Release preparation for version 2.11.1

2025-12-16 16:53:25 +01:00 · 2022-10-07 02:20:28 +00:00
parent 10eb548156
commit a02dcdc5e1
88 changed files with 257 additions and 127 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.1
+
+No user-facing changes.
+
 ## 0.4.0

 ### Deprecated APIs
--- a/cpp/ql/lib/change-notes/released/0.4.1.md
+++ b/cpp/ql/lib/change-notes/released/0.4.1.md
@@ -0,0 +1,3 @@
+## 0.4.1
+
+No user-facing changes.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.4.1-dev
+version: 0.4.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
+
 ## 0.4.0

 ### New Queries
--- a/csharp/ql/src/change-notes/2022-09-29-alert-messages.md
+++ b/csharp/ql/src/change-notes/2022-09-29-alert-messages.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.4.1
+
+### Minor Analysis Improvements
+
 * The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.4.1-dev
+version: 0.4.1
 groups: 
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.3.1
+
+No user-facing changes.
+
 ## 1.3.0

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.1.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.1.md
@@ -0,0 +1,3 @@
+## 1.3.1
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.0
+lastReleaseVersion: 1.3.1
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.3.1-dev
+version: 1.3.1
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.3.1
+
+No user-facing changes.
+
 ## 1.3.0

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.1.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.1.md
@@ -0,0 +1,3 @@
+## 1.3.1
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.0
+lastReleaseVersion: 1.3.1
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.3.1-dev
+version: 1.3.1
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries.
+* ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected. 
+
 ## 0.4.0

 ### Deprecated APIs
--- a/csharp/ql/lib/change-notes/2022-09-23-simpletypesanitizer.md
+++ b/csharp/ql/lib/change-notes/2022-09-23-simpletypesanitizer.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries.
--- a/csharp/ql/lib/change-notes/2022-08-24-aps-net-core-controllers.md
+++ b/csharp/ql/lib/change-notes/2022-08-24-aps-net-core-controllers.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* `DateTime` expressions are now considered simple type sanitizers. This affects a wide range of security queries.
 * ASP.NET Core controller definition has been made more precise. The amount of introduced taint sources or eliminated false positives should be low though, since the most common pattern is to derive all user defined ASP.NET Core controllers from the standard Controller class, which is not affected. 
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.4.1-dev
+version: 0.4.1
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
+
 ## 0.4.0

 ### Minor Analysis Improvements
--- a/cpp/ql/src/change-notes/2022-09-23-alert-messages.md
+++ b/cpp/ql/src/change-notes/2022-09-23-alert-messages.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
-* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.4.1-dev
+version: 0.4.1
 groups: 
  - csharp
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.3.1
+
+### Minor Analysis Improvements
+
+* Added support for `BeegoInput.RequestBody` as a source of untrusted data.
+
 ## 0.3.0

 ### Deprecated APIs
--- a/go/ql/lib/change-notes/2022-10-06-beego-request-body-source.md
+++ b/go/ql/lib/change-notes/2022-10-06-beego-request-body-source.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.3.1
+
+### Minor Analysis Improvements
+
 * Added support for `BeegoInput.RequestBody` as a source of untrusted data.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.3.1-dev
+version: 0.3.1
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.3.1
+
+No user-facing changes.
+
 ## 0.3.0

 ### Query Metadata Changes
--- a/go/ql/src/change-notes/released/0.3.1.md
+++ b/go/ql/src/change-notes/released/0.3.1.md
@@ -0,0 +1,3 @@
+## 0.3.1
+
+No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.3.1-dev
+version: 0.3.1
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* Added external flow sources for the intents received in exported Android services.
+
 ## 0.4.0

 ### Breaking Changes
--- a/java/ql/lib/change-notes/2022-09-23-android-service-sources.md
+++ b/java/ql/lib/change-notes/2022-09-23-android-service-sources.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.4.1
+
+### Minor Analysis Improvements
+
 * Added external flow sources for the intents received in exported Android services.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.4.1-dev
+version: 0.4.1
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 0.4.1
+
+### New Queries
+
+* Added a new query, `java/android/webview-debugging-enabled`, to detect instances of WebView debugging being enabled in production builds.
+
+### Minor Analysis Improvements
+
+* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
+* `PathSanitizer.qll` has been promoted from experimental to the main query pack. This sanitizer was originally [submitted as part of an experimental query by @luchua-bc](https://github.com/github/codeql/pull/7286).
+* The queries `java/path-injection`, `java/path-injection-local` and `java/zipslip` now use the sanitizers provided by `PathSanitizer.qll`.
+
 ## 0.4.0

 ### New Queries
--- a/java/ql/src/change-notes/2022-08-25-path-sanitizer.md
+++ b/java/ql/src/change-notes/2022-08-25-path-sanitizer.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-
-* `PathSanitizer.qll` has been promoted from experimental to the main query pack. This sanitizer was originally [submitted as part of an experimental query by @luchua-bc](https://github.com/github/codeql/pull/7286).
-* The queries `java/path-injection`, `java/path-injection-local` and `java/zipslip` now use the sanitizers provided by `PathSanitizer.qll`.
--- a/java/ql/src/change-notes/2022-08-31-webview-dubugging.md
+++ b/java/ql/src/change-notes/2022-08-31-webview-dubugging.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `java/android/webview-debugging-enabled`, to detect instances of WebView debugging being enabled in production builds.
--- a/java/ql/src/change-notes/2022-09-23-alert-messages.md
+++ b/java/ql/src/change-notes/2022-09-23-alert-messages.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
--- a/java/ql/src/change-notes/released/0.4.1.md
+++ b/java/ql/src/change-notes/released/0.4.1.md
@@ -0,0 +1,11 @@
+## 0.4.1
+
+### New Queries
+
+* Added a new query, `java/android/webview-debugging-enabled`, to detect instances of WebView debugging being enabled in production builds.
+
+### Minor Analysis Improvements
+
+* The alert message of many queries have been changed to better follow the style guide and make the message consistent with other languages.
+* `PathSanitizer.qll` has been promoted from experimental to the main query pack. This sanitizer was originally [submitted as part of an experimental query by @luchua-bc](https://github.com/github/codeql/pull/7286).
+* The queries `java/path-injection`, `java/path-injection-local` and `java/zipslip` now use the sanitizers provided by `PathSanitizer.qll`.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.4.1-dev
+version: 0.4.1
 groups: 
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.3.1
+
+### Minor Analysis Improvements
+
+- Several of the SQL and NoSQL library models have improved, leading to more results for the `js/sql-injection` query,
+  and in some cases the `js/missing-rate-limiting` query.
+
 ## 0.3.0

 ### Breaking Changes
--- a/javascript/ql/lib/change-notes/2022-09-06-type-defs-squashed.md
+++ b/javascript/ql/lib/change-notes/2022-09-06-type-defs-squashed.md
@@ -1,6 +1,6 @@
---
-category: minorAnalysis
---
+## 0.3.1
+
+### Minor Analysis Improvements

 - Several of the SQL and NoSQL library models have improved, leading to more results for the `js/sql-injection` query,
  and in some cases the `js/missing-rate-limiting` query.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.3.1-dev
+version: 0.3.1
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.1
+
+No user-facing changes.
+
 ## 0.4.0

 ### Minor Analysis Improvements
--- a/javascript/ql/src/change-notes/released/0.4.1.md
+++ b/javascript/ql/src/change-notes/released/0.4.1.md
@@ -0,0 +1,3 @@
+## 0.4.1
+
+No user-facing changes.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.4.1-dev
+version: 0.4.1
 groups: 
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.3.1
+
+No user-facing changes.
+
 ## 0.3.0

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/0.3.1.md
+++ b/misc/suite-helpers/change-notes/released/0.3.1.md
@@ -0,0 +1,3 @@
+## 0.3.1
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.0
+lastReleaseVersion: 0.3.1
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,3 +1,3 @@
 name: codeql/suite-helpers
-version: 0.3.1-dev
+version: 0.3.1
 groups: shared
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.6.1
+
+### Minor Analysis Improvements
+
+* Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for reponse objects).
+* Added modeling of creating Flask responses with `flask.jsonify`.
+
 ## 0.6.0

 ### Deprecated APIs
--- a/python/ql/lib/change-notes/2022-09-22-flask-jsonify.md
+++ b/python/ql/lib/change-notes/2022-09-22-flask-jsonify.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added modeling of creating Flask responses with `flask.jsonify`.
--- a/python/ql/lib/change-notes/2022-09-28-api-subscript.md
+++ b/python/ql/lib/change-notes/2022-09-28-api-subscript.md
@@ -1,4 +1,6 @@
---
-category: minorAnalysis
---
+## 0.6.1
+
+### Minor Analysis Improvements
+
 * Added the ability to refer to subscript operations in the API graph. It is now possible to write `response().getMember("cookies").getASubscript()` to find code like `resp.cookies["key"]` (assuming `response` returns an API node for reponse objects).
+* Added modeling of creating Flask responses with `flask.jsonify`.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.0
+lastReleaseVersion: 0.6.1
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.6.1-dev
+version: 0.6.1
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.5.1
+
+No user-facing changes.
+
 ## 0.5.0

 ### Query Metadata Changes
--- a/python/ql/src/change-notes/released/0.5.1.md
+++ b/python/ql/src/change-notes/released/0.5.1.md
@@ -0,0 +1,3 @@
+## 0.5.1
+
+No user-facing changes.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.0
+lastReleaseVersion: 0.5.1
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.5.1-dev
+version: 0.5.1
 groups: 
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,26 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The following classes have been moved from `codeql.ruby.frameworks.ActionController` to `codeql.ruby.frameworks.Rails`:
+    * `ParamsCall`, now accessed as `Rails::ParamsCall`.
+    * `CookieCall`, now accessed as `Rails::CookieCall`.
+* The following classes have been moved from `codeql.ruby.frameworks.ActionView` to `codeql.ruby.frameworks.Rails`:
+    * `HtmlSafeCall`, now accessed as `Rails::HtmlSafeCall`.
+    * `HtmlEscapeCall`, now accessed as `Rails::HtmlEscapeCall`.
+    * `RenderCall`, now accessed as `Rails::RenderCall`.
+    * `RenderToCall`, now accessed as `Rails::RenderToCall`.
+* Subclasses of `ActionController::Metal` are now recognised as controllers.
+* `ActionController::DataStreaming::send_file` is now recognized as a
+  `FileSystemAccess`.
+* Various XSS sinks in the ActionView library are now recognized.
+* Calls to `ActiveRecord::Base.create` are now recognized as model
+  instantiations.
+* Various code executions, command executions and HTTP requests in the
+  ActiveStorage library are now recognized.
+* `MethodBase` now has two new predicates related to visibility: `isPublic` and
+  `isProtected`. These hold, respectively, if the method is public or protected.
+
 ## 0.4.0

 ### Breaking Changes
--- a/ruby/ql/lib/change-notes/2022-08-16-protected-methods.md
+++ b/ruby/ql/lib/change-notes/2022-08-16-protected-methods.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* `MethodBase` now has two new predicates related to visibility: `isPublic` and
-  `isProtected`. These hold, respectively, if the method is public or protected.
--- a/ruby/ql/lib/change-notes/2022-08-30-activestorage.md
+++ b/ruby/ql/lib/change-notes/2022-08-30-activestorage.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* Various code executions, command executions and HTTP requests in the
-  ActiveStorage library are now recognized.
-
--- a/ruby/ql/lib/change-notes/2022-09-27-actionview.md
+++ b/ruby/ql/lib/change-notes/2022-09-27-actionview.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Various XSS sinks in the ActionView library are now recognized.
--- a/ruby/ql/lib/change-notes/2022-09-27-activerecord-create.md
+++ b/ruby/ql/lib/change-notes/2022-09-27-activerecord-create.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Calls to `ActiveRecord::Base.create` are now recognized as model
-  instantiations.
--- a/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-metal.md
+++ b/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-metal.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Subclasses of `ActionController::Metal` are now recognised as controllers.
--- a/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-sendfile.md
+++ b/ruby/ql/lib/change-notes/2022-09-28-actioncontroller-sendfile.md
@@ -1,6 +0,0 @@
---
-category: minorAnalysis
---
-* `ActionController::DataStreaming::send_file` is now recognized as a
-  `FileSystemAccess`.
-
--- a/ruby/ql/lib/change-notes/2022-10-04-actionview-controller-renames.md
+++ b/ruby/ql/lib/change-notes/2022-10-04-actionview-controller-renames.md
@@ -1,11 +0,0 @@
---
-category: minorAnalysis
---
-* The following classes have been moved from `codeql.ruby.frameworks.ActionController` to `codeql.ruby.frameworks.Rails`:
-    * `ParamsCall`, now accessed as `Rails::ParamsCall`.
-    * `CookieCall`, now accessed as `Rails::CookieCall`.
-* The following classes have been moved from `codeql.ruby.frameworks.ActionView` to `codeql.ruby.frameworks.Rails`:
-    * `HtmlSafeCall`, now accessed as `Rails::HtmlSafeCall`.
-    * `HtmlEscapeCall`, now accessed as `Rails::HtmlEscapeCall`.
-    * `RenderCall`, now accessed as `Rails::RenderCall`.
-    * `RenderToCall`, now accessed as `Rails::RenderToCall`.
--- a/ruby/ql/lib/change-notes/released/0.4.1.md
+++ b/ruby/ql/lib/change-notes/released/0.4.1.md
@@ -0,0 +1,22 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The following classes have been moved from `codeql.ruby.frameworks.ActionController` to `codeql.ruby.frameworks.Rails`:
+    * `ParamsCall`, now accessed as `Rails::ParamsCall`.
+    * `CookieCall`, now accessed as `Rails::CookieCall`.
+* The following classes have been moved from `codeql.ruby.frameworks.ActionView` to `codeql.ruby.frameworks.Rails`:
+    * `HtmlSafeCall`, now accessed as `Rails::HtmlSafeCall`.
+    * `HtmlEscapeCall`, now accessed as `Rails::HtmlEscapeCall`.
+    * `RenderCall`, now accessed as `Rails::RenderCall`.
+    * `RenderToCall`, now accessed as `Rails::RenderToCall`.
+* Subclasses of `ActionController::Metal` are now recognised as controllers.
+* `ActionController::DataStreaming::send_file` is now recognized as a
+  `FileSystemAccess`.
+* Various XSS sinks in the ActionView library are now recognized.
+* Calls to `ActiveRecord::Base.create` are now recognized as model
+  instantiations.
+* Various code executions, command executions and HTTP requests in the
+  ActiveStorage library are now recognized.
+* `MethodBase` now has two new predicates related to visibility: `isPublic` and
+  `isProtected`. These hold, respectively, if the method is public or protected.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.4.1-dev
+version: 0.4.1
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 0.4.1
+
+### Minor Analysis Improvements
+
+* The `rb/xxe` query has been updated to add the following sinks for XML external entity expansion:
+    1. Calls to parse XML using `LibXML` when its `default_substitute_entities` option is enabled.
+    2. Uses of the Rails methods `ActiveSupport::XmlMini.parse`, `Hash.from_xml`, and `Hash.from_trusted_xml` when `ActiveSupport::XmlMini` is configured to use `LibXML` as its backend, and its `default_substitute_entities` option is enabled.
+
 ## 0.4.0

 ### New Queries
--- a/ruby/ql/src/change-notes/2022-09-27-libxml-xxe.md
+++ b/ruby/ql/src/change-notes/2022-09-27-libxml-xxe.md
@@ -1,6 +1,7 @@
---
-category: minorAnalysis
---
+## 0.4.1
+
+### Minor Analysis Improvements
+
 * The `rb/xxe` query has been updated to add the following sinks for XML external entity expansion:
    1. Calls to parse XML using `LibXML` when its `default_substitute_entities` option is enabled.
-    2. Uses of the Rails methods `ActiveSupport::XmlMini.parse`, `Hash.from_xml`, and `Hash.from_trusted_xml` when `ActiveSupport::XmlMini` is configured to use `LibXML` as its backend, and its `default_substitute_entities` option is enabled.
+    2. Uses of the Rails methods `ActiveSupport::XmlMini.parse`, `Hash.from_xml`, and `Hash.from_trusted_xml` when `ActiveSupport::XmlMini` is configured to use `LibXML` as its backend, and its `default_substitute_entities` option is enabled.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.0
+lastReleaseVersion: 0.4.1
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.4.1-dev
+version: 0.4.1
 groups: 
  - ruby
  - queries
--- a/shared/ssa/CHANGELOG.md
+++ b/shared/ssa/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.2
+
+No user-facing changes.
+
 ## 0.0.1

 * Initial release. Extracted common SSA code into a library pack to share code between languages.
--- a/shared/ssa/change-notes/released/0.0.2.md
+++ b/shared/ssa/change-notes/released/0.0.2.md
@@ -0,0 +1,3 @@
+## 0.0.2
+
+No user-facing changes.
--- a/shared/ssa/codeql-pack.release.yml
+++ b/shared/ssa/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.1
+lastReleaseVersion: 0.0.2
--- a/shared/ssa/qlpack.yml
+++ b/shared/ssa/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/ssa
-version: 0.0.2-dev
+version: 0.0.2
 groups: shared
 library: true
--- a/shared/typos/CHANGELOG.md
+++ b/shared/typos/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.2
+
+No user-facing changes.
+
 ## 0.0.1

 * Initial release. Share the database of common typographical errors between languages.
--- a/shared/typos/change-notes/released/0.0.2.md
+++ b/shared/typos/change-notes/released/0.0.2.md
@@ -0,0 +1,3 @@
+## 0.0.2
+
+No user-facing changes.
--- a/shared/typos/codeql-pack.release.yml
+++ b/shared/typos/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.1
+lastReleaseVersion: 0.0.2
--- a/shared/typos/qlpack.yml
+++ b/shared/typos/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/typos
-version: 0.0.2-dev
+version: 0.0.2
 groups: shared
 library: true