hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-14 19:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #21657 from github/release-prep/2.25.2

Browse Source 
Release preparation for version 2.25.2
This commit is contained in:
Óscar San José
2026-04-06 12:50:52 +02:00
committed by GitHub
parent fb8b5699f2 4fe2f6d2b4
commit 868ccfbb04
182 changed files with 483 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
actions/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.33
No user-facing changes.
## 0.4.32
No user-facing changes.

3
actions/ql/lib/change-notes/released/0.4.33.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.33
No user-facing changes.

2
actions/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.32
lastReleaseVersion: 0.4.33

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.33-dev
version: 0.4.33
library: true
warnOnImplicitThis: true
dependencies:

4
actions/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.6.25
No user-facing changes.
## 0.6.24
No user-facing changes.

3
actions/ql/src/change-notes/released/0.6.25.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.6.25
No user-facing changes.

2
actions/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.24
lastReleaseVersion: 0.6.25

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.25-dev
version: 0.6.25
library: false
warnOnImplicitThis: true
groups: [actions, queries]

20
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,23 @@
## 9.0.0
### Breaking Changes
* The `SourceModelCsv`, `SinkModelCsv`, and `SummaryModelCsv` classes and the associated CSV parsing infrastructure have been removed from `ExternalFlow.qll`. New models should be added as `.model.yml` files in the `ext/` directory.
### New Features
* Added a subclass `MesonPrivateTestFile` of `ConfigurationTestFile` that represents files created by Meson to test the build configuration.
* Added a class `ConstructorDirectFieldInit` to represent field initializations that occur in member initializer lists.
* Added a class `ConstructorDefaultFieldInit` to represent default field initializations.
* Added a class `DataFlow::IndirectParameterNode` to represent the indirection of a parameter as a dataflow node.
* Added a predicate `Node::asIndirectInstruction` which returns the `Instruction` that defines the indirect dataflow node, if any.
* Added a class `IndirectUninitializedNode` to represent the indirection of an uninitialized local variable as a dataflow node.
### Minor Analysis Improvements
* Added `HttpReceiveHttpRequest`, `HttpReceiveRequestEntityBody`, and `HttpReceiveClientCertificate` from Win32's `http.h` as remote flow sources.
* Added dataflow through members initialized via non-static data member initialization (NSDMI).
## 8.0.3
No user-facing changes.

4
cpp/ql/lib/change-notes/2026-03-20-add-indirect-uninitialized-node.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* Added a class `IndirectUninitializedNode` to represent the indirection of an uninitialized local variable as a dataflow node.

5
cpp/ql/lib/change-notes/2026-03-23-indirect-parameter-nodes-and-indirect-instructions.md
View File

@@ -1,5 +0,0 @@
---
category: feature
---
* Added a class `DataFlow::IndirectParameterNode` to represent the indirection of a parameter as a dataflow node.
* Added a predicate `Node::asIndirectInstruction` which returns the `Instruction` that defines the indirect dataflow node, if any.

5
cpp/ql/lib/change-notes/2026-03-24-field-init.md
View File

@@ -1,5 +0,0 @@
---
category: feature
---
* Added a class `ConstructorDirectFieldInit` to represent field initializations that occur in member initializer lists.
* Added a class `ConstructorDefaultFieldInit` to represent default field initializations.

4
cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md
View File

@@ -1,4 +0,0 @@
---
category: breaking
---
* The `SourceModelCsv`, `SinkModelCsv`, and `SummaryModelCsv` classes and the associated CSV parsing infrastructure have been removed from `ExternalFlow.qll`. New models should be added as `.model.yml` files in the `ext/` directory.

4
cpp/ql/lib/change-notes/2026-03-30-nsdmi-dataflow.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added dataflow through members initialized via non-static data member initialization (NSDMI).

4
cpp/ql/lib/change-notes/2026-03-31-http-flow-sources.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Added `HttpReceiveHttpRequest`, `HttpReceiveRequestEntityBody`, and `HttpReceiveClientCertificate` from Win32's `http.h` as remote flow sources.

4
cpp/ql/lib/change-notes/2026-03-31-meson.md
View File

@@ -1,4 +0,0 @@
---
category: feature
---
* Added a subclass `MesonPrivateTestFile` of `ConfigurationTestFile` that represents files created by Meson to test the build configuration.

19
cpp/ql/lib/change-notes/released/9.0.0.md Normal file
View File

@@ -0,0 +1,19 @@
## 9.0.0
### Breaking Changes
* The `SourceModelCsv`, `SinkModelCsv`, and `SummaryModelCsv` classes and the associated CSV parsing infrastructure have been removed from `ExternalFlow.qll`. New models should be added as `.model.yml` files in the `ext/` directory.
### New Features
* Added a subclass `MesonPrivateTestFile` of `ConfigurationTestFile` that represents files created by Meson to test the build configuration.
* Added a class `ConstructorDirectFieldInit` to represent field initializations that occur in member initializer lists.
* Added a class `ConstructorDefaultFieldInit` to represent default field initializations.
* Added a class `DataFlow::IndirectParameterNode` to represent the indirection of a parameter as a dataflow node.
* Added a predicate `Node::asIndirectInstruction` which returns the `Instruction` that defines the indirect dataflow node, if any.
* Added a class `IndirectUninitializedNode` to represent the indirection of an uninitialized local variable as a dataflow node.
### Minor Analysis Improvements
* Added `HttpReceiveHttpRequest`, `HttpReceiveRequestEntityBody`, and `HttpReceiveClientCertificate` from Win32's `http.h` as remote flow sources.
* Added dataflow through members initialized via non-static data member initialization (NSDMI).

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 8.0.3
lastReleaseVersion: 9.0.0

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 8.0.4-dev
version: 9.0.0
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

14
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,17 @@
## 1.6.0
### Query Metadata Changes
* The `@security-severity` metadata of `cpp/cgi-xss` has been increased from 6.1 (medium) to 7.8 (high).
### Minor Analysis Improvements
* The "Extraction warnings" (`cpp/diagnostics/extraction-warnings`) diagnostics query no longer yields `ExtractionRecoverableWarning`s for `build-mode: none` databases. The results were found to significantly increase the sizes of the produced SARIF files, making them unprocessable in some cases.
* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases.
* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations.
* Fixed an issue with the "Wrong type of arguments to formatting function" (`cpp/wrong-type-format-argument`) query causing false positive results in `build-mode: none` databases.
* Fixed an issue with the "Multiplication result converted to larger type" (`cpp/integer-multiplication-cast-to-long`) query causing false positive results in `build-mode: none` databases.
## 1.5.15
No user-facing changes.

4
cpp/ql/src/change-notes/2026-03-11-integer-multiplication-cast-to-long.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Fixed an issue with the "Multiplication result converted to larger type" (`cpp/integer-multiplication-cast-to-long`) query causing false positive results in `build-mode: none` databases.

4
cpp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
View File

@@ -1,4 +0,0 @@
---
category: queryMetadata
---
* The `@security-severity` metadata of `cpp/cgi-xss` has been increased from 6.1 (medium) to 7.8 (high).

4
cpp/ql/src/change-notes/2026-03-16-wrong-type-format-argument.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Fixed an issue with the "Wrong type of arguments to formatting function" (`cpp/wrong-type-format-argument`) query causing false positive results in `build-mode: none` databases.

4
cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases.

4
cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations.

4
cpp/ql/src/change-notes/2026-03-30-warning-diagnostics.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The "Extraction warnings" (`cpp/diagnostics/extraction-warnings`) diagnostics query no longer yields `ExtractionRecoverableWarning`s for `build-mode: none` databases. The results were found to significantly increase the sizes of the produced SARIF files, making them unprocessable in some cases.

13
cpp/ql/src/change-notes/released/1.6.0.md Normal file
View File

@@ -0,0 +1,13 @@
## 1.6.0
### Query Metadata Changes
* The `@security-severity` metadata of `cpp/cgi-xss` has been increased from 6.1 (medium) to 7.8 (high).
### Minor Analysis Improvements
* The "Extraction warnings" (`cpp/diagnostics/extraction-warnings`) diagnostics query no longer yields `ExtractionRecoverableWarning`s for `build-mode: none` databases. The results were found to significantly increase the sizes of the produced SARIF files, making them unprocessable in some cases.
* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases.
* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations.
* Fixed an issue with the "Wrong type of arguments to formatting function" (`cpp/wrong-type-format-argument`) query causing false positive results in `build-mode: none` databases.
* Fixed an issue with the "Multiplication result converted to larger type" (`cpp/integer-multiplication-cast-to-long`) query causing false positive results in `build-mode: none` databases.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.15
lastReleaseVersion: 1.6.0

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.5.16-dev
version: 1.6.0
groups:
- cpp
- queries

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.64
No user-facing changes.
## 1.7.63
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.64.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.64
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.63
lastReleaseVersion: 1.7.64

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.64-dev
version: 1.7.64
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.7.64
No user-facing changes.
## 1.7.63
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.64.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.7.64
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.63
lastReleaseVersion: 1.7.64

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.64-dev
version: 1.7.64
groups:
- csharp
- solorigate

10
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,13 @@
## 5.4.12
### Minor Analysis Improvements
* The extractor no longer synthesizes expanded forms of compound assignments. This may have a small impact on the results of queries that explicitly or implicitly rely on the expanded form of compound assignments.
* The `cs/log-forging` query no longer treats arguments to extension methods with
source code on `ILogger` types as sinks. Instead, taint is tracked interprocedurally
through extension method bodies, reducing false positives when extension methods
sanitize input internally.
## 5.4.11
No user-facing changes.

4
csharp/ql/lib/change-notes/2026-03-26-expanded-assignments.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The extractor no longer synthesizes expanded forms of compound assignments. This may have a small impact on the results of queries that explicitly or implicitly rely on the expanded form of compound assignments.

8
csharp/ql/lib/change-notes/2026-03-19-fix-log-forging-extension-methods.md → csharp/ql/lib/change-notes/released/5.4.12.md
View File

@@ -1,6 +1,8 @@
---
category: minorAnalysis
---
## 5.4.12
### Minor Analysis Improvements
* The extractor no longer synthesizes expanded forms of compound assignments. This may have a small impact on the results of queries that explicitly or implicitly rely on the expanded form of compound assignments.
* The `cs/log-forging` query no longer treats arguments to extension methods with
source code on `ILogger` types as sinks. Instead, taint is tracked interprocedurally
through extension method bodies, reducing false positives when extension methods

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.4.11
lastReleaseVersion: 5.4.12

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.4.12-dev
version: 5.4.12
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

11
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 1.7.0
### Query Metadata Changes
* The `@security-severity` metadata of `cs/log-forging` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `cs/web/xss` has been increased from 6.1 (medium) to 7.8 (high).
### Major Analysis Improvements
* The `cs/constant-condition` query has been simplified. The query no longer reports trivially constant conditions as they were found to generally be intentional. As a result, it should now produce fewer false positives. Additionally, the simplification means that it now reports all the results that `cs/constant-comparison` used to report, and as consequence, that query has been deleted.
## 1.6.6
No user-facing changes.

5
csharp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
View File

@@ -1,5 +0,0 @@
---
category: queryMetadata
---
* The `@security-severity` metadata of `cs/log-forging` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `cs/web/xss` has been increased from 6.1 (medium) to 7.8 (high).

12
csharp/ql/src/change-notes/2026-03-31-constantcondition-simplify.md → csharp/ql/src/change-notes/released/1.7.0.md
View File

@@ -1,4 +1,10 @@
---
category: majorAnalysis
---
## 1.7.0
### Query Metadata Changes
* The `@security-severity` metadata of `cs/log-forging` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `cs/web/xss` has been increased from 6.1 (medium) to 7.8 (high).
### Major Analysis Improvements
* The `cs/constant-condition` query has been simplified. The query no longer reports trivially constant conditions as they were found to generally be intentional. As a result, it should now produce fewer false positives. Additionally, the simplification means that it now reports all the results that `cs/constant-comparison` used to report, and as consequence, that query has been deleted.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.6.6
lastReleaseVersion: 1.7.0

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.6.7-dev
version: 1.7.0
groups:
- csharp
- queries

4
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.47
No user-facing changes.
## 1.0.46
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.47.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.47
No user-facing changes.

2
go/ql/consistency-queries/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.46
lastReleaseVersion: 1.0.47

2
go/ql/consistency-queries/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.47-dev
version: 1.0.47
groups:
- go
- queries

4
go/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 7.0.5
No user-facing changes.
## 7.0.4
No user-facing changes.

3
go/ql/lib/change-notes/released/7.0.5.md Normal file
View File

@@ -0,0 +1,3 @@
## 7.0.5
No user-facing changes.

2
go/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.0.4
lastReleaseVersion: 7.0.5

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 7.0.5-dev
version: 7.0.5
groups: go
dbscheme: go.dbscheme
extractor: go

7
go/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 1.6.0
### Query Metadata Changes
* The `@security-severity` metadata of `go/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `go/html-template-escaping-bypass-xss`, `go/reflected-xss` and `go/stored-xss` has been increased from 6.1 (medium) to 7.8 (high).
## 1.5.10
No user-facing changes.

7
go/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md → go/ql/src/change-notes/released/1.6.0.md
View File

@@ -1,5 +1,6 @@
---
category: queryMetadata
---
## 1.6.0
### Query Metadata Changes
* The `@security-severity` metadata of `go/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `go/html-template-escaping-bypass-xss`, `go/reflected-xss` and `go/stored-xss` has been increased from 6.1 (medium) to 7.8 (high).

2
go/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.10
lastReleaseVersion: 1.6.0

2
go/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.5.11-dev
version: 1.6.0
groups:
- go
- queries

9
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,12 @@
## 9.0.3
### Minor Analysis Improvements
* The `java/tainted-arithmetic` query no longer flags arithmetic expressions that are used directly as an operand of a comparison in `if`-condition bounds-checking patterns. For example, `if (off + len > array.length)` is now recognized as a bounds check rather than a potentially vulnerable computation, reducing false positives.
* The `java/potentially-weak-cryptographic-algorithm` query no longer flags Elliptic Curve algorithms (`EC`, `ECDSA`, `ECDH`, `EdDSA`, `Ed25519`, `Ed448`, `XDH`, `X25519`, `X448`), HMAC-based algorithms (`HMACSHA1`, `HMACSHA256`, `HMACSHA384`, `HMACSHA512`), or PBKDF2 key derivation as potentially insecure. These are modern, secure algorithms recommended by NIST and other standards bodies. This will reduce the number of false positives for this query.
* The first argument of the method `getInstance` of `java.security.Signature` is now modeled as a sink for `java/potentially-weak-cryptographic-algorithm`, `java/weak-cryptographic-algorithm` and `java/rsa-without-oaep`. This will increase the number of alerts for these queries.
* Kotlin versions up to 2.3.20 are now supported.
## 9.0.2
No user-facing changes.

4
java/ql/lib/change-notes/2026-03-26-kotlin-2.3.20.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Kotlin versions up to 2.3.20 are now supported.

4
java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* The `java/tainted-arithmetic` query no longer flags arithmetic expressions that are used directly as an operand of a comparison in `if`-condition bounds-checking patterns. For example, `if (off + len > array.length)` is now recognized as a bounds check rather than a potentially vulnerable computation, reducing false positives.

9
java/ql/lib/change-notes/2026-03-27-add-ec-to-secure-algorithms.md → java/ql/lib/change-notes/released/9.0.3.md
View File

@@ -1,5 +1,8 @@
---
category: minorAnalysis
---
## 9.0.3
### Minor Analysis Improvements
* The `java/tainted-arithmetic` query no longer flags arithmetic expressions that are used directly as an operand of a comparison in `if`-condition bounds-checking patterns. For example, `if (off + len > array.length)` is now recognized as a bounds check rather than a potentially vulnerable computation, reducing false positives.
* The `java/potentially-weak-cryptographic-algorithm` query no longer flags Elliptic Curve algorithms (`EC`, `ECDSA`, `ECDH`, `EdDSA`, `Ed25519`, `Ed448`, `XDH`, `X25519`, `X448`), HMAC-based algorithms (`HMACSHA1`, `HMACSHA256`, `HMACSHA384`, `HMACSHA512`), or PBKDF2 key derivation as potentially insecure. These are modern, secure algorithms recommended by NIST and other standards bodies. This will reduce the number of false positives for this query.
* The first argument of the method `getInstance` of `java.security.Signature` is now modeled as a sink for `java/potentially-weak-cryptographic-algorithm`, `java/weak-cryptographic-algorithm` and `java/rsa-without-oaep`. This will increase the number of alerts for these queries.
* Kotlin versions up to 2.3.20 are now supported.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 9.0.2
lastReleaseVersion: 9.0.3

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 9.0.3-dev
version: 9.0.3
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

7
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 1.11.0
### Query Metadata Changes
* The `@security-severity` metadata of `java/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `java/android/webview-addjavascriptinterface`, `java/android/websettings-javascript-enabled` and `java/xss` has been increased from 6.1 (medium) to 7.8 (high).
## 1.10.11
No user-facing changes.

7
java/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md → java/ql/src/change-notes/released/1.11.0.md
View File

@@ -1,5 +1,6 @@
---
category: queryMetadata
---
## 1.11.0
### Query Metadata Changes
* The `@security-severity` metadata of `java/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `java/android/webview-addjavascriptinterface`, `java/android/websettings-javascript-enabled` and `java/xss` has been increased from 6.1 (medium) to 7.8 (high).

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.10.11
lastReleaseVersion: 1.11.0

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.10.12-dev
version: 1.11.0
groups:
- java
- queries

4
javascript/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 2.6.27
No user-facing changes.
## 2.6.26
No user-facing changes.

3
javascript/ql/lib/change-notes/released/2.6.27.md Normal file
View File

@@ -0,0 +1,3 @@
## 2.6.27
No user-facing changes.

2
javascript/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.6.26
lastReleaseVersion: 2.6.27

2
javascript/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-all
version: 2.6.27-dev
version: 2.6.27
groups: javascript
dbscheme: semmlecode.javascript.dbscheme
extractor: javascript

4
javascript/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 2.3.7
No user-facing changes.
## 2.3.6
No user-facing changes.

3
javascript/ql/src/change-notes/released/2.3.7.md Normal file
View File

@@ -0,0 +1,3 @@
## 2.3.7
No user-facing changes.

2
javascript/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.3.6
lastReleaseVersion: 2.3.7

2
javascript/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/javascript-queries
version: 2.3.7-dev
version: 2.3.7
groups:
- javascript
- queries

4
misc/suite-helpers/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.0.47
No user-facing changes.
## 1.0.46
No user-facing changes.

3
misc/suite-helpers/change-notes/released/1.0.47.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.47
No user-facing changes.

2
misc/suite-helpers/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.46
lastReleaseVersion: 1.0.47

2
misc/suite-helpers/qlpack.yml
View File

@@ -1,4 +1,4 @@
name: codeql/suite-helpers
version: 1.0.47-dev
version: 1.0.47
groups: shared
warnOnImplicitThis: true

6
python/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 7.0.4
### Bug Fixes
- Fixed the resolution of relative imports such as `from . import helper` inside namespace packages (directories without an `__init__.py` file), which previously did not work correctly, leading to missing flow.
## 7.0.3
No user-facing changes.

6
python/ql/lib/change-notes/2026-03-11-fix-unresolved-relative-imports.md → python/ql/lib/change-notes/released/7.0.4.md
View File

@@ -1,5 +1,5 @@
---
category: fix
---
## 7.0.4
### Bug Fixes
- Fixed the resolution of relative imports such as `from . import helper` inside namespace packages (directories without an `__init__.py` file), which previously did not work correctly, leading to missing flow.

2
python/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.0.3
lastReleaseVersion: 7.0.4

2
python/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-all
version: 7.0.4-dev
version: 7.0.4
groups: python
dbscheme: semmlecode.python.dbscheme
extractor: python

11
python/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,14 @@
## 1.8.0
### Query Metadata Changes
* The `@security-severity` metadata of `py/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `py/jinja2/autoescape-false` and `py/reflective-xss` has been increased from 6.1 (medium) to 7.8 (high).
### Major Analysis Improvements
- Several quality queries have been ported away from using the legacy points-to library. This may lead to changes in alerts.
## 1.7.11
No user-facing changes.

5
python/ql/src/change-notes/2026-03-13-port-simple-points-to-queries.md
View File

@@ -1,5 +0,0 @@
---
category: majorAnalysis
---
- Several quality queries have been ported away from using the legacy points-to library. This may lead to changes in alerts.

11
python/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md → python/ql/src/change-notes/released/1.8.0.md
View File

@@ -1,5 +1,10 @@
---
category: queryMetadata
---
## 1.8.0
### Query Metadata Changes
* The `@security-severity` metadata of `py/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `py/jinja2/autoescape-false` and `py/reflective-xss` has been increased from 6.1 (medium) to 7.8 (high).
### Major Analysis Improvements
- Several quality queries have been ported away from using the legacy points-to library. This may lead to changes in alerts.

2
python/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.11
lastReleaseVersion: 1.8.0

2
python/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/python-queries
version: 1.7.12-dev
version: 1.8.0
groups:
- python
- queries

4
ruby/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 5.1.15
No user-facing changes.
## 5.1.14
No user-facing changes.

3
ruby/ql/lib/change-notes/released/5.1.15.md Normal file
View File

@@ -0,0 +1,3 @@
## 5.1.15
No user-facing changes.

2
ruby/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.1.14
lastReleaseVersion: 5.1.15

2
ruby/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-all
version: 5.1.15-dev
version: 5.1.15
groups: ruby
extractor: ruby
dbscheme: ruby.dbscheme

7
ruby/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 1.6.0
### Query Metadata Changes
* The `@security-severity` metadata of `rb/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `rb/reflected-xss`, `rb/stored-xss` and `rb/html-constructed-from-input` has been increased from 6.1 (medium) to 7.8 (high).
## 1.5.11
No user-facing changes.

7
ruby/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md → ruby/ql/src/change-notes/released/1.6.0.md
View File

@@ -1,5 +1,6 @@
---
category: queryMetadata
---
## 1.6.0
### Query Metadata Changes
* The `@security-severity` metadata of `rb/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `rb/reflected-xss`, `rb/stored-xss` and `rb/html-constructed-from-input` has been increased from 6.1 (medium) to 7.8 (high).

2
ruby/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.11
lastReleaseVersion: 1.6.0

2
ruby/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/ruby-queries
version: 1.5.12-dev
version: 1.6.0
groups:
- ruby
- queries

4
rust/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.2.11
No user-facing changes.
## 0.2.10
No user-facing changes.

3
rust/ql/lib/change-notes/released/0.2.11.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.2.11
No user-facing changes.

Some files were not shown because too many files have changed in this diff Show More