hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tweak changenotes

Browse Source
This commit is contained in:
Nick Rolfe
2025-07-22 09:51:52 +01:00
parent 997547b8ef
commit 43d14c28c2
9 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actions/ql/lib/CHANGELOG.md
View File

@@ -2,7 +2,7 @@
### Bug Fixes
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
## 0.4.12

2
actions/ql/lib/change-notes/released/0.4.13.md
View File

@@ -2,4 +2,4 @@
### Bug Fixes
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.

2
cpp/ql/lib/CHANGELOG.md
View File

@@ -6,7 +6,7 @@
### New Features
* Added a `isFinalValueOfParameter` predicate to DataFlow::Node which holds when a dataflow node represents the final value of an output parameter of a function.
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
### Minor Analysis Improvements

2
cpp/ql/lib/change-notes/released/5.3.0.md
View File

@@ -6,7 +6,7 @@
### New Features
* Added a `isFinalValueOfParameter` predicate to DataFlow::Node which holds when a dataflow node represents the final value of an output parameter of a function.
* Added a `isFinalValueOfParameter` predicate to `DataFlow::Node` which holds when a dataflow node represents the final value of an output parameter of a function.
### Minor Analysis Improvements

2
csharp/ql/src/CHANGELOG.md
View File

@@ -7,7 +7,7 @@
### Bug Fixes
* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
## 1.3.0

2
csharp/ql/src/change-notes/released/1.3.1.md
View File

@@ -7,4 +7,4 @@
### Bug Fixes
* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
* `web.config` and `web.release.config` files are now recognized regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.

2
go/ql/src/CHANGELOG.md
View File

@@ -2,7 +2,7 @@
### Minor Analysis Improvements
* `filepath.IsLocal` is now recognised as a sanitizer against path-traversal and related vulnerabilities.
* `filepath.IsLocal` is now recognized as a sanitizer against path-traversal and related vulnerabilities.
## 1.4.0

2
go/ql/src/change-notes/released/1.4.1.md
View File

@@ -2,4 +2,4 @@
### Minor Analysis Improvements
* `filepath.IsLocal` is now recognised as a sanitizer against path-traversal and related vulnerabilities.
* `filepath.IsLocal` is now recognized as a sanitizer against path-traversal and related vulnerabilities.

2
java/ql/lib/change-notes/released/7.4.0.md
View File

@@ -10,7 +10,7 @@
### New Features
* You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks which do not require extra logic to determine if they are unsafe are now defined in this way.
* You can now add sinks for the query "Deserialization of user-controlled data" (`java/unsafe-deserialization`) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/#extensible-predicates-used-to-create-custom-models-in-java-and-kotlin) by extending `sinkModel` and using the kind "unsafe-deserialization". The existing sinks that do not require extra logic to determine if they are unsafe are now defined in this way.
### Minor Analysis Improvements