Release preparation for version 2.16.1

2025-12-16 16:53:25 +01:00 · 2024-01-23 19:45:16 +00:00
parent 3c8b09307d
commit 7ef611e6dc
157 changed files with 469 additions and 221 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.12.4
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
+
 ## 0.12.3

 ### Deprecated APIs
--- a/cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
+++ b/cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
@@ -1,5 +1,6 @@
---
-category: minorAnalysis
---
+## 0.12.4
+
+### Minor Analysis Improvements
+
 * Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.3
+lastReleaseVersion: 0.12.4
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.4-dev
+version: 0.12.4
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.9.3
+
+### Minor Analysis Improvements
+
+* The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions.
+
 ## 0.9.2

 ### New Queries
--- a/cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md
+++ b/cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.9.3
+
+### Minor Analysis Improvements
+
 * The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.2
+lastReleaseVersion: 0.9.3
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.3-dev
+version: 0.9.3
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.7
+
+No user-facing changes.
+
 ## 1.7.6

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md
@@ -0,0 +1,3 @@
+## 1.7.7
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.6
+lastReleaseVersion: 1.7.7
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.7-dev
+version: 1.7.7
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.7
+
+No user-facing changes.
+
 ## 1.7.6

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md
@@ -0,0 +1,3 @@
+## 1.7.7
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.6
+lastReleaseVersion: 1.7.7
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.7-dev
+version: 1.7.7
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,20 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library.
+* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead.
+* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library.
+* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes.
+* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class.
+* C# 12: Add extractor support and QL library support for inline arrays.
+* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer.
+* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned.
+* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration.
+* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
+* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`.
+
 ## 0.8.6

 ### Minor Analysis Improvements
--- a/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md
+++ b/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`.
--- a/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md
+++ b/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
--- a/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md
+++ b/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned.
--- a/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md
+++ b/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration.
--- a/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md
+++ b/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* C# 12: Add extractor support and QL library support for inline arrays.
--- a/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md
+++ b/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer.
--- a/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
+++ b/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
@@ -1,9 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library.
-* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead.
-* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library.
-* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes.
-* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class.
--- a/csharp/ql/lib/change-notes/released/0.8.7.md
+++ b/csharp/ql/lib/change-notes/released/0.8.7.md
@@ -0,0 +1,16 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library.
+* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead.
+* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library.
+* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes.
+* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class.
+* C# 12: Add extractor support and QL library support for inline arrays.
+* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer.
+* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned.
+* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration.
+* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
+* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.7-dev
+version: 0.8.7
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`.
+
 ## 0.8.6

 ### Minor Analysis Improvements
--- a/csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md
+++ b/csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
-* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`.
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.7-dev
+version: 0.8.7
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.6
+
+No user-facing changes.
+
 ## 0.0.5

 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/0.0.6.md
+++ b/go/ql/consistency-queries/change-notes/released/0.0.6.md
@@ -0,0 +1,3 @@
+## 0.0.6
+
+No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.5
+lastReleaseVersion: 0.0.6
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.6-dev
+version: 0.0.6
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,16 @@
+## 0.7.7
+
+### Deprecated APIs
+
+* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll`
+* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added.
+* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added.
+
 ## 0.7.6

 ### Minor Analysis Improvements
--- a/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md
+++ b/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added.
--- a/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md
+++ b/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data.
--- a/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md
+++ b/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added.
--- a/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
+++ b/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll`
--- a/go/ql/lib/change-notes/released/0.7.7.md
+++ b/go/ql/lib/change-notes/released/0.7.7.md
@@ -0,0 +1,12 @@
+## 0.7.7
+
+### Deprecated APIs
+
+* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll`
+* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added.
+* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.6
+lastReleaseVersion: 0.7.7
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.7-dev
+version: 0.7.7
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.7.7
+
+### Minor Analysis Improvements
+
+* The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations.
+* Added more sources and sinks to the query `go/clear-text-logging`.
+
 ## 0.7.6

 ### Minor Analysis Improvements
--- a/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md
+++ b/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added more sources and sinks to the query `go/clear-text-logging`.
--- a/go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md
+++ b/go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 0.7.7
+
+### Minor Analysis Improvements
+
 * The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations.
+* Added more sources and sinks to the query `go/clear-text-logging`.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.6
+lastReleaseVersion: 0.7.7
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.7-dev
+version: 0.7.7
 groups:
  - go
  - queries
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.13
+
+No user-facing changes.
+
 ## 0.0.12

 No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/0.0.13.md
+++ b/java/ql/automodel/src/change-notes/released/0.0.13.md
@@ -0,0 +1,3 @@
+## 0.0.13
+
+No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.12
+lastReleaseVersion: 0.0.13
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.13-dev
+version: 0.0.13
 groups:
    - java
    - automodel
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,29 @@
+## 0.8.7
+
+### New Features
+
+* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types).
+* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files.
+* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`.
+* Added taint tracking for the following GSON methods:
+  * `com.google.gson.stream.JsonReader` constructor
+  * `com.google.gson.stream.JsonWriter` constructor
+  * `com.google.gson.JsonObject.getAsJsonArray`
+  * `com.google.gson.JsonObject.getAsJsonObject`
+  * `com.google.gson.JsonObject.getAsJsonPrimitive`
+  * `com.google.gson.JsonParser.parseReader`
+  * `com.google.gson.JsonParser.parseString`
+* Added a dataflow model for `java.awt.Desktop.browse(URI)`.
+
+### Bug Fixes
+
+* Fixed regular expressions containing flags not being parsed correctly in some cases.
+
 ## 0.8.6

 ### Deprecated APIs
--- a/java/ql/lib/change-notes/2023-12-21-new-models.md
+++ b/java/ql/lib/change-notes/2023-12-21-new-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added a dataflow model for `java.awt.Desktop.browse(URI)`.
--- a/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md
+++ b/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md
@@ -1,11 +0,0 @@
---
-category: minorAnalysis
---
-* Added taint tracking for the following GSON methods:
-  * `com.google.gson.stream.JsonReader` constructor
-  * `com.google.gson.stream.JsonWriter` constructor
-  * `com.google.gson.JsonObject.getAsJsonArray`
-  * `com.google.gson.JsonObject.getAsJsonObject`
-  * `com.google.gson.JsonObject.getAsJsonPrimitive`
-  * `com.google.gson.JsonParser.parseReader`
-  * `com.google.gson.JsonParser.parseString`
--- a/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md
+++ b/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* Fixed regular expressions containing flags not being parsed correctly in some cases.
--- a/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md
+++ b/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`.
--- a/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md
+++ b/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md
@@ -1,5 +0,0 @@
---
-category: feature
---
-* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types).
-* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`.
--- a/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
+++ b/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead.
-* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files.
--- a/java/ql/lib/change-notes/released/0.8.7.md
+++ b/java/ql/lib/change-notes/released/0.8.7.md
@@ -0,0 +1,25 @@
+## 0.8.7
+
+### New Features
+
+* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types).
+* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`.
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files.
+* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`.
+* Added taint tracking for the following GSON methods:
+  * `com.google.gson.stream.JsonReader` constructor
+  * `com.google.gson.stream.JsonWriter` constructor
+  * `com.google.gson.JsonObject.getAsJsonArray`
+  * `com.google.gson.JsonObject.getAsJsonObject`
+  * `com.google.gson.JsonObject.getAsJsonPrimitive`
+  * `com.google.gson.JsonParser.parseReader`
+  * `com.google.gson.JsonParser.parseString`
+* Added a dataflow model for `java.awt.Desktop.browse(URI)`.
+
+### Bug Fixes
+
+* Fixed regular expressions containing flags not being parsed correctly in some cases.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.7-dev
+version: 0.8.7
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.8.7
+
+### New Queries
+
+* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input.
+
+### Minor Analysis Improvements
+
+* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
+
 ## 0.8.6

 ### Deprecated Queries
--- a/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md
+++ b/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md
@@ -1,5 +0,0 @@
---
-category: newQuery
---
-* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input.
-
--- a/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md
+++ b/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
--- a/java/ql/src/change-notes/released/0.8.7.md
+++ b/java/ql/src/change-notes/released/0.8.7.md
@@ -0,0 +1,9 @@
+## 0.8.7
+
+### New Queries
+
+* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input.
+
+### Minor Analysis Improvements
+
+* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.7-dev
+version: 0.8.7
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `CPU`, `TLD`, `SSA`, `ASM` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getMessageSuffix` predicates in `CodeInjectionCustomizations.qll`.
+* Deleted the deprecated `semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll` file.
+* Deleted the deprecated `getANonHtmlHeaderDefinition` and `nonHtmlContentTypeHeader` predicates from `ReflectedXssCustomizations.qll`.
+* Deleted the deprecated `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/ExponentialBackTracking.qll`, `semmle/javascript/security/regexp/NfaUtils.qll`, and `semmle/javascript/security/regexp/NfaUtils.qll` files.
+* Deleted the deprecated `Expressions/TypoDatabase.qll` file.
+* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned.
+
 ## 0.8.6

 No user-facing changes.
--- a/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md
+++ b/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned.
--- a/javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
+++ b/javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
@@ -1,9 +1,11 @@
---
-category: minorAnalysis
---
+## 0.8.7
+
+### Minor Analysis Improvements
+
 * Deleted many deprecated predicates and classes with uppercase `CPU`, `TLD`, `SSA`, `ASM` etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `getMessageSuffix` predicates in `CodeInjectionCustomizations.qll`.
 * Deleted the deprecated `semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll` file.
 * Deleted the deprecated `getANonHtmlHeaderDefinition` and `nonHtmlContentTypeHeader` predicates from `ReflectedXssCustomizations.qll`.
 * Deleted the deprecated `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/ExponentialBackTracking.qll`, `semmle/javascript/security/regexp/NfaUtils.qll`, and `semmle/javascript/security/regexp/NfaUtils.qll` files.
 * Deleted the deprecated `Expressions/TypoDatabase.qll` file.
+* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.8.7-dev
+version: 0.8.7
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Added support for [doT](https://github.com/olado/doT) templates. 
+
 ## 0.8.6

 No user-facing changes.
--- a/javascript/ql/src/change-notes/2023-12-18-dot-templates.md
+++ b/javascript/ql/src/change-notes/2023-12-18-dot-templates.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.8.7
+
+### Minor Analysis Improvements
+
 * Added support for [doT](https://github.com/olado/doT) templates. 
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.8.7-dev
+version: 0.8.7
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.7.7
+
+No user-facing changes.
+
 ## 0.7.6

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/0.7.7.md
+++ b/misc/suite-helpers/change-notes/released/0.7.7.md
@@ -0,0 +1,3 @@
+## 0.7.7
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.6
+lastReleaseVersion: 0.7.7
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 0.7.7-dev
+version: 0.7.7
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.11.7
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `LDAP`, `HTTP`, `URL`, `CGI` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `localSourceStoreStep` predicate, use `flowsToStoreStep` instead.
+* Deleted the deprecated `iteration_defined_variable` predicate from the `SSA` library.
+* Deleted various deprecated predicates from the points-to libraries.
+* Deleted the deprecated `semmle/python/security/OverlyLargeRangeQuery.qll`, `semmle/python/security/regexp/ExponentialBackTracking.qll`, `semmle/python/security/regexp/NfaUtils.qll`, and `semmle/python/security/regexp/NfaUtils.qll` files.
+* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned.
+
 ## 0.11.6

 ### Major Analysis Improvements
--- a/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md
+++ b/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned.
--- a/python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
+++ b/python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
@@ -1,8 +1,10 @@
---
-category: minorAnalysis
---
+## 0.11.7
+
+### Minor Analysis Improvements
+
 * Deleted many deprecated predicates and classes with uppercase `LDAP`, `HTTP`, `URL`, `CGI` etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `localSourceStoreStep` predicate, use `flowsToStoreStep` instead.
 * Deleted the deprecated `iteration_defined_variable` predicate from the `SSA` library.
 * Deleted various deprecated predicates from the points-to libraries.
 * Deleted the deprecated `semmle/python/security/OverlyLargeRangeQuery.qll`, `semmle/python/security/regexp/ExponentialBackTracking.qll`, `semmle/python/security/regexp/NfaUtils.qll`, and `semmle/python/security/regexp/NfaUtils.qll` files.
+* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.11.6
+lastReleaseVersion: 0.11.7
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.11.7-dev
+version: 0.11.7
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.9.7
+
+### Minor Analysis Improvements
+
+- Added modeling of YARL's `is_absolute` method and checks of the `netloc` of a parsed URL as sanitizers for the `py/url-redirection` query, leading to fewer false positives.
+
 ## 0.9.6

 No user-facing changes.
--- a/python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md
+++ b/python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md
@@ -1,5 +1,5 @@
---
-category: minorAnalysis
---
+## 0.9.7
+
+### Minor Analysis Improvements

 - Added modeling of YARL's `is_absolute` method and checks of the `netloc` of a parsed URL as sanitizers for the `py/url-redirection` query, leading to fewer false positives.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.6
+lastReleaseVersion: 0.9.7
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.9.7-dev
+version: 0.9.7
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 0.8.7
+
+### Minor Analysis Improvements
+
+* Deleted many deprecated predicates and classes with uppercase `HTTP`, `CSRF`, ``, `` etc. in their names. Use the PascalCased versions instead.
+* Deleted the deprecated `getAUse` and `getARhs` predicates from `API::Node`, use `getASource` and `getASink` instead.
+* Deleted the deprecated `disablesCertificateValidation` predicate from the `Http` module.
+* Deleted the deprecated `ParamsCall`, `CookiesCall`, and `ActionControllerControllerClass` classes from `ActionController.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead.
+* Deleted the deprecated `HtmlSafeCall`, `HtmlEscapeCall`, `RenderCall`, and `RenderToCall` classes from `ActionView.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead.
+* Deleted the deprecated `HtmlSafeCall` class from `Rails.qll`.
+* Deleted the deprecated `codeql/ruby/security/BadTagFilterQuery.qll`, `codeql/ruby/security/OverlyLargeRangeQuery.qll`, `codeql/ruby/security/regexp/ExponentialBackTracking.qll`, `codeql/ruby/security/regexp/NfaUtils.qll`, `codeql/ruby/security/regexp/RegexpMatching.qll`, and `codeql/ruby/security/regexp/SuperlinearBackTracking.qll` files.
+* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead.
+* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned.
+
 ## 0.8.6

 ### Minor Analysis Improvements
--- a/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md
+++ b/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned.
--- a/ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
+++ b/ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md
@@ -1,6 +1,7 @@
---
-category: minorAnalysis
---
+## 0.8.7
+
+### Minor Analysis Improvements
+
 * Deleted many deprecated predicates and classes with uppercase `HTTP`, `CSRF`, ``, `` etc. in their names. Use the PascalCased versions instead.
 * Deleted the deprecated `getAUse` and `getARhs` predicates from `API::Node`, use `getASource` and `getASink` instead.
 * Deleted the deprecated `disablesCertificateValidation` predicate from the `Http` module.
@@ -8,4 +9,5 @@ category: minorAnalysis
 * Deleted the deprecated `HtmlSafeCall`, `HtmlEscapeCall`, `RenderCall`, and `RenderToCall` classes from `ActionView.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead.
 * Deleted the deprecated `HtmlSafeCall` class from `Rails.qll`.
 * Deleted the deprecated `codeql/ruby/security/BadTagFilterQuery.qll`, `codeql/ruby/security/OverlyLargeRangeQuery.qll`, `codeql/ruby/security/regexp/ExponentialBackTracking.qll`, `codeql/ruby/security/regexp/NfaUtils.qll`, `codeql/ruby/security/regexp/RegexpMatching.qll`, and `codeql/ruby/security/regexp/SuperlinearBackTracking.qll` files.
-* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead.
+* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead.
+* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.8.7-dev
+version: 0.8.7
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.8.7
+
+No user-facing changes.
+
 ## 0.8.6

 No user-facing changes.
--- a/ruby/ql/src/change-notes/released/0.8.7.md
+++ b/ruby/ql/src/change-notes/released/0.8.7.md
@@ -0,0 +1,3 @@
+## 0.8.7
+
+No user-facing changes.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.6
+lastReleaseVersion: 0.8.7
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.8.7-dev
+version: 0.8.7
 groups:
  - ruby
  - queries
--- a/shared/controlflow/CHANGELOG.md
+++ b/shared/controlflow/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.1.7
+
+No user-facing changes.
+
 ## 0.1.6

 No user-facing changes.
--- a/Show More
+++ b/Show More