From 7ef611e6dc6077aa26638acecae43c2f59083513 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 23 Jan 2024 19:45:16 +0000 Subject: [PATCH] Release preparation for version 2.16.1 --- cpp/ql/lib/CHANGELOG.md | 7 +++++ .../0.12.4.md} | 7 ++--- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 6 +++++ .../0.9.3.md} | 7 ++--- cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 +++ .../lib/change-notes/released/1.7.7.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 +++ .../src/change-notes/released/1.7.7.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 17 ++++++++++++ .../2024-01-10-lambda-param-defaults.md | 4 --- ...l-neutral-model-blocks-generated-models.md | 4 --- ...024-01-17-csharp-successfully-extracted.md | 4 --- ...4-01-17-introduce-threatmodelflowsource.md | 4 --- .../change-notes/2024-01-18-inline-arrays.md | 4 --- .../2024-01-18-simpletype-sanitizer.md | 4 --- .../2024-01-22-outdated-deprecations.md | 9 ------- csharp/ql/lib/change-notes/released/0.8.7.md | 16 ++++++++++++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 6 +++++ .../0.8.7.md} | 9 ++++--- csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.6.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 13 ++++++++++ ...9-18-add-support-for-fasthttp-framework.md | 4 --- ...09-fmt-apprender-or-sprinter-deprecated.md | 4 --- .../2024-01-18-aws-lambda-sources.md | 4 --- .../2024-01-22-outdated-deprecations.md | 5 ---- go/ql/lib/change-notes/released/0.7.7.md | 12 +++++++++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 7 +++++ ...cleartext-logging-new-sources-and-sinks.md | 4 --- .../0.7.7.md} | 8 +++--- go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/automodel/src/CHANGELOG.md | 4 +++ .../src/change-notes/released/0.0.13.md | 3 +++ java/ql/automodel/src/codeql-pack.release.yml | 2 +- java/ql/automodel/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 26 +++++++++++++++++++ .../lib/change-notes/2023-12-21-new-models.md | 4 --- .../2024-01-02-gson-model-updates.md | 11 -------- .../2024-01-06-regex-flag-parsing.md | 4 --- .../change-notes/2024-01-10-new-jdk-models.md | 4 --- ...larsanitizer-class-for-common-sanitizer.md | 5 ---- .../2024-01-22-outdated-deprecations.md | 5 ---- java/ql/lib/change-notes/released/0.8.7.md | 25 ++++++++++++++++++ java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 10 +++++++ ...09-environment-variable-injection-query.md | 5 ---- ...l-neutral-model-blocks-generated-models.md | 4 --- java/ql/src/change-notes/released/0.8.7.md | 9 +++++++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 12 +++++++++ ...01-17-successfully-extracted-diagnostic.md | 4 --- .../0.8.7.md} | 8 +++--- javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 6 +++++ .../0.8.7.md} | 7 ++--- javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 +++ .../change-notes/released/0.7.7.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 11 ++++++++ ...01-17-successfully-extracted-diagnostic.md | 4 --- .../0.11.7.md} | 8 +++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 6 +++++ .../0.9.7.md} | 6 ++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 14 ++++++++++ ...01-17-successfully-extracted-diagnostic.md | 4 --- .../0.8.7.md} | 10 ++++--- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 +++ ruby/ql/src/change-notes/released/0.8.7.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 +++ .../change-notes/released/0.1.7.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 +++ .../dataflow/change-notes/released/0.1.7.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 +++ shared/mad/change-notes/released/0.2.7.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.6.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 +++ shared/regex/change-notes/released/0.2.7.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 6 +++++ .../0.2.7.md} | 9 ++++--- shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 +++ .../change-notes/released/0.0.6.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 +++ .../tutorial/change-notes/released/0.2.7.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 +++ .../change-notes/released/0.2.7.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 +++ shared/typos/change-notes/released/0.2.7.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 +++ shared/util/change-notes/released/0.2.7.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 +++ shared/yaml/change-notes/released/0.2.7.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 7 +++++ .../change-notes/2024-01-09-swift-5.9.2.md | 4 --- .../0.3.7.md} | 8 +++--- swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 10 +++++++ .../2024-01-19-extracted-files.md | 4 --- .../0.3.7.md} | 10 ++++--- swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 157 files changed, 469 insertions(+), 221 deletions(-) rename cpp/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.12.4.md} (85%) rename cpp/ql/src/change-notes/{2024-01-09-add-exception-to-av-rule-32.md => released/0.9.3.md} (72%) create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md delete mode 100644 csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md create mode 100644 csharp/ql/lib/change-notes/released/0.8.7.md rename csharp/ql/src/change-notes/{2023-12-12-page-model-flow-steps.md => released/0.8.7.md} (74%) create mode 100644 go/ql/consistency-queries/change-notes/released/0.0.6.md delete mode 100644 go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md delete mode 100644 go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md delete mode 100644 go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md delete mode 100644 go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md create mode 100644 go/ql/lib/change-notes/released/0.7.7.md delete mode 100644 go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md rename go/ql/src/change-notes/{2024-01-10-insecure-randomness-index-flowstep.md => released/0.7.7.md} (74%) create mode 100644 java/ql/automodel/src/change-notes/released/0.0.13.md delete mode 100644 java/ql/lib/change-notes/2023-12-21-new-models.md delete mode 100644 java/ql/lib/change-notes/2024-01-02-gson-model-updates.md delete mode 100644 java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md delete mode 100644 java/ql/lib/change-notes/2024-01-10-new-jdk-models.md delete mode 100644 java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md delete mode 100644 java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md create mode 100644 java/ql/lib/change-notes/released/0.8.7.md delete mode 100644 java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md delete mode 100644 java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md create mode 100644 java/ql/src/change-notes/released/0.8.7.md delete mode 100644 javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md rename javascript/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.8.7.md} (71%) rename javascript/ql/src/change-notes/{2023-12-18-dot-templates.md => released/0.8.7.md} (61%) create mode 100644 misc/suite-helpers/change-notes/released/0.7.7.md delete mode 100644 python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md rename python/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.11.7.md} (68%) rename python/ql/src/change-notes/{2023-12-21-url-redirect-more-sanitizers.md => released/0.9.7.md} (80%) delete mode 100644 ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md rename ruby/ql/lib/change-notes/{2024-01-22-outdated-deprecations.md => released/0.8.7.md} (78%) create mode 100644 ruby/ql/src/change-notes/released/0.8.7.md create mode 100644 shared/controlflow/change-notes/released/0.1.7.md create mode 100644 shared/dataflow/change-notes/released/0.1.7.md create mode 100644 shared/mad/change-notes/released/0.2.7.md create mode 100644 shared/rangeanalysis/change-notes/released/0.0.6.md create mode 100644 shared/regex/change-notes/released/0.2.7.md rename shared/ssa/change-notes/{2024-01-22-outdated-deprecations.md => released/0.2.7.md} (73%) create mode 100644 shared/threat-models/change-notes/released/0.0.6.md create mode 100644 shared/tutorial/change-notes/released/0.2.7.md create mode 100644 shared/typetracking/change-notes/released/0.2.7.md create mode 100644 shared/typos/change-notes/released/0.2.7.md create mode 100644 shared/util/change-notes/released/0.2.7.md create mode 100644 shared/yaml/change-notes/released/0.2.7.md delete mode 100644 swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md rename swift/ql/lib/change-notes/{2024-01-05-parameterized-cfg-library.md => released/0.3.7.md} (74%) delete mode 100644 swift/ql/src/change-notes/2024-01-19-extracted-files.md rename swift/ql/src/change-notes/{2023-12-15-weak-password-hashing.md => released/0.3.7.md} (57%) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index e3a13b1d518..dc092f2ed35 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.12.4 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead. + ## 0.12.3 ### Deprecated APIs diff --git a/cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/cpp/ql/lib/change-notes/released/0.12.4.md similarity index 85% rename from cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to cpp/ql/lib/change-notes/released/0.12.4.md index 37cec4ea777..cea064c8785 100644 --- a/cpp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/cpp/ql/lib/change-notes/released/0.12.4.md @@ -1,5 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.12.4 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `XML`, `SSA`, `SAL`, `SQL`, etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `StrcatFunction` class, use `semmle.code.cpp.models.implementations.Strcat.qll` instead. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 65578a5162e..b458bb47c53 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.12.3 +lastReleaseVersion: 0.12.4 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index a937e3d6023..d376016f96a 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.12.4-dev +version: 0.12.4 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 9c287ddfae8..0e67defb949 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.9.3 + +### Minor Analysis Improvements + +* The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions. + ## 0.9.2 ### New Queries diff --git a/cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md b/cpp/ql/src/change-notes/released/0.9.3.md similarity index 72% rename from cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md rename to cpp/ql/src/change-notes/released/0.9.3.md index fdd6b141d9a..2ededfaadf9 100644 --- a/cpp/ql/src/change-notes/2024-01-09-add-exception-to-av-rule-32.md +++ b/cpp/ql/src/change-notes/released/0.9.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.9.3 + +### Minor Analysis Improvements + * The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index e1eda519435..7af7247cbb0 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.2 +lastReleaseVersion: 0.9.3 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 0950e88c3d8..9d7c65caebc 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.3-dev +version: 0.9.3 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 303e0da1175..8afcdeb67f3 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.7 + +No user-facing changes. + ## 1.7.6 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md new file mode 100644 index 00000000000..e1a2f3e1d9a --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.7.md @@ -0,0 +1,3 @@ +## 1.7.7 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 1f68518dba9..df4010bd267 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.6 +lastReleaseVersion: 1.7.7 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 2d733304bee..4216406af91 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.7-dev +version: 1.7.7 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 303e0da1175..8afcdeb67f3 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.7 + +No user-facing changes. + ## 1.7.6 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md new file mode 100644 index 00000000000..e1a2f3e1d9a --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.7.md @@ -0,0 +1,3 @@ +## 1.7.7 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 1f68518dba9..df4010bd267 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.6 +lastReleaseVersion: 1.7.7 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 507492f2044..82e85d24c16 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.7-dev +version: 1.7.7 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index a0d1cbc59f8..0b168b22df6 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,20 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library. +* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead. +* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library. +* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes. +* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class. +* C# 12: Add extractor support and QL library support for inline arrays. +* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer. +* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned. +* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. +* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`. + ## 0.8.6 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md b/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md deleted file mode 100644 index f86a8333331..00000000000 --- a/csharp/ql/lib/change-notes/2024-01-10-lambda-param-defaults.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`. diff --git a/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md b/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md deleted file mode 100644 index bdc5c1b0f2d..00000000000 --- a/csharp/ql/lib/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. diff --git a/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md b/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md deleted file mode 100644 index 1ed6b51d6c5..00000000000 --- a/csharp/ql/lib/change-notes/2024-01-17-csharp-successfully-extracted.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md b/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md deleted file mode 100644 index 8b1fbe404fb..00000000000 --- a/csharp/ql/lib/change-notes/2024-01-17-introduce-threatmodelflowsource.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. diff --git a/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md b/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md deleted file mode 100644 index 14ded991362..00000000000 --- a/csharp/ql/lib/change-notes/2024-01-18-inline-arrays.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 12: Add extractor support and QL library support for inline arrays. diff --git a/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md b/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md deleted file mode 100644 index 6c34629c098..00000000000 --- a/csharp/ql/lib/change-notes/2024-01-18-simpletype-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer. diff --git a/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md deleted file mode 100644 index 385e9748e5a..00000000000 --- a/csharp/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead. -* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library. -* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead. -* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library. -* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes. -* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class. diff --git a/csharp/ql/lib/change-notes/released/0.8.7.md b/csharp/ql/lib/change-notes/released/0.8.7.md new file mode 100644 index 00000000000..2aa26252f4b --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.7.md @@ -0,0 +1,16 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `SSL`, `XML`, `URI`, `SSA` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getALocalFlowSucc` predicate and `TaintType` class from the dataflow library. +* Deleted the deprecated `Newobj` and `Rethrow` classes, use `NewObj` and `ReThrow` instead. +* Deleted the deprecated `getAFirstRead`, `hasAdjacentReads`, `lastRefBeforeRedef`, and `hasLastInputRef` predicates from the SSA library. +* Deleted the deprecated `getAReachableRead` predicate from the `AssignableRead` and `VariableRead` classes. +* Deleted the deprecated `hasQualifiedName` predicate from the `NamedElement` class. +* C# 12: Add extractor support and QL library support for inline arrays. +* Fixed a Log forging false positive when logging the value of a nullable simple type. This fix also applies to all other queries that use the simple type sanitizer. +* The diagnostic query `cs/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned C# files, now considers any C# file seen during extraction, even one with some errors, to be extracted / scanned. +* Added a new library `semmle.code.csharp.security.dataflow.flowsources.FlowSources`, which provides a new class `ThreatModelFlowSource`. The `ThreatModelFlowSource` class can be used to include sources which match the current *threat model* configuration. +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. +* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index f618b3b7a24..9e263845ae9 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.7-dev +version: 0.8.7 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index ebb31d1516f..6572f664b0e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`. + ## 0.8.6 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md b/csharp/ql/src/change-notes/released/0.8.7.md similarity index 74% rename from csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md rename to csharp/ql/src/change-notes/released/0.8.7.md index 3d849ea1eec..6be5342a4e2 100644 --- a/csharp/ql/src/change-notes/2023-12-12-page-model-flow-steps.md +++ b/csharp/ql/src/change-notes/released/0.8.7.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`. \ No newline at end of file +## 0.8.7 + +### Minor Analysis Improvements + +* Modelled additional flow steps to track flow from handler methods of a `PageModel` class to the corresponding Razor Page (`.cshtml`) file, which may result in additional results for queries such as `cs/web/xss`. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 19e64a42764..5210814ce32 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.7-dev +version: 0.8.7 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 9b269441c00..ad2e63eb470 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.6 + +No user-facing changes. + ## 0.0.5 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.6.md b/go/ql/consistency-queries/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..ccbce856079 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index bb45a1ab018..cf398ce02aa 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 3d2df20dcca..fd42ee80ed0 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.6-dev +version: 0.0.6 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 048d598bf3b..b9ff6e4e0e2 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.7.7 + +### Deprecated APIs + +* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll` +* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added. +* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added. + ## 0.7.6 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md b/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md deleted file mode 100644 index 410b43a8b2b..00000000000 --- a/go/ql/lib/change-notes/2023-09-18-add-support-for-fasthttp-framework.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md b/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md deleted file mode 100644 index 6ddc3e56ca0..00000000000 --- a/go/ql/lib/change-notes/2024-01-09-fmt-apprender-or-sprinter-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data. diff --git a/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md b/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md deleted file mode 100644 index df4c2fa8e4c..00000000000 --- a/go/ql/lib/change-notes/2024-01-18-aws-lambda-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added. diff --git a/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md deleted file mode 100644 index f92c003ddea..00000000000 --- a/go/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead. -* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll` diff --git a/go/ql/lib/change-notes/released/0.7.7.md b/go/ql/lib/change-notes/released/0.7.7.md new file mode 100644 index 00000000000..044deb69c41 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.7.7.md @@ -0,0 +1,12 @@ +## 0.7.7 + +### Deprecated APIs + +* The class `Fmt::AppenderOrSprinter` of the `Fmt.qll` module has been deprecated. Use the new `Fmt::AppenderOrSprinterFunc` class instead. Its taint flow features have been migrated to models-as-data. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `TLD`, `HTTP`, `SQL`, `URL` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated and unused `Source` class from the `SharedXss` module of `Xss.qll` +* Support for flow sources in [AWS Lambda function handlers](https://docs.aws.amazon.com/lambda/latest/dg/golang-handler.html) has been added. +* Support for the [fasthttp framework](https://github.com/valyala/fasthttp/) has been added. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 863f5a24cd2..89cc2330c10 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.6 +lastReleaseVersion: 0.7.7 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index a6623a1daaf..1e55bb5b26f 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.7-dev +version: 0.7.7 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 702bdfd7f40..dafcd7aa695 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.7.7 + +### Minor Analysis Improvements + +* The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations. +* Added more sources and sinks to the query `go/clear-text-logging`. + ## 0.7.6 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md b/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md deleted file mode 100644 index 53e1704b6b7..00000000000 --- a/go/ql/src/change-notes/2024-01-09-cleartext-logging-new-sources-and-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more sources and sinks to the query `go/clear-text-logging`. diff --git a/go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md b/go/ql/src/change-notes/released/0.7.7.md similarity index 74% rename from go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md rename to go/ql/src/change-notes/released/0.7.7.md index c6adf350cb6..3f7f0f41023 100644 --- a/go/ql/src/change-notes/2024-01-10-insecure-randomness-index-flowstep.md +++ b/go/ql/src/change-notes/released/0.7.7.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.7.7 + +### Minor Analysis Improvements + * The query `go/insecure-randomness` now recognizes the selection of candidates from a predefined set using a weak RNG when the result is used in a sensitive operation. Also, false positives have been reduced by adding more sink exclusions for functions in the `crypto` package not related to cryptographic operations. +* Added more sources and sinks to the query `go/clear-text-logging`. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 863f5a24cd2..89cc2330c10 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.6 +lastReleaseVersion: 0.7.7 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index fc83f4bf184..f2d8263dedb 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.7-dev +version: 0.7.7 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index d1bc8b8ee5f..eb9aae31d41 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.13 + +No user-facing changes. + ## 0.0.12 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.13.md b/java/ql/automodel/src/change-notes/released/0.0.13.md new file mode 100644 index 00000000000..f679eaf0313 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.13.md @@ -0,0 +1,3 @@ +## 0.0.13 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index 997fb8da83c..044e54e4f7e 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.12 +lastReleaseVersion: 0.0.13 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 178b3a9f2a9..be0d6df3403 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.13-dev +version: 0.0.13 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index dc0af8b76be..3621a766e8a 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,29 @@ +## 0.8.7 + +### New Features + +* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types). +* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files. +* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`. +* Added taint tracking for the following GSON methods: + * `com.google.gson.stream.JsonReader` constructor + * `com.google.gson.stream.JsonWriter` constructor + * `com.google.gson.JsonObject.getAsJsonArray` + * `com.google.gson.JsonObject.getAsJsonObject` + * `com.google.gson.JsonObject.getAsJsonPrimitive` + * `com.google.gson.JsonParser.parseReader` + * `com.google.gson.JsonParser.parseString` +* Added a dataflow model for `java.awt.Desktop.browse(URI)`. + +### Bug Fixes + +* Fixed regular expressions containing flags not being parsed correctly in some cases. + ## 0.8.6 ### Deprecated APIs diff --git a/java/ql/lib/change-notes/2023-12-21-new-models.md b/java/ql/lib/change-notes/2023-12-21-new-models.md deleted file mode 100644 index da45a5f4ac7..00000000000 --- a/java/ql/lib/change-notes/2023-12-21-new-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a dataflow model for `java.awt.Desktop.browse(URI)`. diff --git a/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md b/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md deleted file mode 100644 index c2684fcf2b5..00000000000 --- a/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -category: minorAnalysis ---- -* Added taint tracking for the following GSON methods: - * `com.google.gson.stream.JsonReader` constructor - * `com.google.gson.stream.JsonWriter` constructor - * `com.google.gson.JsonObject.getAsJsonArray` - * `com.google.gson.JsonObject.getAsJsonObject` - * `com.google.gson.JsonObject.getAsJsonPrimitive` - * `com.google.gson.JsonParser.parseReader` - * `com.google.gson.JsonParser.parseString` diff --git a/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md b/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md deleted file mode 100644 index 532ab1a88dc..00000000000 --- a/java/ql/lib/change-notes/2024-01-06-regex-flag-parsing.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed regular expressions containing flags not being parsed correctly in some cases. diff --git a/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md b/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md deleted file mode 100644 index 82a0cc82786..00000000000 --- a/java/ql/lib/change-notes/2024-01-10-new-jdk-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`. diff --git a/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md b/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md deleted file mode 100644 index f40fa257685..00000000000 --- a/java/ql/lib/change-notes/2024-01-20-introduce-simplescalarsanitizer-class-for-common-sanitizer.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types). -* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`. diff --git a/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md deleted file mode 100644 index c723457668d..00000000000 --- a/java/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead. -* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files. diff --git a/java/ql/lib/change-notes/released/0.8.7.md b/java/ql/lib/change-notes/released/0.8.7.md new file mode 100644 index 00000000000..18fedb9d935 --- /dev/null +++ b/java/ql/lib/change-notes/released/0.8.7.md @@ -0,0 +1,25 @@ +## 0.8.7 + +### New Features + +* Added a new library `semmle.code.java.security.Sanitizers` which contains a new sanitizer class `SimpleTypeSanitizer`, which represents nodes which cannot realistically carry taint for most queries (e.g. primitives, their boxed equivalents, and numeric types). +* Converted definitions of `isBarrier` and sanitizer classes to use `SimpleTypeSanitizer` instead of checking if `node.getType()` is `PrimitiveType` or `BoxedType`. + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `EJB`, `JMX`, `NFE`, `DNS` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `semmle/code/java/security/OverlyLargeRangeQuery.qll`, `semmle/code/java/security/regexp/ExponentialBackTracking.qll`, `semmle/code/java/security/regexp/NfaUtils.qll`, and `semmle/code/java/security/regexp/NfaUtils.qll` files. +* Improved models for `java.lang.Throwable` and `java.lang.Exception`, and the `valueOf` method of `java.lang.String`. +* Added taint tracking for the following GSON methods: + * `com.google.gson.stream.JsonReader` constructor + * `com.google.gson.stream.JsonWriter` constructor + * `com.google.gson.JsonObject.getAsJsonArray` + * `com.google.gson.JsonObject.getAsJsonObject` + * `com.google.gson.JsonObject.getAsJsonPrimitive` + * `com.google.gson.JsonParser.parseReader` + * `com.google.gson.JsonParser.parseString` +* Added a dataflow model for `java.awt.Desktop.browse(URI)`. + +### Bug Fixes + +* Fixed regular expressions containing flags not being parsed correctly in some cases. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 2c70000e4da..2854cfbd8cf 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.7-dev +version: 0.8.7 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 89a3d694649..84096230dd1 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.8.7 + +### New Queries + +* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input. + +### Minor Analysis Improvements + +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. + ## 0.8.6 ### Deprecated Queries diff --git a/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md b/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md deleted file mode 100644 index 9fe73afb98c..00000000000 --- a/java/ql/src/change-notes/2024-01-09-environment-variable-injection-query.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: newQuery ---- -* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input. - diff --git a/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md b/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md deleted file mode 100644 index bdc5c1b0f2d..00000000000 --- a/java/ql/src/change-notes/2024-01-11-manual-neutral-model-blocks-generated-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. diff --git a/java/ql/src/change-notes/released/0.8.7.md b/java/ql/src/change-notes/released/0.8.7.md new file mode 100644 index 00000000000..1069b48a0eb --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.7.md @@ -0,0 +1,9 @@ +## 0.8.7 + +### New Queries + +* Added the `java/exec-tainted-environment` query, to detect the injection of environment variables names or values from remote input. + +### Minor Analysis Improvements + +* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 9f4e3f937df..315f8b0e4d1 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.7-dev +version: 0.8.7 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index c963c1fd4ab..29005b5ce87 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `CPU`, `TLD`, `SSA`, `ASM` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getMessageSuffix` predicates in `CodeInjectionCustomizations.qll`. +* Deleted the deprecated `semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll` file. +* Deleted the deprecated `getANonHtmlHeaderDefinition` and `nonHtmlContentTypeHeader` predicates from `ReflectedXssCustomizations.qll`. +* Deleted the deprecated `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/ExponentialBackTracking.qll`, `semmle/javascript/security/regexp/NfaUtils.qll`, and `semmle/javascript/security/regexp/NfaUtils.qll` files. +* Deleted the deprecated `Expressions/TypoDatabase.qll` file. +* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned. + ## 0.8.6 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md b/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md deleted file mode 100644 index 16eb835b3a0..00000000000 --- a/javascript/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/javascript/ql/lib/change-notes/released/0.8.7.md similarity index 71% rename from javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to javascript/ql/lib/change-notes/released/0.8.7.md index 98eb2f1d8f4..79a14dc3d7d 100644 --- a/javascript/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/javascript/ql/lib/change-notes/released/0.8.7.md @@ -1,9 +1,11 @@ ---- -category: minorAnalysis ---- +## 0.8.7 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `CPU`, `TLD`, `SSA`, `ASM` etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `getMessageSuffix` predicates in `CodeInjectionCustomizations.qll`. * Deleted the deprecated `semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedData.qll` file. * Deleted the deprecated `getANonHtmlHeaderDefinition` and `nonHtmlContentTypeHeader` predicates from `ReflectedXssCustomizations.qll`. * Deleted the deprecated `semmle/javascript/security/OverlyLargeRangeQuery.qll`, `semmle/javascript/security/regexp/ExponentialBackTracking.qll`, `semmle/javascript/security/regexp/NfaUtils.qll`, and `semmle/javascript/security/regexp/NfaUtils.qll` files. * Deleted the deprecated `Expressions/TypoDatabase.qll` file. +* The diagnostic query `js/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned JavaScript and TypeScript files, now considers any JavaScript and TypeScript file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index e6494d64d9a..a4ff756b9a2 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.7-dev +version: 0.8.7 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 3e8696d3fb1..ba868a7d629 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Added support for [doT](https://github.com/olado/doT) templates. + ## 0.8.6 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2023-12-18-dot-templates.md b/javascript/ql/src/change-notes/released/0.8.7.md similarity index 61% rename from javascript/ql/src/change-notes/2023-12-18-dot-templates.md rename to javascript/ql/src/change-notes/released/0.8.7.md index a710ee59032..0baf6adcf94 100644 --- a/javascript/ql/src/change-notes/2023-12-18-dot-templates.md +++ b/javascript/ql/src/change-notes/released/0.8.7.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.7 + +### Minor Analysis Improvements + * Added support for [doT](https://github.com/olado/doT) templates. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 96edbefafe6..ed205e7db4c 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.7-dev +version: 0.8.7 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 5fd816aeb8c..1c10493c9e7 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.7 + +No user-facing changes. + ## 0.7.6 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.7.md b/misc/suite-helpers/change-notes/released/0.7.7.md new file mode 100644 index 00000000000..385342f7214 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.7.md @@ -0,0 +1,3 @@ +## 0.7.7 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 863f5a24cd2..89cc2330c10 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.6 +lastReleaseVersion: 0.7.7 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 8c0470c0a3b..5341f14e098 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.7-dev +version: 0.7.7 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index f9f4fc8c8a4..ca684c59320 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.11.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `LDAP`, `HTTP`, `URL`, `CGI` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `localSourceStoreStep` predicate, use `flowsToStoreStep` instead. +* Deleted the deprecated `iteration_defined_variable` predicate from the `SSA` library. +* Deleted various deprecated predicates from the points-to libraries. +* Deleted the deprecated `semmle/python/security/OverlyLargeRangeQuery.qll`, `semmle/python/security/regexp/ExponentialBackTracking.qll`, `semmle/python/security/regexp/NfaUtils.qll`, and `semmle/python/security/regexp/NfaUtils.qll` files. +* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned. + ## 0.11.6 ### Major Analysis Improvements diff --git a/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md b/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md deleted file mode 100644 index 0bf607e7343..00000000000 --- a/python/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/python/ql/lib/change-notes/released/0.11.7.md similarity index 68% rename from python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to python/ql/lib/change-notes/released/0.11.7.md index e3dce6a5ccd..f2a8784113d 100644 --- a/python/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/python/ql/lib/change-notes/released/0.11.7.md @@ -1,8 +1,10 @@ ---- -category: minorAnalysis ---- +## 0.11.7 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `LDAP`, `HTTP`, `URL`, `CGI` etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `localSourceStoreStep` predicate, use `flowsToStoreStep` instead. * Deleted the deprecated `iteration_defined_variable` predicate from the `SSA` library. * Deleted various deprecated predicates from the points-to libraries. * Deleted the deprecated `semmle/python/security/OverlyLargeRangeQuery.qll`, `semmle/python/security/regexp/ExponentialBackTracking.qll`, `semmle/python/security/regexp/NfaUtils.qll`, and `semmle/python/security/regexp/NfaUtils.qll` files. +* The diagnostic query `py/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Python files, now considers any Python file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 100225af99d..59fa16251b6 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.6 +lastReleaseVersion: 0.11.7 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 78e859e4649..4c3af155e2f 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.7-dev +version: 0.11.7 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index ade5cb0cc54..b42dcfd8b31 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.9.7 + +### Minor Analysis Improvements + +- Added modeling of YARL's `is_absolute` method and checks of the `netloc` of a parsed URL as sanitizers for the `py/url-redirection` query, leading to fewer false positives. + ## 0.9.6 No user-facing changes. diff --git a/python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md b/python/ql/src/change-notes/released/0.9.7.md similarity index 80% rename from python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md rename to python/ql/src/change-notes/released/0.9.7.md index 9c731aa1cee..67c13ecd4c5 100644 --- a/python/ql/src/change-notes/2023-12-21-url-redirect-more-sanitizers.md +++ b/python/ql/src/change-notes/released/0.9.7.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.9.7 + +### Minor Analysis Improvements - Added modeling of YARL's `is_absolute` method and checks of the `netloc` of a parsed URL as sanitizers for the `py/url-redirection` query, leading to fewer false positives. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 19139c132b2..0921a438254 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.6 +lastReleaseVersion: 0.9.7 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index b55fb9e2c5b..c91d3d4fbb8 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.7-dev +version: 0.9.7 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 4a2cc6d2e24..e9e4507d8df 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 0.8.7 + +### Minor Analysis Improvements + +* Deleted many deprecated predicates and classes with uppercase `HTTP`, `CSRF`, ``, `` etc. in their names. Use the PascalCased versions instead. +* Deleted the deprecated `getAUse` and `getARhs` predicates from `API::Node`, use `getASource` and `getASink` instead. +* Deleted the deprecated `disablesCertificateValidation` predicate from the `Http` module. +* Deleted the deprecated `ParamsCall`, `CookiesCall`, and `ActionControllerControllerClass` classes from `ActionController.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead. +* Deleted the deprecated `HtmlSafeCall`, `HtmlEscapeCall`, `RenderCall`, and `RenderToCall` classes from `ActionView.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead. +* Deleted the deprecated `HtmlSafeCall` class from `Rails.qll`. +* Deleted the deprecated `codeql/ruby/security/BadTagFilterQuery.qll`, `codeql/ruby/security/OverlyLargeRangeQuery.qll`, `codeql/ruby/security/regexp/ExponentialBackTracking.qll`, `codeql/ruby/security/regexp/NfaUtils.qll`, `codeql/ruby/security/regexp/RegexpMatching.qll`, and `codeql/ruby/security/regexp/SuperlinearBackTracking.qll` files. +* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead. +* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned. + ## 0.8.6 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md b/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md deleted file mode 100644 index 7e1ce1c3488..00000000000 --- a/ruby/ql/lib/change-notes/2024-01-17-successfully-extracted-diagnostic.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md b/ruby/ql/lib/change-notes/released/0.8.7.md similarity index 78% rename from ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md rename to ruby/ql/lib/change-notes/released/0.8.7.md index c57e54712f6..454ab2b2c97 100644 --- a/ruby/ql/lib/change-notes/2024-01-22-outdated-deprecations.md +++ b/ruby/ql/lib/change-notes/released/0.8.7.md @@ -1,6 +1,7 @@ ---- -category: minorAnalysis ---- +## 0.8.7 + +### Minor Analysis Improvements + * Deleted many deprecated predicates and classes with uppercase `HTTP`, `CSRF`, ``, `` etc. in their names. Use the PascalCased versions instead. * Deleted the deprecated `getAUse` and `getARhs` predicates from `API::Node`, use `getASource` and `getASink` instead. * Deleted the deprecated `disablesCertificateValidation` predicate from the `Http` module. @@ -8,4 +9,5 @@ category: minorAnalysis * Deleted the deprecated `HtmlSafeCall`, `HtmlEscapeCall`, `RenderCall`, and `RenderToCall` classes from `ActionView.qll`, use the simarly named classes from `codeql.ruby.frameworks.Rails::Rails` instead. * Deleted the deprecated `HtmlSafeCall` class from `Rails.qll`. * Deleted the deprecated `codeql/ruby/security/BadTagFilterQuery.qll`, `codeql/ruby/security/OverlyLargeRangeQuery.qll`, `codeql/ruby/security/regexp/ExponentialBackTracking.qll`, `codeql/ruby/security/regexp/NfaUtils.qll`, `codeql/ruby/security/regexp/RegexpMatching.qll`, and `codeql/ruby/security/regexp/SuperlinearBackTracking.qll` files. -* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead. \ No newline at end of file +* Deleted the deprecated `localSourceStoreStep` predicate from `TypeTracker.qll`, use `flowsToStoreStep` instead. +* The diagnostic query `rb/diagnostics/successfully-extracted-files`, and therefore the Code Scanning UI measure of scanned Ruby files, now considers any Ruby file seen during extraction, even one with some errors, to be extracted / scanned. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 026be203d9a..81a2235285f 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.7-dev +version: 0.8.7 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 7d5c2de2131..05a89118b05 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.7 + +No user-facing changes. + ## 0.8.6 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/0.8.7.md b/ruby/ql/src/change-notes/released/0.8.7.md new file mode 100644 index 00000000000..65a3c3ae5cd --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.7.md @@ -0,0 +1,3 @@ +## 0.8.7 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index d67c1aac29d..2ef6dc421f3 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.6 +lastReleaseVersion: 0.8.7 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index eb204a2988d..6cef7a2129b 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.7-dev +version: 0.8.7 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 71269fe4ba8..6635db28abc 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.7 + +No user-facing changes. + ## 0.1.6 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.7.md b/shared/controlflow/change-notes/released/0.1.7.md new file mode 100644 index 00000000000..49dc15228e3 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.7.md @@ -0,0 +1,3 @@ +## 0.1.7 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index d271632b3dd..949d4c64c66 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.6 +lastReleaseVersion: 0.1.7 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index b70a8b5a307..cada45f4854 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.7-dev +version: 0.1.7 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index a996595df47..c537cb3bb8e 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.7 + +No user-facing changes. + ## 0.1.6 ### Deprecated APIs diff --git a/shared/dataflow/change-notes/released/0.1.7.md b/shared/dataflow/change-notes/released/0.1.7.md new file mode 100644 index 00000000000..49dc15228e3 --- /dev/null +++ b/shared/dataflow/change-notes/released/0.1.7.md @@ -0,0 +1,3 @@ +## 0.1.7 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index d271632b3dd..949d4c64c66 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.6 +lastReleaseVersion: 0.1.7 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 54c411fd27d..d9d8512e659 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.7-dev +version: 0.1.7 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 514ddda4d2b..438ce8241a6 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.7.md b/shared/mad/change-notes/released/0.2.7.md new file mode 100644 index 00000000000..80b98e73c70 --- /dev/null +++ b/shared/mad/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 09bfb3de3d6..c0e173edbbb 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 381b7ea8840..6f334d57356 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.6 + +No user-facing changes. + ## 0.0.5 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/0.0.6.md b/shared/rangeanalysis/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..ccbce856079 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index bb45a1ab018..cf398ce02aa 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index ab5974524f2..5405046e6a7 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.6-dev +version: 0.0.6 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 04bb2adcc0a..267288c38df 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.7.md b/shared/regex/change-notes/released/0.2.7.md new file mode 100644 index 00000000000..80b98e73c70 --- /dev/null +++ b/shared/regex/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index c8db4fc8b89..daf8890cc4c 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 3ba7f8edce1..8a920eb7bed 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.7 + +### Minor Analysis Improvements + +* Deleted the deprecated `adjacentDefNoUncertainReads`, `lastRefRedefNoUncertainReads`, and `lastRefNoUncertainReads` predicates. + ## 0.2.6 No user-facing changes. diff --git a/shared/ssa/change-notes/2024-01-22-outdated-deprecations.md b/shared/ssa/change-notes/released/0.2.7.md similarity index 73% rename from shared/ssa/change-notes/2024-01-22-outdated-deprecations.md rename to shared/ssa/change-notes/released/0.2.7.md index c1a3deabd2d..f47b6b30aed 100644 --- a/shared/ssa/change-notes/2024-01-22-outdated-deprecations.md +++ b/shared/ssa/change-notes/released/0.2.7.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* Deleted the deprecated `adjacentDefNoUncertainReads`, `lastRefRedefNoUncertainReads`, and `lastRefNoUncertainReads` predicates. \ No newline at end of file +## 0.2.7 + +### Minor Analysis Improvements + +* Deleted the deprecated `adjacentDefNoUncertainReads`, `lastRefRedefNoUncertainReads`, and `lastRefNoUncertainReads` predicates. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 5a9c880c198..bb08329f5e9 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 9b269441c00..ad2e63eb470 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.6 + +No user-facing changes. + ## 0.0.5 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.6.md b/shared/threat-models/change-notes/released/0.0.6.md new file mode 100644 index 00000000000..ccbce856079 --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.6.md @@ -0,0 +1,3 @@ +## 0.0.6 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index bb45a1ab018..cf398ce02aa 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.5 +lastReleaseVersion: 0.0.6 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 4db8c6ee2fd..8167833d8b1 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.6-dev +version: 0.0.6 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1523a1599c2..d89b3171dc6 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.7.md b/shared/tutorial/change-notes/released/0.2.7.md new file mode 100644 index 00000000000..80b98e73c70 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 992f83d7dd3..5a2e85a176d 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index a8639d1de49..b47b17710e8 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.7.md b/shared/typetracking/change-notes/released/0.2.7.md new file mode 100644 index 00000000000..80b98e73c70 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 63dc62c9a91..a2093adcc8c 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index bd1c41f8297..101d57dbad8 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.7.md b/shared/typos/change-notes/released/0.2.7.md new file mode 100644 index 00000000000..80b98e73c70 --- /dev/null +++ b/shared/typos/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b9342d72242..1304e33853c 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 677b82a2b4e..edfa06a5da2 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.7.md b/shared/util/change-notes/released/0.2.7.md new file mode 100644 index 00000000000..80b98e73c70 --- /dev/null +++ b/shared/util/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 332d91969fb..0d0c351da6a 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index e043461448e..c5b3ec6b30e 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.7 + +No user-facing changes. + ## 0.2.6 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.7.md b/shared/yaml/change-notes/released/0.2.7.md new file mode 100644 index 00000000000..80b98e73c70 --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.7.md @@ -0,0 +1,3 @@ +## 0.2.7 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 248dd0f4594..6d3c0021858 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.6 +lastReleaseVersion: 0.2.7 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 23d8139aebb..8bcfb231d10 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.7-dev +version: 0.2.7 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 7236e3740d9..f06c4195a35 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.3.7 + +### Minor Analysis Improvements + +* Swift upgraded to 5.9.2 +* The control flow graph library (`codeql.swift.controlflow`) has been transitioned to use the shared implementation from the `codeql/controlflow` qlpack. No result changes are expected due to this change. + ## 0.3.6 ### Minor Analysis Improvements diff --git a/swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md b/swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md deleted file mode 100644 index ce39b42bc9e..00000000000 --- a/swift/ql/lib/change-notes/2024-01-09-swift-5.9.2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Swift upgraded to 5.9.2 diff --git a/swift/ql/lib/change-notes/2024-01-05-parameterized-cfg-library.md b/swift/ql/lib/change-notes/released/0.3.7.md similarity index 74% rename from swift/ql/lib/change-notes/2024-01-05-parameterized-cfg-library.md rename to swift/ql/lib/change-notes/released/0.3.7.md index 9d6f66173fd..3b44a900b47 100644 --- a/swift/ql/lib/change-notes/2024-01-05-parameterized-cfg-library.md +++ b/swift/ql/lib/change-notes/released/0.3.7.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.3.7 + +### Minor Analysis Improvements + +* Swift upgraded to 5.9.2 * The control flow graph library (`codeql.swift.controlflow`) has been transitioned to use the shared implementation from the `codeql/controlflow` qlpack. No result changes are expected due to this change. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 7bbaa8987dd..939934ffd00 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.6 +lastReleaseVersion: 0.3.7 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 592a7d33bb9..35e9f92e73f 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.7-dev +version: 0.3.7 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 9ef92154676..ff380eb0b97 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.3.7 + +### New Queries + +* Added new query "Use of an inappropriate cryptographic hashing algorithm on passwords" (`swift/weak-password-hashing`). This query detects use of inappropriate hashing algorithms for password hashing. Some of the results of this query are new, others would previously have been reported by the "Use of a broken or weak cryptographic hashing algorithm on sensitive data" (`swift/weak-sensitive-data-hashing`) query. + +### Minor Analysis Improvements + +* The diagnostic query `swift/diagnostics/successfully-extracted-files` now considers any Swift file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned Swift files. + ## 0.3.6 ### Minor Analysis Improvements diff --git a/swift/ql/src/change-notes/2024-01-19-extracted-files.md b/swift/ql/src/change-notes/2024-01-19-extracted-files.md deleted file mode 100644 index 3b773524a9f..00000000000 --- a/swift/ql/src/change-notes/2024-01-19-extracted-files.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The diagnostic query `swift/diagnostics/successfully-extracted-files` now considers any Swift file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned Swift files. diff --git a/swift/ql/src/change-notes/2023-12-15-weak-password-hashing.md b/swift/ql/src/change-notes/released/0.3.7.md similarity index 57% rename from swift/ql/src/change-notes/2023-12-15-weak-password-hashing.md rename to swift/ql/src/change-notes/released/0.3.7.md index dfd81f471d0..ddcc4fffcfe 100644 --- a/swift/ql/src/change-notes/2023-12-15-weak-password-hashing.md +++ b/swift/ql/src/change-notes/released/0.3.7.md @@ -1,5 +1,9 @@ ---- -category: newQuery ---- +## 0.3.7 + +### New Queries * Added new query "Use of an inappropriate cryptographic hashing algorithm on passwords" (`swift/weak-password-hashing`). This query detects use of inappropriate hashing algorithms for password hashing. Some of the results of this query are new, others would previously have been reported by the "Use of a broken or weak cryptographic hashing algorithm on sensitive data" (`swift/weak-sensitive-data-hashing`) query. + +### Minor Analysis Improvements + +* The diagnostic query `swift/diagnostics/successfully-extracted-files` now considers any Swift file seen during extraction, even one with some errors, to be extracted / scanned. This affects the Code Scanning UI measure of scanned Swift files. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 7bbaa8987dd..939934ffd00 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.6 +lastReleaseVersion: 0.3.7 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 09314f7dc00..258b75da846 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.7-dev +version: 0.3.7 groups: - swift - queries