Revert "Release preparation for version 2.26.0"

This commit is contained in:
Mario Campos
2026-06-30 13:21:27 -05:00
committed by GitHub
parent 7c73de0e3c
commit 41f2e7b6f6
188 changed files with 196 additions and 509 deletions

View File

@@ -1,10 +1,3 @@
## 2.4.0
### New Queries
* Added a new query, `js/system-prompt-injection`, to detect cases where untrusted, user-provided values flow into the system prompt of an AI model, allowing an attacker to manipulate the model's behavior.
* Added a new experimental query, `javascript/ssrf-ipv6-transition-incomplete-guard`, to detect SSRF host-validation guards that reject private IPv4 ranges but fail to unwrap IPv6-transition forms (IPv4-mapped `::ffff:`, NAT64 `64:ff9b::`, 6to4 `2002::`), allowing the guard to be bypassed by wrapping an internal IPv4 address in a transition literal.
## 2.3.11
No user-facing changes.

View File

@@ -1,6 +1,4 @@
## 2.4.0
### New Queries
* Added a new query, `js/system-prompt-injection`, to detect cases where untrusted, user-provided values flow into the system prompt of an AI model, allowing an attacker to manipulate the model's behavior.
---
category: newQuery
---
* Added a new experimental query, `javascript/ssrf-ipv6-transition-incomplete-guard`, to detect SSRF host-validation guards that reject private IPv4 ranges but fail to unwrap IPv6-transition forms (IPv4-mapped `::ffff:`, NAT64 `64:ff9b::`, 6to4 `2002::`), allowing the guard to be bypassed by wrapping an internal IPv4 address in a transition literal.

View File

@@ -0,0 +1,5 @@
---
category: newQuery
---
* Added a new query, `js/system-prompt-injection`, to detect cases where untrusted, user-provided values flow into the system prompt of an AI model, allowing an attacker to manipulate the model's behavior.

View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.4.0
lastReleaseVersion: 2.3.11

View File

@@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 2.4.0
version: 2.3.12-dev
groups:
- javascript
- queries