Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0

Post-release preparation for codeql-cli-2.16.0
2026-04-25 08:45:14 +02:00 · 2024-01-16 14:50:40 +00:00
parent e18ee790f2 57df8b92df
commit 934474681d
171 changed files with 496 additions and 333 deletions
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,19 @@
+## 0.8.6
+
+### Deprecated Queries
+
+* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
+
+### New Queries
+
+* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. 
+
+### Minor Analysis Improvements
+
+* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files.
+* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
+* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
+
 ## 0.8.5

 No user-facing changes.
--- a/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md
+++ b/java/ql/src/change-notes/2023-11-08-weak-randomness-query.md
@@ -1,5 +0,0 @@
---
-category: newQuery
---
-* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. 
-
--- a/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md
+++ b/java/ql/src/change-notes/2023-12-12-android-certificate-pinning-precision.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
--- a/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md
+++ b/java/ql/src/change-notes/2023-12-12-ognl-invalid-sinks.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
--- a/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md
+++ b/java/ql/src/change-notes/2023-12-14-flowstatestring-deprecated.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
--- a/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md
+++ b/java/ql/src/change-notes/2023-12-15-weak-cryptographic-algorithm-from-properties-file.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files.
--- a/java/ql/src/change-notes/released/0.8.6.md
+++ b/java/ql/src/change-notes/released/0.8.6.md
@@ -0,0 +1,15 @@
+## 0.8.6
+
+### Deprecated Queries
+
+* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
+
+### New Queries
+
+* Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. 
+
+### Minor Analysis Improvements
+
+* Modified the `java/potentially-weak-cryptographic-algorithm` query to include the use of weak cryptographic algorithms from configuration values specified in properties files.
+* The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
+* Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.5
+lastReleaseVersion: 0.8.6
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.6-dev
+version: 0.8.7-dev
 groups:
  - java
  - queries