Revert "Merge pull request #15522 from github/release-prep/2.16.2"

This reverts commit c4c8cd6b34, reversing changes made to 525f27173d.
2026-01-20 01:44:54 +01:00 · 2024-02-08 09:28:34 -05:00
parent c4c8cd6b34
commit a58dd45d0b
148 changed files with 154 additions and 381 deletions
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -1,7 +1,3 @@
-## 0.0.14
-
-No user-facing changes.
-
 ## 0.0.13

 No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/0.0.14.md
+++ b/java/ql/automodel/src/change-notes/released/0.0.14.md
@@ -1,3 +0,0 @@
-## 0.0.14
-
-No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.14
+lastReleaseVersion: 0.0.13
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.14
+version: 0.0.14-dev
 groups:
    - java
    - automodel
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,13 +1,3 @@
-## 0.8.8
-
-### Minor Analysis Improvements
-
-* Added models for the following packages:
-
-  * com.fasterxml.jackson.databind
-  * javax.servlet
-* Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
-
 ## 0.8.7

 ### New Features
--- a/java/ql/lib/change-notes/2024-01-23-add-uuid-and-date-to-simpletypesanitizer.md
+++ b/java/ql/lib/change-notes/2024-01-23-add-uuid-and-date-to-simpletypesanitizer.md
@@ -1,9 +1,4 @@
-## 0.8.8
-
-### Minor Analysis Improvements
-
-* Added models for the following packages:
-
-  * com.fasterxml.jackson.databind
-  * javax.servlet
+---
+category: minorAnalysis
+---
 * Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
--- a/java/ql/lib/change-notes/2024-01-24-new-models.md
+++ b/java/ql/lib/change-notes/2024-01-24-new-models.md
@@ -0,0 +1,7 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * com.fasterxml.jackson.databind
+  * javax.servlet
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.8
+lastReleaseVersion: 0.8.7
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.8
+version: 0.8.8-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,10 +1,3 @@
-## 0.8.8
-
-### New Queries
-
-* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked. 
-* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications. 
-
 ## 0.8.7

 ### New Queries
@@ -17,6 +10,10 @@

 ## 0.8.6

+### Deprecated Queries
+
+* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
+
 ### New Queries

 * Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. 
@@ -27,10 +24,6 @@
 * The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
 * Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.

-### Bug Fixes
-
-* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
-
 ## 0.8.5

 No user-facing changes.
--- a/java/ql/src/change-notes/2024-01-15-android-sensitive-notification-query.md
+++ b/java/ql/src/change-notes/2024-01-15-android-sensitive-notification-query.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications. 
--- a/java/ql/src/change-notes/2024-01-29-android-sensitive-text-field-query.md
+++ b/java/ql/src/change-notes/2024-01-29-android-sensitive-text-field-query.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked. 
--- a/java/ql/src/change-notes/released/0.8.8.md
+++ b/java/ql/src/change-notes/released/0.8.8.md
@@ -1,6 +0,0 @@
-## 0.8.8
-
-### New Queries
-
-* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked. 
-* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications. 
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.8
+lastReleaseVersion: 0.8.7
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.8
+version: 0.8.8-dev
 groups:
  - java
  - queries