Release preparation for version 2.14.2

2025-12-21 03:06:31 +01:00 · 2023-08-07 18:08:52 +00:00
parent e9750af89f
commit 79c90fa36a
131 changed files with 352 additions and 146 deletions
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 0.7.2
+
+### New Features
+
+* A `Diagnostic.getCompilationInfo()` predicate has been added.
+
+### Minor Analysis Improvements
+
+* Fixed a typo in the `StdlibRandomSource` class in `RandomDataSource.qll`, which caused the class to improperly model calls to the `nextBytes` method. Queries relying on `StdlibRandomSource` may see an increase in results.
+* Improved the precision of virtual dispatch of `java.io.InputStream` methods. Now, calls to these methods will not dispatch to arbitrary implementations of `InputStream` if there is a high-confidence alternative (like a models-as-data summary).
+* Added more dataflow steps for `java.io.InputStream`s that wrap other `java.io.InputStream`s.
+* Added models for the Struts 2 framework.
+* Improved the modeling of Struts 2 sources of untrusted data by tainting the whole object graph of the objects unmarshaled from an HTTP request.
+
 ## 0.7.1

 ### New Features
--- a/java/ql/lib/change-notes/2023-07-12-add-models-for-struts2-framework.md
+++ b/java/ql/lib/change-notes/2023-07-12-add-models-for-struts2-framework.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Added models for the Struts 2 framework.
-
--- a/java/ql/lib/change-notes/2023-07-12-improve-sources-for-the-struts2-framework.md
+++ b/java/ql/lib/change-notes/2023-07-12-improve-sources-for-the-struts2-framework.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Improved the modeling of Struts 2 sources of untrusted data by tainting the whole object graph of the objects unmarshaled from an HTTP request.
-
--- a/java/ql/lib/change-notes/2023-07-14-getCompilationInfo.md
+++ b/java/ql/lib/change-notes/2023-07-14-getCompilationInfo.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* A `Diagnostic.getCompilationInfo()` predicate has been added.
--- a/java/ql/lib/change-notes/2023-07-19-inputstream-dispatch.md
+++ b/java/ql/lib/change-notes/2023-07-19-inputstream-dispatch.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Improved the precision of virtual dispatch of `java.io.InputStream` methods. Now, calls to these methods will not dispatch to arbitrary implementations of `InputStream` if there is a high-confidence alternative (like a models-as-data summary).
-  
--- a/java/ql/lib/change-notes/2023-07-19-inputstream-wrapper-steps.md
+++ b/java/ql/lib/change-notes/2023-07-19-inputstream-wrapper-steps.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added more dataflow steps for `java.io.InputStream`s that wrap other `java.io.InputStream`s.
--- a/java/ql/lib/change-notes/2023-08-07-randomdatasource-typo-fix.md
+++ b/java/ql/lib/change-notes/2023-08-07-randomdatasource-typo-fix.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed a typo in the `StdlibRandomSource` class in `RandomDataSource.qll`, which caused the class to improperly model calls to the `nextBytes` method. Queries relying on `StdlibRandomSource` may see an increase in results.
--- a/java/ql/lib/change-notes/released/0.7.2.md
+++ b/java/ql/lib/change-notes/released/0.7.2.md
@@ -0,0 +1,13 @@
+## 0.7.2
+
+### New Features
+
+* A `Diagnostic.getCompilationInfo()` predicate has been added.
+
+### Minor Analysis Improvements
+
+* Fixed a typo in the `StdlibRandomSource` class in `RandomDataSource.qll`, which caused the class to improperly model calls to the `nextBytes` method. Queries relying on `StdlibRandomSource` may see an increase in results.
+* Improved the precision of virtual dispatch of `java.io.InputStream` methods. Now, calls to these methods will not dispatch to arbitrary implementations of `InputStream` if there is a high-confidence alternative (like a models-as-data summary).
+* Added more dataflow steps for `java.io.InputStream`s that wrap other `java.io.InputStream`s.
+* Added models for the Struts 2 framework.
+* Improved the modeling of Struts 2 sources of untrusted data by tainting the whole object graph of the objects unmarshaled from an HTTP request.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.1
+lastReleaseVersion: 0.7.2
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.7.2-dev
+version: 0.7.2
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.7.2
+
+### Minor Analysis Improvements
+
+* The sanitizer in `java/potentially-weak-cryptographic-algorithm` has been improved, so the query may yield additional results.
+
 ## 0.7.1

 ### Minor Analysis Improvements
--- a/java/ql/src/change-notes/2023-08-01-maybebrokencrypto-barrier.md
+++ b/java/ql/src/change-notes/2023-08-01-maybebrokencrypto-barrier.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.7.2
+
+### Minor Analysis Improvements
+
 * The sanitizer in `java/potentially-weak-cryptographic-algorithm` has been improved, so the query may yield additional results.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.1
+lastReleaseVersion: 0.7.2
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.7.2-dev
+version: 0.7.2
 groups: 
  - java
  - queries