hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.11.3

Browse Source
This commit is contained in:
github-actions[bot]
2022-11-04 20:16:23 +00:00
parent 649c3af98a
commit 508327235a
82 changed files with 214 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ruby/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,12 @@
## 0.4.3
### Minor Analysis Improvements
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
- Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.
* Taint flow is now tracked through extension methods on `Hash`, `String` and
`Object` provided by `ActiveSupport`.
## 0.4.2
### Minor Analysis Improvements

5
ruby/ql/lib/change-notes/2022-10-18-activesupport-flow.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
* Taint flow is now tracked through extension methods on `Hash`, `String` and
`Object` provided by `ActiveSupport`.

5
ruby/ql/lib/change-notes/2022-10-20-expand-faraday-model-for-ssrf-sink.md
View File

@@ -1,5 +0,0 @@
---
category: minorAnalysis
---
- Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.

4
ruby/ql/lib/change-notes/2022-10-21-local-taint-step.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.

8
ruby/ql/lib/change-notes/released/0.4.3.md Normal file
View File

@@ -0,0 +1,8 @@
## 0.4.3
### Minor Analysis Improvements
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
- Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.
* Taint flow is now tracked through extension methods on `Hash`, `String` and
`Object` provided by `ActiveSupport`.

2
ruby/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.2
lastReleaseVersion: 0.4.3

2
ruby/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-all
version: 0.4.3-dev
version: 0.4.3
groups: ruby
extractor: ruby
dbscheme: ruby.dbscheme