # makes sure the cache gets populated - running on the branches people tend to merge into. - - main - - "rc/*" - - "codeql-cli-*" - pull_request: - paths: - - '**.ql' - - '**.qll' - - '**/qlpack.yml' - - '**.dbscheme' - -permissions: - contents: read - -jobs: - detect-changes: - if: github.repository_owner == 'github' - runs-on: ubuntu-latest - outputs: - languages: ${{ steps.detect.outputs.languages }} - steps: - - uses: actions/checkout@v5 - - name: Detect changed languages - id: detect - run: | - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - # For PRs, detect which languages have changes - changed_files=$(gh pr view ${{ github.event.pull_request.number }} --json files --jq '.files.[].path') - languages=() - for lang in actions cpp csharp go java javascript python ql ruby rust swift; do - if echo "$changed_files" | grep -qE "^($lang/|shared/)" ; then - languages+=("$lang") - fi - done - echo "languages=$(jq -c -n '$ARGS.positional' --args "${languages[@]}")" >> $GITHUB_OUTPUT - else - # For pushes to main/rc branches, run all languages - echo 'languages=["actions","cpp","csharp","go","java","javascript","python","ql","ruby","rust","swift"]' >> $GITHUB_OUTPUT - fi - env: - GH_TOKEN: ${{ github.token }} - - compile-queries: - needs: detect-changes - if: github.repository_owner == 'github' && needs.detect-changes.outputs.languages != '[]' - runs-on: ubuntu-latest-xl - strategy: - fail-fast: false - matrix: - language: ${{ fromJson(needs.detect-changes.outputs.languages) }} - - steps: - - uses: actions/checkout@v5 - - name: Setup CodeQL - uses: ./.github/actions/fetch-codeql - with: - channel: 'release' - - name: Cache compilation cache - id: query-cache - uses: ./.github/actions/cache-query-compilation - with: - key: ${{ matrix.language }}-queries - - name: check formatting - run: find shared ${{ matrix.language }}/ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only - - name: compile queries - check-only - # run with --check-only if running in a PR (github.sha != main) - if : ${{ github.event_name == 'pull_request' }} - shell: bash - run: codeql query compile -q -j0 ${{ matrix.language }}/ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 --ram=56000 - - name: compile queries - full - # do full compile if running on main - this populates the cache - if : ${{ github.event_name != 'pull_request' }} - shell: bash - run: codeql query compile -q -j0 ${{ matrix.language }}/ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 --ram=56000 diff --git a/MODULE.bazel b/MODULE.bazel index e373f72fd19..d2664447241 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -17,12 +17,12 @@ local_path_override( bazel_dep(name = "platforms", version = "1.0.0") bazel_dep(name = "rules_cc", version = "0.2.17") bazel_dep(name = "rules_go", version = "0.60.0") -bazel_dep(name = "rules_java", version = "9.0.3") +bazel_dep(name = "rules_java", version = "9.6.1") bazel_dep(name = "rules_pkg", version = "1.2.0") bazel_dep(name = "rules_nodejs", version = "6.7.3") bazel_dep(name = "rules_python", version = "1.9.0") bazel_dep(name = "rules_shell", version = "0.6.1") -bazel_dep(name = "bazel_skylib", version = "1.8.1") +bazel_dep(name = "bazel_skylib", version = "1.9.0") bazel_dep(name = "abseil-cpp", version = "20260107.1", repo_name = "absl") bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json") bazel_dep(name = "fmt", version = "12.1.0-codeql.1") diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 0de191099ce..e482a61b06a 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.30 + +No user-facing changes. + ## 0.4.29 No user-facing changes. diff --git a/actions/ql/lib/change-notes/released/0.4.30.md b/actions/ql/lib/change-notes/released/0.4.30.md new file mode 100644 index 00000000000..db4b03e0b97 --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.30.md @@ -0,0 +1,3 @@ +## 0.4.30 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index e8ce8a9cf2d..008b5d85453 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.29 +lastReleaseVersion: 0.4.30 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 58daff358ae..a6806dc906f 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.30-dev +version: 0.4.31-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index 98d0c402d61..3b0f1c68853 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.22 + +No user-facing changes. + ## 0.6.21 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.22.md b/actions/ql/src/change-notes/released/0.6.22.md new file mode 100644 index 00000000000..e94a6b1f5a2 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.22.md @@ -0,0 +1,3 @@ +## 0.6.22 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 8842c194911..d34186b2833 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.21 +lastReleaseVersion: 0.6.22 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index cb88235175f..0c097847479 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.22-dev +version: 0.6.23-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index ceed8215197..de37c16751a 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 8.0.1 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 8.0.0 ### Breaking Changes diff --git a/csharp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/cpp/ql/lib/change-notes/released/8.0.1.md similarity index 81% rename from csharp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to cpp/ql/lib/change-notes/released/8.0.1.md index 23fdce9b615..46866df058a 100644 --- a/csharp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/cpp/ql/lib/change-notes/released/8.0.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 8.0.1 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 0f48687270d..145ae8f5b47 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 8.0.0 +lastReleaseVersion: 8.0.1 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index f58f85ad943..beb1e9234e8 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 8.0.1-dev +version: 8.0.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 46b9d362541..c29eaa31e44 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.13 + +No user-facing changes. + ## 1.5.12 No user-facing changes. diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql index 37e3fa0c49f..bf6f014672f 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql @@ -23,13 +23,31 @@ import Flow::PathGraph predicate isSource(FlowSource source, string sourceType) { sourceType = source.getSourceType() } +/** + * Holds if `f` is a printf-like function or a (possibly nested) wrapper + * that forwards a format-string parameter to one. + * + * Functions that *implement* printf-like behavior (e.g. a custom + * `vsnprintf` variant) internally parse the caller-supplied format string + * and build small, bounded, local format strings such as `"%d"` or `"%ld"` + * for inner `sprintf` calls. Taint that reaches those inner calls via the + * parsed format specifier is not exploitable, so sinks inside such + * functions should be excluded. + */ +private predicate isPrintfImplementation(Function f) { + f instanceof PrintfLikeFunction + or + exists(PrintfLikeFunction printf | printf.wrapperFunction(f, _, _)) +} + module Config implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { isSource(node, _) } predicate isSink(DataFlow::Node node) { exists(PrintfLikeFunction printf | printf.outermostWrapperFunctionCall([node.asExpr(), node.asIndirectExpr()], _) - ) + ) and + not isPrintfImplementation([node.asExpr(), node.asIndirectExpr()].getEnclosingFunction()) } private predicate isArithmeticNonCharType(ArithmeticType type) { diff --git a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql index d9c9df4fd91..343e96a00d3 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql @@ -18,7 +18,8 @@ import IncorrectPointerScalingCommon private predicate isCharSzPtrExpr(Expr e) { exists(PointerType pt | pt = e.getFullyConverted().getUnspecifiedType() | pt.getBaseType() instanceof CharType or - pt.getBaseType() instanceof VoidType + pt.getBaseType() instanceof VoidType or + pt.getBaseType() instanceof ErroneousType // this could be char / void type in a successful compilation ) } diff --git a/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md b/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md new file mode 100644 index 00000000000..387e2d44b46 --- /dev/null +++ b/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases. diff --git a/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md b/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md new file mode 100644 index 00000000000..6a1133917bf --- /dev/null +++ b/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations. diff --git a/cpp/ql/src/change-notes/released/1.5.13.md b/cpp/ql/src/change-notes/released/1.5.13.md new file mode 100644 index 00000000000..293a8ca4ee1 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.5.13.md @@ -0,0 +1,3 @@ +## 1.5.13 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 7a2ef006808..63816b66f59 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.12 +lastReleaseVersion: 1.5.13 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 82056b71c4d..1b32be0402f 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.13-dev +version: 1.5.14-dev groups: - cpp - queries diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected index 8b67b3f8bc9..dbff4230f25 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/SuspiciousAddWithSizeof.expected @@ -1,3 +1,5 @@ +| buildless.cpp:5:15:5:25 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const short * | const short * | +| buildless.cpp:6:13:6:23 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | const int * | const int * | | test.cpp:6:30:6:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | | test.cpp:14:30:14:40 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | | test.cpp:22:25:22:35 | sizeof(int) | Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@. | file://:0:0:0:0 | int * | int * | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp new file mode 100644 index 00000000000..b0b590fba69 --- /dev/null +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/buildless.cpp @@ -0,0 +1,10 @@ +// semmle-extractor-options: --expect_errors + +void test_buildless(const char *p_c, const short *p_short, const int *p_int, const uint8_t *p_8, const uint16_t *p_16, const uint32_t *p_32) { + *(p_c + sizeof(int)); // GOOD (`sizeof(char)` is 1) + *(p_short + sizeof(int)); // BAD + *(p_int + sizeof(int)); // BAD + *(p_8 + sizeof(int)); // GOOD (`sizeof(uint8_t)` is 1, but there's an error in the type) + *(p_16 + sizeof(int)); // BAD [NOT DETECTED] + *(p_32 + sizeof(int)); // BAD [NOT DETECTED] +} diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp index f2ad227417e..fa2bd934cca 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-468/semmle/SuspiciousAddWithSizeof/test.cpp @@ -93,3 +93,9 @@ private: myChar * const myCharsPointer; myInt * const myIntsPointer; }; + +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; + +void test_buildless(const char *p_c, const short *p_short, const int *p_int, const uint8_t *p_8, const uint16_t *p_16, const uint32_t *p_32); diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index e651f382fe1..86119cf97c4 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.61 + +No user-facing changes. + ## 1.7.60 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.61.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.61.md new file mode 100644 index 00000000000..260a59b90af --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.61.md @@ -0,0 +1,3 @@ +## 1.7.61 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index c6e284f44d7..4235ee0663a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.60 +lastReleaseVersion: 1.7.61 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index db6b6b5e014..90919d238b8 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.61-dev +version: 1.7.62-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index e651f382fe1..86119cf97c4 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.61 + +No user-facing changes. + ## 1.7.60 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.61.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.61.md new file mode 100644 index 00000000000..260a59b90af --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.61.md @@ -0,0 +1,3 @@ +## 1.7.61 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index c6e284f44d7..4235ee0663a 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.60 +lastReleaseVersion: 1.7.61 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index e0ee0aaab8f..ee4e92178bf 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.61-dev +version: 1.7.62-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 0546fef07b9..695a5611d94 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 5.4.9 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source. +* Added reverse taint flow from implicit conversion operator calls to their arguments. +* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments. +* C# 14: Added support for partial constructors. + ## 5.4.8 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2026-02-24-partial-constructors.md b/csharp/ql/lib/change-notes/2026-02-24-partial-constructors.md deleted file mode 100644 index 5ce442aaa10..00000000000 --- a/csharp/ql/lib/change-notes/2026-02-24-partial-constructors.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 14: Added support for partial constructors. diff --git a/csharp/ql/lib/change-notes/2026-03-02-post-update-nodes.md b/csharp/ql/lib/change-notes/2026-03-02-post-update-nodes.md deleted file mode 100644 index d021cabf1a0..00000000000 --- a/csharp/ql/lib/change-notes/2026-03-02-post-update-nodes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments. diff --git a/csharp/ql/lib/change-notes/2026-03-03-implicit-conversion-reverse-flow.md b/csharp/ql/lib/change-notes/2026-03-03-implicit-conversion-reverse-flow.md deleted file mode 100644 index 842c2069b3e..00000000000 --- a/csharp/ql/lib/change-notes/2026-03-03-implicit-conversion-reverse-flow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added reverse taint flow from implicit conversion operator calls to their arguments. diff --git a/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md b/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md deleted file mode 100644 index 7b709cad7ca..00000000000 --- a/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/released/5.4.9.md b/csharp/ql/lib/change-notes/released/5.4.9.md new file mode 100644 index 00000000000..00b802f5aba --- /dev/null +++ b/csharp/ql/lib/change-notes/released/5.4.9.md @@ -0,0 +1,9 @@ +## 5.4.9 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source. +* Added reverse taint flow from implicit conversion operator calls to their arguments. +* Added post-update nodes for struct-type arguments, allowing data flow out of method calls via those arguments. +* C# 14: Added support for partial constructors. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 35346716101..b33412cd939 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.4.8 +lastReleaseVersion: 5.4.9 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2393305504e..0153dbbfb30 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.4.9-dev +version: 5.4.10-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 91479d78ffe..35b5ab1e24e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.4 + +No user-facing changes. + ## 1.6.3 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.6.4.md b/csharp/ql/src/change-notes/released/1.6.4.md new file mode 100644 index 00000000000..5c811dc4638 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.6.4.md @@ -0,0 +1,3 @@ +## 1.6.4 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 00b51441d88..1910e09d6a6 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.3 +lastReleaseVersion: 1.6.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 6290164f0bb..807071e116b 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.6.4-dev +version: 1.6.5-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 5940973b8ca..83afe3edcec 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.44.md b/go/ql/consistency-queries/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index d0473dca567..dfa143a5866 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.44-dev +version: 1.0.45-dev groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 3e1f0ee4aa3..1093bb81803 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.0.2 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 7.0.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/go/ql/lib/change-notes/released/7.0.2.md similarity index 81% rename from cpp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to go/ql/lib/change-notes/released/7.0.2.md index 23fdce9b615..88cadec6237 100644 --- a/cpp/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/go/ql/lib/change-notes/released/7.0.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 7.0.2 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index a18747dd3a7..1f4c0c554e9 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.0.1 +lastReleaseVersion: 7.0.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index dc03fcbe4f2..2bcd5042425 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 7.0.2-dev +version: 7.0.3-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 289e4b4281b..83e764ea9d3 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.8 + +No user-facing changes. + ## 1.5.7 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.5.8.md b/go/ql/src/change-notes/released/1.5.8.md new file mode 100644 index 00000000000..ec8f84e657f --- /dev/null +++ b/go/ql/src/change-notes/released/1.5.8.md @@ -0,0 +1,3 @@ +## 1.5.8 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 227ac5febef..d26e0a52764 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.7 +lastReleaseVersion: 1.5.8 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index bc7a0adc3d2..a32eb17ebf7 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.5.8-dev +version: 1.5.9-dev groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 644a5328933..24757112923 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,26 @@ +## 9.0.0 + +### Breaking Changes + +* The Java control flow graph (CFG) implementation has been completely + rewritten. The CFG now includes additional nodes to more accurately represent + certain constructs. This also means that any existing code that implicitly + relies on very specific details about the CFG may need to be updated. + The CFG now only includes the nodes that are reachable from the entry point. + Additionally, the following breaking changes have been made: + - `ControlFlowNode.asCall` has been removed - use `Call.getControlFlowNode` instead. + - `ControlFlowNode.getEnclosingStmt` has been removed. + - `ControlFlow::ExprNode` has been removed. + - `ControlFlow::StmtNode` has been removed. + - `ControlFlow::Node` has been removed - this was merely an alias of + `ControlFlowNode`, which is still available. + - Previously deprecated predicates on `BasicBlock` have been removed. + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment. + ## 8.1.1 ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2026-03-04-binary-assignment.md b/java/ql/lib/change-notes/2026-03-04-binary-assignment.md deleted file mode 100644 index e94a7f6722b..00000000000 --- a/java/ql/lib/change-notes/2026-03-04-binary-assignment.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment. diff --git a/java/ql/lib/change-notes/2026-02-18-cfg.md b/java/ql/lib/change-notes/released/9.0.0.md similarity index 70% rename from java/ql/lib/change-notes/2026-02-18-cfg.md rename to java/ql/lib/change-notes/released/9.0.0.md index 27bd381ec0d..e0b4d7f10ab 100644 --- a/java/ql/lib/change-notes/2026-02-18-cfg.md +++ b/java/ql/lib/change-notes/released/9.0.0.md @@ -1,6 +1,7 @@ ---- -category: breaking ---- +## 9.0.0 + +### Breaking Changes + * The Java control flow graph (CFG) implementation has been completely rewritten. The CFG now includes additional nodes to more accurately represent certain constructs. This also means that any existing code that implicitly @@ -14,3 +15,8 @@ category: breaking - `ControlFlow::Node` has been removed - this was merely an alias of `ControlFlowNode`, which is still available. - Previously deprecated predicates on `BasicBlock` have been removed. + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* The class `Assignment` now extends `BinaryExpr`. Uses of `BinaryExpr` may in some cases need slight adjustment. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 7d4e7133afe..fd5f4a48b3c 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 8.1.1 +lastReleaseVersion: 9.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 243a7ddd9a6..b9f061bcc3e 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 8.1.2-dev +version: 9.0.1-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 85bbb64158a..ae0e77925bd 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.10.9 + +No user-facing changes. + ## 1.10.8 ### Minor Analysis Improvements diff --git a/java/ql/src/change-notes/released/1.10.9.md b/java/ql/src/change-notes/released/1.10.9.md new file mode 100644 index 00000000000..0babf4b0286 --- /dev/null +++ b/java/ql/src/change-notes/released/1.10.9.md @@ -0,0 +1,3 @@ +## 1.10.9 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 148ec989f9c..947b9a72073 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.10.8 +lastReleaseVersion: 1.10.9 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index ea148f21e79..13700fa7199 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.10.9-dev +version: 1.10.10-dev groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 07069cd41b1..01ac46e87c5 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 2.6.24 + +### Minor Analysis Improvements + +* Added support for browser-specific source kinds (`browser`, `browser-url-query`, `browser-url-fragment`, `browser-url-path`, `browser-url`, `browser-window-name`, `browser-message-event`) that can be used in data extensions to model sources in browser environments. +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 2.6.23 ### Minor Analysis Improvements diff --git a/javascript/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/javascript/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 23fdce9b615..00000000000 --- a/javascript/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/javascript/ql/lib/change-notes/2026-03-11-browser-source-kinds.md b/javascript/ql/lib/change-notes/released/2.6.24.md similarity index 53% rename from javascript/ql/lib/change-notes/2026-03-11-browser-source-kinds.md rename to javascript/ql/lib/change-notes/released/2.6.24.md index 71d06f3d1b6..9d16a33f1a8 100644 --- a/javascript/ql/lib/change-notes/2026-03-11-browser-source-kinds.md +++ b/javascript/ql/lib/change-notes/released/2.6.24.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 2.6.24 + +### Minor Analysis Improvements + * Added support for browser-specific source kinds (`browser`, `browser-url-query`, `browser-url-fragment`, `browser-url-path`, `browser-url`, `browser-window-name`, `browser-message-event`) that can be used in data extensions to model sources in browser environments. +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 50942a620ed..ce80dc3be1c 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.23 +lastReleaseVersion: 2.6.24 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index d3ae02b327c..c753467a0b8 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.24-dev +version: 2.6.25-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 39bd03fdef8..872cd055c51 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.3.4 + +No user-facing changes. + ## 2.3.3 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/2.3.4.md b/javascript/ql/src/change-notes/released/2.3.4.md new file mode 100644 index 00000000000..c7dcb90e95a --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.3.4.md @@ -0,0 +1,3 @@ +## 2.3.4 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 417ee8d65a1..1d7561c966c 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.3.3 +lastReleaseVersion: 2.3.4 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 345b9f5e9b9..5d4952bd6a5 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.3.4-dev +version: 2.3.5-dev groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index d44ddfc29ab..8b32c3a6018 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.44.md b/misc/suite-helpers/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 99171f3f221..5d2436f3e04 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.44-dev +version: 1.0.45-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 757949e1a57..4db07a9c83e 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 7.0.1 + +### Minor Analysis Improvements + +- The call graph resolution no longer considers methods marked using [`@typing.overload`](https://typing.python.org/en/latest/spec/overload.html#overloads) as valid targets. This ensures that only the method that contains the actual implementation gets resolved as a target. +* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 7.0.0 ### Breaking Changes diff --git a/python/ql/lib/change-notes/2026-03-05-ignore-type-overloaded-methods-during-resolution.md b/python/ql/lib/change-notes/released/7.0.1.md similarity index 54% rename from python/ql/lib/change-notes/2026-03-05-ignore-type-overloaded-methods-during-resolution.md rename to python/ql/lib/change-notes/released/7.0.1.md index 001b46a0adb..97224884c93 100644 --- a/python/ql/lib/change-notes/2026-03-05-ignore-type-overloaded-methods-during-resolution.md +++ b/python/ql/lib/change-notes/released/7.0.1.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 7.0.1 + +### Minor Analysis Improvements - The call graph resolution no longer considers methods marked using [`@typing.overload`](https://typing.python.org/en/latest/spec/overload.html#overloads) as valid targets. This ensures that only the method that contains the actual implementation gets resolved as a target. +* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index e0db21c7869..a18747dd3a7 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.0.0 +lastReleaseVersion: 7.0.1 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 1e5bd87c850..8d8597ea915 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 7.0.1-dev +version: 7.0.2-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 76ac40e7767..46e1c23df07 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.9 + +No user-facing changes. + ## 1.7.8 No user-facing changes. diff --git a/python/ql/src/change-notes/released/1.7.9.md b/python/ql/src/change-notes/released/1.7.9.md new file mode 100644 index 00000000000..84107525ff7 --- /dev/null +++ b/python/ql/src/change-notes/released/1.7.9.md @@ -0,0 +1,3 @@ +## 1.7.9 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index e003efd5127..678da6bc37e 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.8 +lastReleaseVersion: 1.7.9 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 1ce2f7a64a0..389b1dfb493 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.7.9-dev +version: 1.7.10-dev groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index af8da8d490f..8014d434977 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 5.1.12 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 5.1.11 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 9b32429325e..00000000000 --- a/ruby/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/python/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/ruby/ql/lib/change-notes/released/5.1.12.md similarity index 81% rename from python/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to ruby/ql/lib/change-notes/released/5.1.12.md index 9b32429325e..8112f58ab86 100644 --- a/python/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/ruby/ql/lib/change-notes/released/5.1.12.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 5.1.12 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `# $ tag` or `# $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 4f89df382ec..537ae582d46 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.11 +lastReleaseVersion: 5.1.12 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 082848d5e62..c642ddab974 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.12-dev +version: 5.1.13-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 9414b1dab9d..ddefff5e95b 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.9 + +No user-facing changes. + ## 1.5.8 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.5.9.md b/ruby/ql/src/change-notes/released/1.5.9.md new file mode 100644 index 00000000000..be9d418e598 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.5.9.md @@ -0,0 +1,3 @@ +## 1.5.9 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index d26e0a52764..5ac7d08bfbf 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.8 +lastReleaseVersion: 1.5.9 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index ad4284d6c12..6978ce40015 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.5.9-dev +version: 1.5.10-dev groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 34301d08146..6f7d27e23b4 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.2.8 + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results. + ## 0.2.7 ### Minor Analysis Improvements diff --git a/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md b/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md deleted file mode 100644 index 99c313c2ca2..00000000000 --- a/rust/ql/lib/change-notes/2026-02-26-neutral-models-map-from.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results. diff --git a/rust/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/rust/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 23fdce9b615..00000000000 --- a/rust/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/java/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/rust/ql/lib/change-notes/released/0.2.8.md similarity index 52% rename from java/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to rust/ql/lib/change-notes/released/0.2.8.md index 23fdce9b615..a892527ffef 100644 --- a/java/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/rust/ql/lib/change-notes/released/0.2.8.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.2.8 + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. +* Added neutral models to inhibit spurious generated sink models for `map` and `from`. This fixes some false positive query results. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index 6d3c0021858..66ad7f587f8 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.7 +lastReleaseVersion: 0.2.8 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index c260a6a9aaf..b7d2e253cfb 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.8-dev +version: 0.2.9-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index d5f4e6540a7..a3b3c7b516e 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.29 + +No user-facing changes. + ## 0.1.28 ### Minor Analysis Improvements diff --git a/rust/ql/src/change-notes/released/0.1.29.md b/rust/ql/src/change-notes/released/0.1.29.md new file mode 100644 index 00000000000..040d04d51d3 --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.29.md @@ -0,0 +1,3 @@ +## 0.1.29 + +No user-facing changes. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index edc267eb31d..7517c5cff32 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.28 +lastReleaseVersion: 0.1.29 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 3e0968929b4..c36bcc3f951 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.29-dev +version: 0.1.30-dev groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index d5febfff59e..61720754dff 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.18 + +No user-facing changes. + ## 0.0.17 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.18.md b/shared/concepts/change-notes/released/0.0.18.md new file mode 100644 index 00000000000..86c60b8abe7 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.18.md @@ -0,0 +1,3 @@ +## 0.0.18 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index cbc3d3cd493..a0d2bc59d97 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.17 +lastReleaseVersion: 0.0.18 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 0eb08ff7ef2..c23e61f19fb 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.18-dev +version: 0.0.19-dev groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index ba7a6e9710b..cd52e9f754d 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.28 + +No user-facing changes. + ## 2.0.27 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.28.md b/shared/controlflow/change-notes/released/2.0.28.md new file mode 100644 index 00000000000..3f9412b6e63 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.28.md @@ -0,0 +1,3 @@ +## 2.0.28 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index a047558f018..ec5bd6ba369 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.27 +lastReleaseVersion: 2.0.28 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 23365f4b00e..35b09b7dc63 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.28-dev +version: 2.0.29-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 21334d74df3..d669cdf14da 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 2.1.0 + +### New Features + +* Two new flow features `FeatureEscapesSourceCallContext` and `FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext` have been added. The former implies that the sink must be reached from the source by escaping the source call context, that is, flow must either return from the callable containing the source or use a jump-step before reaching the sink. The latter is the disjunction of the former and the existing `FeatureEqualSourceSinkCallContext` flow feature. + ## 2.0.27 No user-facing changes. diff --git a/shared/dataflow/change-notes/2026-03-04-flow-feature-escapes-source-call-context.md b/shared/dataflow/change-notes/released/2.1.0.md similarity index 89% rename from shared/dataflow/change-notes/2026-03-04-flow-feature-escapes-source-call-context.md rename to shared/dataflow/change-notes/released/2.1.0.md index b7b61b75411..3190a39d325 100644 --- a/shared/dataflow/change-notes/2026-03-04-flow-feature-escapes-source-call-context.md +++ b/shared/dataflow/change-notes/released/2.1.0.md @@ -1,4 +1,5 @@ ---- -category: feature ---- -* Two new flow features `FeatureEscapesSourceCallContext` and `FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext` have been added. The former implies that the sink must be reached from the source by escaping the source call context, that is, flow must either return from the callable containing the source or use a jump-step before reaching the sink. The latter is the disjunction of the former and the existing `FeatureEqualSourceSinkCallContext` flow feature. \ No newline at end of file +## 2.1.0 + +### New Features + +* Two new flow features `FeatureEscapesSourceCallContext` and `FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext` have been added. The former implies that the sink must be reached from the source by escaping the source call context, that is, flow must either return from the callable containing the source or use a jump-step before reaching the sink. The latter is the disjunction of the former and the existing `FeatureEqualSourceSinkCallContext` flow feature. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index a047558f018..487a1a58b2b 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.27 +lastReleaseVersion: 2.1.0 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 148f7c22aea..2dd531eda0a 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.28-dev +version: 2.1.1-dev groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 04d6328e1ad..ac2f534d1f0 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.44.md b/shared/mad/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 6d52d027c3c..cade13e956c 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 2daa850c9cd..356c331b5df 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.22 + +No user-facing changes. + ## 0.0.21 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.22.md b/shared/quantum/change-notes/released/0.0.22.md new file mode 100644 index 00000000000..00226747438 --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.22.md @@ -0,0 +1,3 @@ +## 0.0.22 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index 0c15c351db4..11aaa2243f5 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.21 +lastReleaseVersion: 0.0.22 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 62eff53a70f..4e7f48d621d 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.22-dev +version: 0.0.23-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 322f3e63d2a..7fe3864e2a9 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.44.md b/shared/rangeanalysis/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 52088206123..5c2fc87098b 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 91f48e63783..76740aca838 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.44.md b/shared/regex/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index de27548887a..26f585673ec 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 3be528de762..8e2eb4bd049 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.20 + +No user-facing changes. + ## 2.0.19 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.20.md b/shared/ssa/change-notes/released/2.0.20.md new file mode 100644 index 00000000000..6756bd5f6c1 --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.20.md @@ -0,0 +1,3 @@ +## 2.0.20 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 4aecf1e1f86..cde101f3516 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.19 +lastReleaseVersion: 2.0.20 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 26a6653166e..4cfd1100a80 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.20-dev +version: 2.0.21-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 5940973b8ca..83afe3edcec 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.44.md b/shared/threat-models/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index a7be7fa7472..9e47885b303 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.44-dev +version: 1.0.45-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1f381c3bc3e..403c4b8589a 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.44.md b/shared/tutorial/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 55533a9215d..2313b64956a 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 2750202de65..b57a022aa47 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.44.md b/shared/typeflow/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index d1f7f3a6ee5..1cd9c4b5f7b 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 20ebb6b42c0..8d524a11a09 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.25 + +No user-facing changes. + ## 0.0.24 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.25.md b/shared/typeinference/change-notes/released/0.0.25.md new file mode 100644 index 00000000000..e41a9acfa06 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.25.md @@ -0,0 +1,3 @@ +## 0.0.25 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index b956773a07f..6d0e80a50c3 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.24 +lastReleaseVersion: 0.0.25 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 3083c027155..533847824b1 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.25-dev +version: 0.0.26-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index edd15f80a3f..553f1b75bfd 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.28 + +No user-facing changes. + ## 2.0.27 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.28.md b/shared/typetracking/change-notes/released/2.0.28.md new file mode 100644 index 00000000000..3f9412b6e63 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.28.md @@ -0,0 +1,3 @@ +## 2.0.28 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index a047558f018..ec5bd6ba369 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.27 +lastReleaseVersion: 2.0.28 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 7b154125281..41a197cff1d 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.28-dev +version: 2.0.29-dev groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 50d7c3b9dab..277af7bfafe 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.44.md b/shared/typos/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index a01e2c21ac3..547c266fb94 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 550586e22aa..4f086cb994a 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.31 + +No user-facing changes. + ## 2.0.30 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.31.md b/shared/util/change-notes/released/2.0.31.md new file mode 100644 index 00000000000..b3cd05e3de4 --- /dev/null +++ b/shared/util/change-notes/released/2.0.31.md @@ -0,0 +1,3 @@ +## 2.0.31 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 19c80429585..783d47207cd 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.30 +lastReleaseVersion: 2.0.31 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 43291623fec..1b3f89c4ef7 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.31-dev +version: 2.0.32-dev groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 988f07dd919..ecdc24c85be 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.44.md b/shared/xml/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index c86bb266ce5..392bdb18282 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 323fcc5e351..62c04d103a4 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.44 + +No user-facing changes. + ## 1.0.43 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.44.md b/shared/yaml/change-notes/released/1.0.44.md new file mode 100644 index 00000000000..9a8d400d319 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.44.md @@ -0,0 +1,3 @@ +## 1.0.44 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 950be6c1f2c..59728e63980 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.43 +lastReleaseVersion: 1.0.44 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index c374e16c9cd..b951c408c85 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.44-dev +version: 1.0.45-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 793cfd9cc20..f105831909f 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 6.3.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.2.4. + +### Minor Analysis Improvements + +* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. + ## 6.2.3 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md deleted file mode 100644 index 23fdce9b615..00000000000 --- a/swift/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/swift/ql/lib/change-notes/2026-03-06-swift-6.2.4.md b/swift/ql/lib/change-notes/2026-03-06-swift-6.2.4.md deleted file mode 100644 index f507df1c2df..00000000000 --- a/swift/ql/lib/change-notes/2026-03-06-swift-6.2.4.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Upgraded to allow analysis of Swift 6.2.4. diff --git a/go/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md b/swift/ql/lib/change-notes/released/6.3.0.md similarity index 61% rename from go/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md rename to swift/ql/lib/change-notes/released/6.3.0.md index 23fdce9b615..5d010b9d110 100644 --- a/go/ql/lib/change-notes/2026-03-05-inline-expectation-space-after-$.md +++ b/swift/ql/lib/change-notes/released/6.3.0.md @@ -1,4 +1,9 @@ ---- -category: minorAnalysis ---- +## 6.3.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.2.4. + +### Minor Analysis Improvements + * Inline expectations test comments, which are of the form `// $ tag` or `// $ tag=value`, are now parsed more strictly and will not be recognized if there isn't a space after the `$` symbol. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index e3651327c5b..ae5210e925a 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.2.3 +lastReleaseVersion: 6.3.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 6689881badc..3343e056833 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.2.4-dev +version: 6.3.1-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 2b609c7f270..40371bcbb8d 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.18 + +No user-facing changes. + ## 1.2.17 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.2.18.md b/swift/ql/src/change-notes/released/1.2.18.md new file mode 100644 index 00000000000..e7b808777a2 --- /dev/null +++ b/swift/ql/src/change-notes/released/1.2.18.md @@ -0,0 +1,3 @@ +## 1.2.18 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index e8e4a1b8f7d..e414238818d 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.17 +lastReleaseVersion: 1.2.18 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 866219f0753..80a16a8099d 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.18-dev +version: 1.2.19-dev groups: - swift - queries