hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.14.0

Browse Source
This commit is contained in:
github-actions[bot]
2023-07-07 08:22:14 +00:00
parent 139585fe5c
commit 6484ee106e
138 changed files with 443 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,25 @@
## 0.7.0
### Deprecated APIs
* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated.
### Major Analysis Improvements
* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.
### Minor Analysis Improvements
* Added automatically-generated dataflow models for `javax.portlet`.
* Added a missing summary model for the method `java.net.URL.toString`.
* Added automatically-generated dataflow models for the following frameworks and libraries:
* `hudson`
* `jenkins`
* `net.sf.json`
* `stapler`
* Added more models for the Hudson framework.
* Added more models for the Stapler framework.
## 0.6.4
No user-facing changes.

4
java/ql/lib/change-notes/2023-04-19-deprecated-execcallable.md
View File

@@ -1,4 +0,0 @@
---
category: deprecated
---
* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated.

4
java/ql/lib/change-notes/2023-05-22-hudson-models.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added more models for the Hudson framework.

4
java/ql/lib/change-notes/2023-05-22-stapler-models.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added more models for the Stapler framework.

4
java/ql/lib/change-notes/2023-06-08-type-strengthening.md
View File

@@ -1,4 +0,0 @@
---
category: majorAnalysis
---
* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.

8
java/ql/lib/change-notes/2023-06-14-jenkins-autogenerated-models.md
View File

@@ -1,8 +0,0 @@
---
category: minorAnalysis
---
* Added automatically-generated dataflow models for the following frameworks and libraries:
* `hudson`
* `jenkins`
* `net.sf.json`
* `stapler`

4
java/ql/lib/change-notes/2023-06-22-url-tostring-model.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added a missing summary model for the method `java.net.URL.toString`.

4
java/ql/lib/change-notes/2023-06-28-javax-portlet-autogenerated-models.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added automatically-generated dataflow models for `javax.portlet`.

21
java/ql/lib/change-notes/released/0.7.0.md Normal file
View File

@@ -0,0 +1,21 @@
## 0.7.0
### Deprecated APIs
* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated.
### Major Analysis Improvements
* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.
### Minor Analysis Improvements
* Added automatically-generated dataflow models for `javax.portlet`.
* Added a missing summary model for the method `java.net.URL.toString`.
* Added automatically-generated dataflow models for the following frameworks and libraries:
* `hudson`
* `jenkins`
* `net.sf.json`
* `stapler`
* Added more models for the Hudson framework.
* Added more models for the Stapler framework.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.4
lastReleaseVersion: 0.7.0

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.7.0-dev
version: 0.7.0
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

11
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 0.7.0
### Minor Analysis Improvements
* New models have been added for `org.apache.commons.lang`.
* The query `java/unsafe-deserialization` has been updated to take into account `SerialKiller`, a library used to prevent deserialization of arbitrary classes.
### Bug Fixes
* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`java/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
## 0.6.4
No user-facing changes.

4
java/ql/src/change-notes/2023-06-02-unsafe-deserialization-serialkiller.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The query `java/unsafe-deserialization` has been updated to take into account `SerialKiller`, a library used to prevent deserialization of arbitrary classes.

4
java/ql/src/change-notes/2023-06-16-zipslip-rename.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`java/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."

4
java/ql/src/change-notes/2023-06-23-apache-commons-lang.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* New models have been added for `org.apache.commons.lang`.

10
java/ql/src/change-notes/released/0.7.0.md Normal file
View File

@@ -0,0 +1,10 @@
## 0.7.0
### Minor Analysis Improvements
* New models have been added for `org.apache.commons.lang`.
* The query `java/unsafe-deserialization` has been updated to take into account `SerialKiller`, a library used to prevent deserialization of arbitrary classes.
### Bug Fixes
* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`java/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.4
lastReleaseVersion: 0.7.0

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 0.7.0-dev
version: 0.7.0
groups:
- java
- queries