mirror of
https://github.com/github/codeql.git
synced 2026-02-11 20:51:06 +01:00
Release preparation for version 2.24.0
This commit is contained in:
github-actions[bot]
@@ -1,3 +1,9 @@
|
||||
## 0.4.26
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`.
|
||||
|
||||
## 0.4.25
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
## 0.4.26
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.25
|
||||
lastReleaseVersion: 0.4.26
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.26-dev
|
||||
version: 0.4.26
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 0.6.18
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.6.17
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
actions/ql/src/change-notes/released/0.6.18.md
Normal file
3
actions/ql/src/change-notes/released/0.6.18.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 0.6.18
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.17
|
||||
lastReleaseVersion: 0.6.18
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.18-dev
|
||||
version: 0.6.18
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -1,3 +1,27 @@
|
||||
## 7.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations.
|
||||
* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter.
|
||||
* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results.
|
||||
|
||||
## 6.1.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results.
|
||||
23
cpp/ql/lib/change-notes/released/7.0.0.md
Normal file
23
cpp/ql/lib/change-notes/released/7.0.0.md
Normal file
@@ -0,0 +1,23 @@
|
||||
## 7.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases.
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations.
|
||||
* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter.
|
||||
* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 6.1.4
|
||||
lastReleaseVersion: 7.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 6.1.5-dev
|
||||
version: 7.0.0
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
## 1.5.9
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees.
|
||||
|
||||
## 1.5.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
## 1.5.9
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.8
|
||||
lastReleaseVersion: 1.5.9
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.5.9-dev
|
||||
version: 1.5.9
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.56
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.56
|
||||
lastReleaseVersion: 1.7.57
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.57-dev
|
||||
version: 1.7.57
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.56
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.7.57
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.56
|
||||
lastReleaseVersion: 1.7.57
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.57-dev
|
||||
version: 1.7.57
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,3 +1,22 @@
|
||||
## 5.4.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files.
|
||||
* Updated the generated .NET “models as data” runtime models to cover .NET 10.
|
||||
* C# 14: Support for *implicit* span conversions in the QL library.
|
||||
* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis.
|
||||
* Added autobuilder and `build-mode: none` support for `.slnx` solution files.
|
||||
* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere.
|
||||
* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed two issues affecting build mode `none`:
|
||||
* Corrected version sorting logic when detecting the newest .NET framework to use.
|
||||
* Improved stability for .NET 10 compatibility.
|
||||
* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed.
|
||||
|
||||
## 5.4.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* Fixed two issues affecting build mode `none`:
|
||||
* Corrected version sorting logic when detecting the newest .NET framework to use.
|
||||
* Improved stability for .NET 10 compatibility.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added autobuilder and `build-mode: none` support for `.slnx` solution files.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* C# 14: Support for *implicit* span conversions in the QL library.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Updated the generated .NET “models as data” runtime models to cover .NET 10.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files.
|
||||
18
csharp/ql/lib/change-notes/released/5.4.5.md
Normal file
18
csharp/ql/lib/change-notes/released/5.4.5.md
Normal file
@@ -0,0 +1,18 @@
|
||||
## 5.4.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files.
|
||||
* Updated the generated .NET “models as data” runtime models to cover .NET 10.
|
||||
* C# 14: Support for *implicit* span conversions in the QL library.
|
||||
* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis.
|
||||
* Added autobuilder and `build-mode: none` support for `.slnx` solution files.
|
||||
* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere.
|
||||
* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* Fixed two issues affecting build mode `none`:
|
||||
* Corrected version sorting logic when detecting the newest .NET framework to use.
|
||||
* Improved stability for .NET 10 compatibility.
|
||||
* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.4.4
|
||||
lastReleaseVersion: 5.4.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 5.4.5-dev
|
||||
version: 5.4.5
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,3 +1,14 @@
|
||||
## 1.6.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.
|
||||
* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core.
|
||||
|
||||
## 1.5.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem.
|
||||
10
csharp/ql/src/change-notes/released/1.6.0.md
Normal file
10
csharp/ql/src/change-notes/released/1.6.0.md
Normal file
@@ -0,0 +1,10 @@
|
||||
## 1.6.0
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.
|
||||
* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.4
|
||||
lastReleaseVersion: 1.6.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.5.5-dev
|
||||
version: 1.6.0
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.39
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.39
|
||||
lastReleaseVersion: 1.0.40
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.40-dev
|
||||
version: 1.0.40
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files.
|
||||
|
||||
## 5.0.6
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files.
|
||||
9
go/ql/lib/change-notes/released/6.0.0.md
Normal file
9
go/ql/lib/change-notes/released/6.0.0.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.0.6
|
||||
lastReleaseVersion: 6.0.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 5.0.7-dev
|
||||
version: 6.0.0
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.5.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.5.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
go/ql/src/change-notes/released/1.5.4.md
Normal file
3
go/ql/src/change-notes/released/1.5.4.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.5.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.3
|
||||
lastReleaseVersion: 1.5.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.5.4-dev
|
||||
version: 1.5.4
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,13 @@
|
||||
## 7.8.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files.
|
||||
* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled.
|
||||
* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe.
|
||||
* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
|
||||
* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`.
|
||||
|
||||
## 7.8.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files.
|
||||
9
java/ql/lib/change-notes/released/7.8.4.md
Normal file
9
java/ql/lib/change-notes/released/7.8.4.md
Normal file
@@ -0,0 +1,9 @@
|
||||
## 7.8.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files.
|
||||
* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled.
|
||||
* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe.
|
||||
* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
|
||||
* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.8.3
|
||||
lastReleaseVersion: 7.8.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 7.8.4-dev
|
||||
version: 7.8.4
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -1,3 +1,10 @@
|
||||
## 1.10.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Cretentials queries.
|
||||
* Java thread safety analysis now understands initialization to thread safe classes inside constructors.
|
||||
|
||||
## 1.10.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Java thread safety analysis now understands initialization to thread safe classes inside constructors.
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Cretentials queries.
|
||||
6
java/ql/src/change-notes/released/1.10.5.md
Normal file
6
java/ql/src/change-notes/released/1.10.5.md
Normal file
@@ -0,0 +1,6 @@
|
||||
## 1.10.5
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Cretentials queries.
|
||||
* Java thread safety analysis now understands initialization to thread safe classes inside constructors.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.10.4
|
||||
lastReleaseVersion: 1.10.5
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-queries
|
||||
version: 1.10.5-dev
|
||||
version: 1.10.5
|
||||
groups:
|
||||
- java
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,11 @@
|
||||
## 2.6.20
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
- Support `use cache` directives for Next.js 16.
|
||||
* Added `PreCallGraphStep` flow model for React's `useRef` hook.
|
||||
* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
|
||||
|
||||
## 2.6.19
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `PreCallGraphStep` flow model for React's `useRef` hook.
|
||||
* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
|
||||
- Support `use cache` directives for Next.js 16.
|
||||
7
javascript/ql/lib/change-notes/released/2.6.20.md
Normal file
7
javascript/ql/lib/change-notes/released/2.6.20.md
Normal file
@@ -0,0 +1,7 @@
|
||||
## 2.6.20
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
- Support `use cache` directives for Next.js 16.
|
||||
* Added `PreCallGraphStep` flow model for React's `useRef` hook.
|
||||
* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.6.19
|
||||
lastReleaseVersion: 2.6.20
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-all
|
||||
version: 2.6.20-dev
|
||||
version: 2.6.20
|
||||
groups: javascript
|
||||
dbscheme: semmlecode.javascript.dbscheme
|
||||
extractor: javascript
|
||||
|
||||
@@ -1,3 +1,20 @@
|
||||
## 2.3.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed.
|
||||
For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable
|
||||
`CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The model of `vue-router` now properly detects taint sources in cases where
|
||||
the `props` property is a callback.
|
||||
* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
|
||||
named `route` or `page` appearing outside `api` and `pages` folders.
|
||||
* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
|
||||
is set, since the content type defaults to `text/plain`.
|
||||
|
||||
## 2.2.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
|
||||
named `route` or `page` appearing outside `api` and `pages` folders.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
|
||||
is set, since the content type defaults to `text/plain`.
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed.
|
||||
For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable
|
||||
`CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`.
|
||||
@@ -1,5 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The model of `vue-router` now properly detects taint sources in cases where
|
||||
the `props` property is a callback.
|
||||
16
javascript/ql/src/change-notes/released/2.3.0.md
Normal file
16
javascript/ql/src/change-notes/released/2.3.0.md
Normal file
@@ -0,0 +1,16 @@
|
||||
## 2.3.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed.
|
||||
For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable
|
||||
`CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The model of `vue-router` now properly detects taint sources in cases where
|
||||
the `props` property is a callback.
|
||||
* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files
|
||||
named `route` or `page` appearing outside `api` and `pages` folders.
|
||||
* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header
|
||||
is set, since the content type defaults to `text/plain`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 2.2.4
|
||||
lastReleaseVersion: 2.3.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/javascript-queries
|
||||
version: 2.2.5-dev
|
||||
version: 2.3.0
|
||||
groups:
|
||||
- javascript
|
||||
- queries
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.39
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
3
misc/suite-helpers/change-notes/released/1.0.40.md
Normal file
3
misc/suite-helpers/change-notes/released/1.0.40.md
Normal file
@@ -0,0 +1,3 @@
|
||||
## 1.0.40
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.39
|
||||
lastReleaseVersion: 1.0.40
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
name: codeql/suite-helpers
|
||||
version: 1.0.40-dev
|
||||
version: 1.0.40
|
||||
groups: shared
|
||||
warnOnImplicitThis: true
|
||||
|
||||
@@ -1,3 +1,24 @@
|
||||
## 6.0.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* All modules that depend on the points-to analysis have now been removed from the top level `python.qll` module. To access the points-to functionality, import the new `LegacyPointsTo` module. This also means that some predicates have been removed from various classes, for instance `Function.getFunctionObject()`. To access these predicates, import the `LegacyPointsTo` module and use the `FunctionWithPointsTo` class instead. Most cases follow this pattern, but there are a few exceptions:
|
||||
* The `getLiteralObject` method on `ImmutableLiteral` subclasses has been replaced with a predicate `getLiteralObject(ImmutableLiteral l)` in the `LegacyPointsTo` module.
|
||||
* The `getMetrics` method on `Function`, `Class`, and `Module` has been removed. To access metrics, import `LegacyPointsTo` and use the classes `FunctionMetrics`, etc. instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* The extractor now supports the new, relaxed syntax `except A, B, C: ...` (which would previously have to be written as `except (A, B, C): ...`) as defined in [PEP-758](https://peps.python.org/pep-0758/). This may cause changes in results for code that uses Python 2-style exception binding (`except Foo, e: ...`). The more modern format, `except Foo as e: ...` (available since Python 2.6) is unaffected.
|
||||
* The Python extractor now supports template strings as defined in [PEP-750](https://peps.python.org/pep-0750/), through the classes `TemplateString` and `JoinedTemplateString`.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Python extractor's search for YAML files.
|
||||
* The `compression.zstd` library (added in Python 3.14) is now supported by the `py/decompression-bomb` query.
|
||||
* Added taint flow model and type model for `urllib.parseurl`.
|
||||
* Remote flow sources for the `python-socketio` package have been modeled.
|
||||
* Additional models for remote flow sources for `tornado.websocket.WebSocketHandler` have been added.
|
||||
|
||||
## 5.0.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Additional models for remote flow sources for `tornado.websocket.WebSocketHandler` have been added.
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user