Release preparation for version 2.20.4

java/ql/lib/CHANGELOG.md

@@ -1,3 +1,19 @@
+## 7.0.0
+
+### Breaking Changes
+
+* Deleted the deprecated `isLValue` and `isRValue` predicates from the `VarAccess` class, use `isVarWrite` and `isVarRead` respectively instead.
+* Deleted the deprecated `getRhs` predicate from the `VarWrite` class, use `getASource` instead.
+* Deleted the deprecated `LValue` and `RValue` classes, use `VarWrite` and `VarRead` respectively instead.
+* Deleted a lot of deprecated classes ending in "*Access", use the corresponding "*Call" classes instead.
+* Deleted a lot of deprecated predicates ending in "*Access", use the corresponding "*Call" predicates instead.
+* Deleted the deprecated `EnvInput` and `DatabaseInput` classes from `FlowSources.qll`, use the threat models feature instead.
+* Deleted some deprecated API predicates from `SensitiveApi.qll`, use the Sink classes from that file instead.
+
+### Minor Analysis Improvements
+
+* We now allow classes which don't have any JAX-RS annotations to inherit JAX-RS annotations from superclasses or interfaces. This is not allowed in the JAX-RS specification, but some implementations, like Apache CXF, allow it. This may lead to more alerts being found.
+
 ## 6.1.0
 
 ### New Features

java/ql/lib/change-notes/2025-01-07-jax-rs-annotation-inheritance.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* We now allow classes which don't have any JAX-RS annotations to inherit JAX-RS annotations from superclasses or interfaces. This is not allowed in the JAX-RS specification, but some implementations, like Apache CXF, allow it. This may lead to more alerts being found.

java/ql/lib/change-notes/released/7.0.0.md

@@ -1,6 +1,7 @@
----
-category: breaking
----
+## 7.0.0
+
+### Breaking Changes
+
 * Deleted the deprecated `isLValue` and `isRValue` predicates from the `VarAccess` class, use `isVarWrite` and `isVarRead` respectively instead.
 * Deleted the deprecated `getRhs` predicate from the `VarWrite` class, use `getASource` instead.
 * Deleted the deprecated `LValue` and `RValue` classes, use `VarWrite` and `VarRead` respectively instead.
@@ -9,3 +10,6 @@ category: breaking
 * Deleted the deprecated `EnvInput` and `DatabaseInput` classes from `FlowSources.qll`, use the threat models feature instead.
 * Deleted some deprecated API predicates from `SensitiveApi.qll`, use the Sink classes from that file instead.
 
+### Minor Analysis Improvements
+
+* We now allow classes which don't have any JAX-RS annotations to inherit JAX-RS annotations from superclasses or interfaces. This is not allowed in the JAX-RS specification, but some implementations, like Apache CXF, allow it. This may lead to more alerts being found.

java/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.1.0
+lastReleaseVersion: 7.0.0

java/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 6.1.1-dev
+version: 7.0.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

java/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.1.13
+
+### Minor Analysis Improvements
+
+* All *experimental* queries have been deprecated. The queries are instead available as part of the *default* query suite in [CodeQL-Community-Packs](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs).
+
 ## 1.1.12
 
 ### Bug Fixes

java/ql/src/change-notes/released/1.1.13.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.1.13
+
+### Minor Analysis Improvements
+
 * All *experimental* queries have been deprecated. The queries are instead available as part of the *default* query suite in [CodeQL-Community-Packs](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs).

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.12
+lastReleaseVersion: 1.1.13

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.1.13-dev
+version: 1.1.13
 groups:
   - java
   - queries