diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index b552a329250..b3091ec37d8 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.12.6 + +### New Features + +* A `getInitialization` predicate was added to the `RangeBasedForStmt` class that yields the C++20-style initializer of the range-based `for` statement when it exists. + ## 0.12.5 ### New Features diff --git a/cpp/ql/lib/change-notes/2023-02-16-range-based-for-initializers.md b/cpp/ql/lib/change-notes/released/0.12.6.md similarity index 85% rename from cpp/ql/lib/change-notes/2023-02-16-range-based-for-initializers.md rename to cpp/ql/lib/change-notes/released/0.12.6.md index ba85ec7f155..aba848023ee 100644 --- a/cpp/ql/lib/change-notes/2023-02-16-range-based-for-initializers.md +++ b/cpp/ql/lib/change-notes/released/0.12.6.md @@ -1,4 +1,5 @@ ---- -category: feature ---- +## 0.12.6 + +### New Features + * A `getInitialization` predicate was added to the `RangeBasedForStmt` class that yields the C++20-style initializer of the range-based `for` statement when it exists. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 79f80ae516c..170a312c104 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.12.5 +lastReleaseVersion: 0.12.6 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 7615b6bac2f..90171958170 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.12.6-dev +version: 0.12.6 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 44d00c1d8e4..ffcd73ff5d7 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.9.5 + +### Minor Analysis Improvements + +* The "non-constant format string" query (`cpp/non-constant-format`) has been updated to produce fewer false positives. +* Added dataflow models for the `gettext` function variants. + ## 0.9.4 ### Minor Analysis Improvements diff --git a/cpp/ql/src/change-notes/2024-02-05-gettext-dataflows.md b/cpp/ql/src/change-notes/2024-02-05-gettext-dataflows.md deleted file mode 100644 index 573a6a3a6cd..00000000000 --- a/cpp/ql/src/change-notes/2024-02-05-gettext-dataflows.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added dataflow models for the `gettext` function variants. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2024-02-16-non-constant-format.md b/cpp/ql/src/change-notes/released/0.9.5.md similarity index 53% rename from cpp/ql/src/change-notes/2024-02-16-non-constant-format.md rename to cpp/ql/src/change-notes/released/0.9.5.md index db8481f6b59..6a961750d93 100644 --- a/cpp/ql/src/change-notes/2024-02-16-non-constant-format.md +++ b/cpp/ql/src/change-notes/released/0.9.5.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.9.5 + +### Minor Analysis Improvements + * The "non-constant format string" query (`cpp/non-constant-format`) has been updated to produce fewer false positives. +* Added dataflow models for the `gettext` function variants. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 694907ca221..460240feaff 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.4 +lastReleaseVersion: 0.9.5 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 9151201a137..371648a28fd 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.5-dev +version: 0.9.5 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 1e9fa50c21f..190b83b0f25 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.9 + +No user-facing changes. + ## 1.7.8 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.9.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.9.md new file mode 100644 index 00000000000..84107525ff7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.9.md @@ -0,0 +1,3 @@ +## 1.7.9 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index e003efd5127..678da6bc37e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.8 +lastReleaseVersion: 1.7.9 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 8466748a25b..1c28b3a7baf 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.9-dev +version: 1.7.9 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 1e9fa50c21f..190b83b0f25 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.9 + +No user-facing changes. + ## 1.7.8 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.9.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.9.md new file mode 100644 index 00000000000..84107525ff7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.9.md @@ -0,0 +1,3 @@ +## 1.7.9 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index e003efd5127..678da6bc37e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.8 +lastReleaseVersion: 1.7.9 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index ff72db938e0..fb4aa233e9b 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.9-dev +version: 1.7.9 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 196cd5ecc92..95fd64c5270 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 0.8.9 + +### Minor Analysis Improvements + +* C# 12: The QL and data flow library now support primary constructors. +* Added a new database relation to store key-value pairs corresponding to compilations. The new relation is used in +buildless mode to surface information related to dependency fetching. + ## 0.8.8 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2024-02-12-primary-constructors.md b/csharp/ql/lib/change-notes/2024-02-12-primary-constructors.md deleted file mode 100644 index 672b1aeb351..00000000000 --- a/csharp/ql/lib/change-notes/2024-02-12-primary-constructors.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 12: The QL and data flow library now support primary constructors. diff --git a/csharp/ql/lib/change-notes/2024-02-05-compilation-info.md b/csharp/ql/lib/change-notes/released/0.8.9.md similarity index 62% rename from csharp/ql/lib/change-notes/2024-02-05-compilation-info.md rename to csharp/ql/lib/change-notes/released/0.8.9.md index 5a6a3e58fc2..811088d0be2 100644 --- a/csharp/ql/lib/change-notes/2024-02-05-compilation-info.md +++ b/csharp/ql/lib/change-notes/released/0.8.9.md @@ -1,6 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.8.9 + +### Minor Analysis Improvements + +* C# 12: The QL and data flow library now support primary constructors. * Added a new database relation to store key-value pairs corresponding to compilations. The new relation is used in buildless mode to surface information related to dependency fetching. - diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2e576e11b11..a346cba5e02 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.9-dev +version: 0.8.9 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index ac2fbfce855..9fe1609363f 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.9 + +### Minor Analysis Improvements + +* Added sanitizers for relative URLs, `List.Contains()`, and checking the `.Host` property on an URI to the `cs/web/unvalidated-url-redirection` query. + ## 0.8.8 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/2024-02-14-url-sanitizers.md b/csharp/ql/src/change-notes/released/0.8.9.md similarity index 65% rename from csharp/ql/src/change-notes/2024-02-14-url-sanitizers.md rename to csharp/ql/src/change-notes/released/0.8.9.md index 1ac35ed0e89..4210517b165 100644 --- a/csharp/ql/src/change-notes/2024-02-14-url-sanitizers.md +++ b/csharp/ql/src/change-notes/released/0.8.9.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Added sanitizers for relative URLs, `List.Contains()`, and checking the `.Host` property on an URI to the `cs/web/unvalidated-url-redirection` query. \ No newline at end of file +## 0.8.9 + +### Minor Analysis Improvements + +* Added sanitizers for relative URLs, `List.Contains()`, and checking the `.Host` property on an URI to the `cs/web/unvalidated-url-redirection` query. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 018c3e09ae3..1d03699a20f 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.9-dev +version: 0.8.9 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 8f58f5145db..fba2a870356 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.8 + +No user-facing changes. + ## 0.0.7 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.8.md b/go/ql/consistency-queries/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..6af2d954c09 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.8.md @@ -0,0 +1,3 @@ +## 0.0.8 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 651e694d964..b4cc9a2e037 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.8-dev +version: 0.0.8 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 475352f1df2..65a2376217b 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.9 + +No user-facing changes. + ## 0.7.8 No user-facing changes. diff --git a/go/ql/lib/change-notes/released/0.7.9.md b/go/ql/lib/change-notes/released/0.7.9.md new file mode 100644 index 00000000000..c1fe3898274 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.9.md @@ -0,0 +1,3 @@ +## 0.7.9 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index b6b12196b26..576395f3405 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.8 +lastReleaseVersion: 0.7.9 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 920594fe6ec..02333bd3cad 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.9-dev +version: 0.7.9 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 66533a629f2..d95165a3a34 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.7.9 + +### New Queries + +* The query "Missing JWT signature check" (`go/missing-jwt-signature-check`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @am0o0](https://github.com/github/codeql/pull/14075). + +### Major Analysis Improvements + +* The query "Use of a hardcoded key for signing JWT" (`go/hardcoded-key`) has been promoted from experimental to the main query pack. Its results will now appear by default as part of `go/hardcoded-credentials`. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/9378). + ## 0.7.8 No user-facing changes. diff --git a/go/ql/src/change-notes/2024-02-06-hardcoded-keys-promotion.md b/go/ql/src/change-notes/2024-02-06-hardcoded-keys-promotion.md deleted file mode 100644 index ea233583a13..00000000000 --- a/go/ql/src/change-notes/2024-02-06-hardcoded-keys-promotion.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The query "Use of a hardcoded key for signing JWT" (`go/hardcoded-key`) has been promoted from experimental to the main query pack. Its results will now appear by default as part of `go/hardcoded-credentials`. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/9378). diff --git a/go/ql/src/change-notes/2024-02-06-missing-jwt-signature-check-promotion.md b/go/ql/src/change-notes/2024-02-06-missing-jwt-signature-check-promotion.md deleted file mode 100644 index 3fdb29af01e..00000000000 --- a/go/ql/src/change-notes/2024-02-06-missing-jwt-signature-check-promotion.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query "Missing JWT signature check" (`go/missing-jwt-signature-check`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @am0o0](https://github.com/github/codeql/pull/14075). diff --git a/go/ql/src/change-notes/released/0.7.9.md b/go/ql/src/change-notes/released/0.7.9.md new file mode 100644 index 00000000000..de35187b0fb --- /dev/null +++ b/go/ql/src/change-notes/released/0.7.9.md @@ -0,0 +1,9 @@ +## 0.7.9 + +### New Queries + +* The query "Missing JWT signature check" (`go/missing-jwt-signature-check`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @am0o0](https://github.com/github/codeql/pull/14075). + +### Major Analysis Improvements + +* The query "Use of a hardcoded key for signing JWT" (`go/hardcoded-key`) has been promoted from experimental to the main query pack. Its results will now appear by default as part of `go/hardcoded-credentials`. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/9378). diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index b6b12196b26..576395f3405 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.8 +lastReleaseVersion: 0.7.9 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index fb73fa0eb96..e601e8088ce 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.9-dev +version: 0.7.9 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 66435f14c73..4a3c54adb38 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.16 + +No user-facing changes. + ## 0.0.15 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.16.md b/java/ql/automodel/src/change-notes/released/0.0.16.md new file mode 100644 index 00000000000..62b5521ea01 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.16.md @@ -0,0 +1,3 @@ +## 0.0.16 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index dff35216fc6..a49f7be4cff 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.15 +lastReleaseVersion: 0.0.16 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 554902f6894..655c3da2fc6 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.16-dev +version: 0.0.16 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 4b34106dc09..d369cbdc931 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,27 @@ +## 0.8.9 + +### Deprecated APIs + +* The `PathCreation` class in `PathCreation.qll` has been deprecated. + +### Minor Analysis Improvements + +* An extension point for sanitizers of the query `java/unvalidated-url-redirection` has been added. +* Added models for the following packages: + + * java.io + * java.lang + * java.net + * java.net.http + * java.nio.file + * java.util.zip + * javax.servlet + * org.apache.commons.io + * org.apache.hadoop.fs + * org.apache.hadoop.fs.s3a + * org.eclipse.jetty.client + * org.gradle.api.file + ## 0.8.8 ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2024-01-26-deprecated-path-creation.md b/java/ql/lib/change-notes/2024-01-26-deprecated-path-creation.md deleted file mode 100644 index c955a459ca0..00000000000 --- a/java/ql/lib/change-notes/2024-01-26-deprecated-path-creation.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `PathCreation` class in `PathCreation.qll` has been deprecated. diff --git a/java/ql/lib/change-notes/2024-02-09-url-redirect-sanitizer.md b/java/ql/lib/change-notes/2024-02-09-url-redirect-sanitizer.md deleted file mode 100644 index a4a81de3a02..00000000000 --- a/java/ql/lib/change-notes/2024-02-09-url-redirect-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* An extension point for sanitizers of the query `java/unvalidated-url-redirection` has been added. diff --git a/java/ql/lib/change-notes/2024-01-31-new-models.md b/java/ql/lib/change-notes/released/0.8.9.md similarity index 55% rename from java/ql/lib/change-notes/2024-01-31-new-models.md rename to java/ql/lib/change-notes/released/0.8.9.md index bdb588f3bc3..16c4eb6b259 100644 --- a/java/ql/lib/change-notes/2024-01-31-new-models.md +++ b/java/ql/lib/change-notes/released/0.8.9.md @@ -1,6 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.8.9 + +### Deprecated APIs + +* The `PathCreation` class in `PathCreation.qll` has been deprecated. + +### Minor Analysis Improvements + +* An extension point for sanitizers of the query `java/unvalidated-url-redirection` has been added. * Added models for the following packages: * java.io diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index cadcc1c9be6..ebdac5a42f2 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.9-dev +version: 0.8.9 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 466b98fea11..b0a780b7584 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,22 @@ +## 0.8.9 + +### New Queries + +* Added a new query `java/android/insecure-local-authentication` for finding uses of biometric authentication APIs that do not make use of a `KeyStore`-backed key and thus may be bypassed. + +### Query Metadata Changes + +* The `security-severity` score of the query `java/relative-path-command` has been reduced to better adjust it to the specific conditions needed for exploitation. + +### Major Analysis Improvements + +* The sinks of the queries `java/path-injection` and `java/path-injection-local` have been reworked. Path creation sinks have been converted to summaries instead, while sinks now are actual file read/write operations only. This has reduced the false positive ratio of both queries. + +### Minor Analysis Improvements + +* The sanitizer for the path injection queries has been improved to handle more cases where `equals` is used to check an exact path match. +* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs the destination of which cannot be externally controlled will not be reported anymore. + ## 0.8.8 ### New Queries diff --git a/java/ql/src/change-notes/2024-01-26-path-injection-precision-improved.md b/java/ql/src/change-notes/2024-01-26-path-injection-precision-improved.md deleted file mode 100644 index 763cedea45d..00000000000 --- a/java/ql/src/change-notes/2024-01-26-path-injection-precision-improved.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The sinks of the queries `java/path-injection` and `java/path-injection-local` have been reworked. Path creation sinks have been converted to summaries instead, while sinks now are actual file read/write operations only. This has reduced the false positive ratio of both queries. diff --git a/java/ql/src/change-notes/2024-02-02-android-insecure-local-auth.md b/java/ql/src/change-notes/2024-02-02-android-insecure-local-auth.md deleted file mode 100644 index dc7ebcaade3..00000000000 --- a/java/ql/src/change-notes/2024-02-02-android-insecure-local-auth.md +++ /dev/null @@ -1,5 +0,0 @@ - ---- -category: newQuery ---- -* Added a new query `java/android/insecure-local-authentication` for finding uses of biometric authentication APIs that do not make use of a `KeyStore`-backed key and thus may be bypassed. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-02-09-url-redirect-sanitizer.md b/java/ql/src/change-notes/2024-02-09-url-redirect-sanitizer.md deleted file mode 100644 index f06978c8211..00000000000 --- a/java/ql/src/change-notes/2024-02-09-url-redirect-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs the destination of which cannot be externally controlled will not be reported anymore. diff --git a/java/ql/src/change-notes/2024-02-12-relative-exec-severity.md b/java/ql/src/change-notes/2024-02-12-relative-exec-severity.md deleted file mode 100644 index ce54d7fc645..00000000000 --- a/java/ql/src/change-notes/2024-02-12-relative-exec-severity.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The `security-severity` score of the query `java/relative-path-command` has been reduced to better adjust it to the specific conditions needed for exploitation. diff --git a/java/ql/src/change-notes/2024-02-15-path-sanitizer-equals.md b/java/ql/src/change-notes/2024-02-15-path-sanitizer-equals.md deleted file mode 100644 index 3f7fa840fe1..00000000000 --- a/java/ql/src/change-notes/2024-02-15-path-sanitizer-equals.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The sanitizer for the path injection queries has been improved to handle more cases where `equals` is used to check an exact path match. diff --git a/java/ql/src/change-notes/released/0.8.9.md b/java/ql/src/change-notes/released/0.8.9.md new file mode 100644 index 00000000000..d50b8f5e1c5 --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.9.md @@ -0,0 +1,18 @@ +## 0.8.9 + +### New Queries + +* Added a new query `java/android/insecure-local-authentication` for finding uses of biometric authentication APIs that do not make use of a `KeyStore`-backed key and thus may be bypassed. + +### Query Metadata Changes + +* The `security-severity` score of the query `java/relative-path-command` has been reduced to better adjust it to the specific conditions needed for exploitation. + +### Major Analysis Improvements + +* The sinks of the queries `java/path-injection` and `java/path-injection-local` have been reworked. Path creation sinks have been converted to summaries instead, while sinks now are actual file read/write operations only. This has reduced the false positive ratio of both queries. + +### Minor Analysis Improvements + +* The sanitizer for the path injection queries has been improved to handle more cases where `equals` is used to check an exact path match. +* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs the destination of which cannot be externally controlled will not be reported anymore. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index cad99f4d9c4..c9f04ca70d1 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.9-dev +version: 0.8.9 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 06e40ac7bd5..5b97ebbb22b 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.9 + +### Minor Analysis Improvements + +* The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. + ## 0.8.8 No user-facing changes. diff --git a/python/ql/lib/change-notes/2024-01-30-certification_not_certificate.md b/javascript/ql/lib/change-notes/released/0.8.9.md similarity index 81% rename from python/ql/lib/change-notes/2024-01-30-certification_not_certificate.md rename to javascript/ql/lib/change-notes/released/0.8.9.md index bfd7ab63dab..20e4ab7ba3f 100644 --- a/python/ql/lib/change-notes/2024-01-30-certification_not_certificate.md +++ b/javascript/ql/lib/change-notes/released/0.8.9.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.9 + +### Minor Analysis Improvements + * The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 2be9a1ed2bd..5e4e545ea4c 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.9-dev +version: 0.8.9 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 300da5225f9..85516e3625d 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.9 + +### Bug Fixes + +* The left operand of the `&&` operator no longer propagates data flow by default. + ## 0.8.8 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2024-02-13-block-logical-and-flow.md b/javascript/ql/src/change-notes/released/0.8.9.md similarity index 76% rename from javascript/ql/src/change-notes/2024-02-13-block-logical-and-flow.md rename to javascript/ql/src/change-notes/released/0.8.9.md index 2b08e677a26..951d4291648 100644 --- a/javascript/ql/src/change-notes/2024-02-13-block-logical-and-flow.md +++ b/javascript/ql/src/change-notes/released/0.8.9.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.8.9 + +### Bug Fixes + * The left operand of the `&&` operator no longer propagates data flow by default. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 545be6f2c61..a36a45d5ed9 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.9-dev +version: 0.8.9 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 61d4b001d25..3c06dd69b0f 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.9 + +No user-facing changes. + ## 0.7.8 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.9.md b/misc/suite-helpers/change-notes/released/0.7.9.md new file mode 100644 index 00000000000..c1fe3898274 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.9.md @@ -0,0 +1,3 @@ +## 0.7.9 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index b6b12196b26..576395f3405 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.8 +lastReleaseVersion: 0.7.9 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 6b20374ae33..6299dea47df 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.9-dev +version: 0.7.9 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 01692622749..e6f318c51ea 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.11.9 + +### Minor Analysis Improvements + +* The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. +* Added modeling of the `psycopg` PyPI package as a SQL database library. + ## 0.11.8 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2024-01-29-psycopg-modeling.md b/python/ql/lib/change-notes/2024-01-29-psycopg-modeling.md deleted file mode 100644 index 007cde7fb34..00000000000 --- a/python/ql/lib/change-notes/2024-01-29-psycopg-modeling.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added modeling of the `psycopg` PyPI package as a SQL database library. diff --git a/javascript/ql/lib/change-notes/2024-01-30-certification_not_certificate.md b/python/ql/lib/change-notes/released/0.11.9.md similarity index 61% rename from javascript/ql/lib/change-notes/2024-01-30-certification_not_certificate.md rename to python/ql/lib/change-notes/released/0.11.9.md index bfd7ab63dab..0a9885a5e92 100644 --- a/javascript/ql/lib/change-notes/2024-01-30-certification_not_certificate.md +++ b/python/ql/lib/change-notes/released/0.11.9.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.11.9 + +### Minor Analysis Improvements + * The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. +* Added modeling of the `psycopg` PyPI package as a SQL database library. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 345c308d402..b064d1778a1 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.8 +lastReleaseVersion: 0.11.9 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 94f82195d5b..63fe9b477ed 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.9-dev +version: 0.11.9 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 17931ead8b1..50762bcbf34 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.9 + +No user-facing changes. + ## 0.9.8 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.9.9.md b/python/ql/src/change-notes/released/0.9.9.md new file mode 100644 index 00000000000..8ad786ed096 --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.9.md @@ -0,0 +1,3 @@ +## 0.9.9 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 9ca6c6f2678..aabed7c396b 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.8 +lastReleaseVersion: 0.9.9 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index c5335da22f3..008073b66ca 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.9-dev +version: 0.9.9 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 8a9e4e6c8b7..ddf84b34873 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.8.9 + +### Minor Analysis Improvements + +* Raw output ERB tags of the form `<%== ... %>` are now recognised as cross-site scripting sinks. +* The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. + ## 0.8.8 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/2024-02-12-raw-erb-output.md b/ruby/ql/lib/change-notes/2024-02-12-raw-erb-output.md deleted file mode 100644 index f99d37bef62..00000000000 --- a/ruby/ql/lib/change-notes/2024-02-12-raw-erb-output.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Raw output ERB tags of the form `<%== ... %>` are now recognised as cross-site scripting sinks. diff --git a/swift/ql/lib/change-notes/2024-01-30-certification_not_certificate.md b/ruby/ql/lib/change-notes/released/0.8.9.md similarity index 56% rename from swift/ql/lib/change-notes/2024-01-30-certification_not_certificate.md rename to ruby/ql/lib/change-notes/released/0.8.9.md index bfd7ab63dab..f2e7488bf1a 100644 --- a/swift/ql/lib/change-notes/2024-01-30-certification_not_certificate.md +++ b/ruby/ql/lib/change-notes/released/0.8.9.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.8.9 + +### Minor Analysis Improvements + +* Raw output ERB tags of the form `<%== ... %>` are now recognised as cross-site scripting sinks. * The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 6c55331de90..b043b2ab7ab 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.9-dev +version: 0.8.9 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 9eff67dab9e..4149c728eff 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.9 + +No user-facing changes. + ## 0.8.8 ### New Queries diff --git a/ruby/ql/src/change-notes/released/0.8.9.md b/ruby/ql/src/change-notes/released/0.8.9.md new file mode 100644 index 00000000000..455f33c55e4 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.9.md @@ -0,0 +1,3 @@ +## 0.8.9 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index da0a61b4048..5290c29b7fe 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.8 +lastReleaseVersion: 0.8.9 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 3637a80df7f..b0f0501437a 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.9-dev +version: 0.8.9 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index d72921d34c1..dbfa6ef4512 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.9 + +No user-facing changes. + ## 0.1.8 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.9.md b/shared/controlflow/change-notes/released/0.1.9.md new file mode 100644 index 00000000000..e93006d794f --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.9.md @@ -0,0 +1,3 @@ +## 0.1.9 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 3136ea4a1cc..1425c0edf7f 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.8 +lastReleaseVersion: 0.1.9 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index c7a88e50611..a3018c3f456 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.9-dev +version: 0.1.9 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index e9b6c3bc904..67a5bf589f4 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.0 + +### Breaking Changes + +* The `edges` predicate contained in `PathGraph` now contains two additional columns for propagating model provenance information. This is primarily an internal change without any impact on any APIs, except for specialised queries making use of `MergePathGraph` in conjunction with custom `PathGraph` implementations. Such queries will need to be updated to reference the two new columns. This is expected to be very rare, as `MergePathGraph` is an advanced feature, but it is a breaking change for any such affected queries. + ## 0.1.8 No user-facing changes. diff --git a/shared/dataflow/change-notes/2024-02-08-edges-provenance.md b/shared/dataflow/change-notes/released/0.2.0.md similarity index 94% rename from shared/dataflow/change-notes/2024-02-08-edges-provenance.md rename to shared/dataflow/change-notes/released/0.2.0.md index 4cf0fd39d4b..77e44f09ba6 100644 --- a/shared/dataflow/change-notes/2024-02-08-edges-provenance.md +++ b/shared/dataflow/change-notes/released/0.2.0.md @@ -1,4 +1,5 @@ ---- -category: breaking ---- +## 0.2.0 + +### Breaking Changes + * The `edges` predicate contained in `PathGraph` now contains two additional columns for propagating model provenance information. This is primarily an internal change without any impact on any APIs, except for specialised queries making use of `MergePathGraph` in conjunction with custom `PathGraph` implementations. Such queries will need to be updated to reference the two new columns. This is expected to be very rare, as `MergePathGraph` is an advanced feature, but it is a breaking change for any such affected queries. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 3136ea4a1cc..5274e27ed52 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.8 +lastReleaseVersion: 0.2.0 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index c14ef815d58..16be0508de3 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.9-dev +version: 0.2.0 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 35042f79b69..4d09057118c 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.9.md b/shared/mad/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/mad/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 0b3830f888d..e7825246a9d 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 9ad1339683f..5b8dbcfab22 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.8 + +No user-facing changes. + ## 0.0.7 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/0.0.8.md b/shared/rangeanalysis/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..6af2d954c09 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.8.md @@ -0,0 +1,3 @@ +## 0.0.8 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 0f5272dd8cf..610d9750998 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.8-dev +version: 0.0.8 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index bf0aa553157..cd5f91f71ec 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.9.md b/shared/regex/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/regex/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index eca67311c9c..7d802fcdcce 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 7c9b57d2b8e..01acfae0148 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.9.md b/shared/ssa/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index b5d30380815..4fcfd63169c 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 8f58f5145db..fba2a870356 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.8 + +No user-facing changes. + ## 0.0.7 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.8.md b/shared/threat-models/change-notes/released/0.0.8.md new file mode 100644 index 00000000000..6af2d954c09 --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.8.md @@ -0,0 +1,3 @@ +## 0.0.8 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index a2a5484910b..58fdc6b45de 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.7 +lastReleaseVersion: 0.0.8 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index eb345ecca9a..ee3901ba2b6 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.8-dev +version: 0.0.8 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index bc33883a950..1db3a01af0b 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.9.md b/shared/tutorial/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index e3080bb33b5..496aadc0c7c 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 4c21bc408be..afc857bc6bc 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.9.md b/shared/typetracking/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index adf375fd0c3..f4a75f57cd1 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 2b0bb7d2f75..66c5871d982 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.9.md b/shared/typos/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/typos/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 927514b2fe4..aa1abf5a3d5 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 273afd4129b..63832e927fa 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.9.md b/shared/util/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/util/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 72537a48107..067442e11e2 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index e2991032640..e5495abcd50 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.9 + +No user-facing changes. + ## 0.2.8 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.9.md b/shared/yaml/change-notes/released/0.2.9.md new file mode 100644 index 00000000000..7bca075286f --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.9.md @@ -0,0 +1,3 @@ +## 0.2.9 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 66ad7f587f8..d021cf0a6be 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.8 +lastReleaseVersion: 0.2.9 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index fae3aad1324..a35a2bf3ab5 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.9-dev +version: 0.2.9 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index b69d9b9e9a3..e88cd0259cc 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.3.9 + +### Minor Analysis Improvements + +* The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. + ## 0.3.8 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2024-01-30-certification_not_certificate.md b/swift/ql/lib/change-notes/released/0.3.9.md similarity index 81% rename from ruby/ql/lib/change-notes/2024-01-30-certification_not_certificate.md rename to swift/ql/lib/change-notes/released/0.3.9.md index bfd7ab63dab..0b47d102f01 100644 --- a/ruby/ql/lib/change-notes/2024-01-30-certification_not_certificate.md +++ b/swift/ql/lib/change-notes/released/0.3.9.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.3.9 + +### Minor Analysis Improvements + * The name "certification" is no longer seen as possibly being a certificate, and will therefore no longer be flagged in queries like "clear-text-logging" which look for sensitive data. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 4aa0b63b207..3fa5180bcb4 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.8 +lastReleaseVersion: 0.3.9 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 2c58adec21e..9dcac1c414a 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.9-dev +version: 0.3.9 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 7fe6e54b241..96615d06972 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.3.9 + +### New Queries + +* Added a new experimental query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory. + ## 0.3.8 No user-facing changes. diff --git a/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md b/swift/ql/src/change-notes/released/0.3.9.md similarity index 87% rename from swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md rename to swift/ql/src/change-notes/released/0.3.9.md index 1f8fc022ac5..dbd07c7a189 100644 --- a/swift/ql/src/change-notes/2024-02-07-unsafe-unpacking.md +++ b/swift/ql/src/change-notes/released/0.3.9.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.3.9 + +### New Queries + * Added a new experimental query, `swift/unsafe-unpacking`, that detects unpacking user controlled zips without validating the destination file path is within the destination directory. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 4aa0b63b207..3fa5180bcb4 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.8 +lastReleaseVersion: 0.3.9 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 00ff9a6f163..e711ab8b7b3 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.9-dev +version: 0.3.9 groups: - swift - queries