hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.21.0

Browse Source
This commit is contained in:
github-actions[bot]
2025-03-31 17:35:15 +00:00
parent c89c403e0e
commit 84f6564cc0
203 changed files with 562 additions and 309 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/src/change-notes/released/1.4.0.md Normal file
View File

@@ -0,0 +1,15 @@
## 1.4.0
### New Queries
* Added a new quality query, `java/empty-method`, to detect empty methods.
* The query `java/spring-boot-exposed-actuators` has been promoted from experimental to the main query pack. Its results will now appear by default, and the query itself will be removed from the [CodeQL Community Packs](https://github.com/GitHubSecurityLab/CodeQL-Community-Packs). This query was originally submitted as an experimental query [by @ggolawski](https://github.com/github/codeql/pull/2901).
### Major Analysis Improvements
* Updated the `java/unreleased-lock` query so that it no longer report alerts in cases where a boolean variable is used to track lock state.
### Minor Analysis Improvements
* Fixed a false positive in "Time-of-check time-of-use race condition" (`java/toctou-race-condition`) where a field of a non-static class was not considered always-locked if it was accessed in a constructor.
* Overrides of `BroadcastReceiver::onReceive` with no statements in their body are no longer considered unverified by the `java/improper-intent-verification` query. This will reduce false positives from `onReceive` methods which do not perform any actions.