Release preparation for version 2.10.0

2025-12-16 16:53:25 +01:00 · 2022-06-23 11:17:46 +00:00
parent 298f4ab899
commit a74051c658
78 changed files with 233 additions and 106 deletions
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
+### New Features
+
+* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
+
+### Bug Fixes
+
+* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
+
 ## 0.2.3

 ### New Features
--- a/cpp/ql/lib/change-notes/2022-05-30-braced-initializers.md
+++ b/cpp/ql/lib/change-notes/2022-05-30-braced-initializers.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
--- a/cpp/ql/lib/change-notes/2022-06-22-class-declaration-entry-fix.md
+++ b/cpp/ql/lib/change-notes/2022-06-22-class-declaration-entry-fix.md
@@ -1,4 +0,0 @@
---
-category: fix
---
-* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
--- a/cpp/ql/lib/change-notes/released/0.3.0.md
+++ b/cpp/ql/lib/change-notes/released/0.3.0.md
@@ -0,0 +1,13 @@
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
+### New Features
+
+* An `isBraced` predicate was added to the `Initializer` class which holds when a C++ braced initializer was used in the initialization.
+
+### Bug Fixes
+
+* `UserType.getADeclarationEntry()` now yields all forward declarations when the user type is a `class`, `struct`, or `union`.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.3
+lastReleaseVersion: 0.3.0
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.3.0-dev
+version: 0.3.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.2.0
+
 ## 0.1.4

 ## 0.1.3
--- a/cpp/ql/src/change-notes/released/0.2.0.md
+++ b/cpp/ql/src/change-notes/released/0.2.0.md
@@ -0,0 +1 @@
+## 0.2.0
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.2.0-dev
+version: 0.2.0
 groups: 
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.2.0
+
 ## 1.1.4

 ## 1.1.3
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.2.0.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.2.0.md
@@ -0,0 +1 @@
+## 1.2.0
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.4
+lastReleaseVersion: 1.2.0
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.2.0-dev
+version: 1.2.0
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.2.0
+
 ## 1.1.4

 ## 1.1.3
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.2.0.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.2.0.md
@@ -0,0 +1 @@
+## 1.2.0
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.4
+lastReleaseVersion: 1.2.0
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.2.0-dev
+version: 1.2.0
 groups:
    - csharp
    - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
 ## 0.2.3

 ## 0.2.2
--- a/go/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
+++ b/go/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
@@ -1,4 +1,5 @@
---
-category: deprecated
---
+## 0.3.0
+
+### Deprecated APIs
+
 * The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.3
+lastReleaseVersion: 0.3.0
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.3.0-dev
+version: 0.3.0
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 0.2.0
+
+### Query Metadata Changes
+
+* The `kind` query metadata was changed to `diagnostic` on `cs/compilation-error`, `cs/compilation-message`, `cs/extraction-error`, and `cs/extraction-message`.
+
+### Minor Analysis Improvements
+
+* The syntax of the (source|sink|summary)model CSV format has been changed slightly for Java and C#. A new column called `provenance` has been introduced, where the allowed values are `manual` and `generated`. The value used to indicate whether a model as been written by hand (`manual`) or create by the CSV model generator (`generated`).
+* All auto implemented public properties with public getters and setters on ASP.NET Core remote flow sources are now also considered to be tainted.
+
 ## 0.1.4

 ## 0.1.3
--- a/csharp/ql/src/change-notes/2022-06-02-aspnetcoretaintedmembers.md
+++ b/csharp/ql/src/change-notes/2022-06-02-aspnetcoretaintedmembers.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* All auto implemented public properties with public getters and setters on ASP.NET Core remote flow sources are now also considered to be tainted.
--- a/csharp/ql/src/change-notes/2022-06-14-madformatchange.md
+++ b/csharp/ql/src/change-notes/2022-06-14-madformatchange.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The syntax of the (source|sink|summary)model CSV format has been changed slightly for Java and C#. A new column called `provenance` has been introduced, where the allowed values are `manual` and `generated`. The value used to indicate whether a model as been written by hand (`manual`) or create by the CSV model generator (`generated`).
--- a/csharp/ql/src/change-notes/2022-06-15-diagnostic-query-metadata.md
+++ b/csharp/ql/src/change-notes/2022-06-15-diagnostic-query-metadata.md
@@ -1,4 +0,0 @@
---
-category: queryMetadata
---
-* The `kind` query metadata was changed to `diagnostic` on `cs/compilation-error`, `cs/compilation-message`, `cs/extraction-error`, and `cs/extraction-message`.
--- a/csharp/ql/src/change-notes/released/0.2.0.md
+++ b/csharp/ql/src/change-notes/released/0.2.0.md
@@ -0,0 +1,10 @@
+## 0.2.0
+
+### Query Metadata Changes
+
+* The `kind` query metadata was changed to `diagnostic` on `cs/compilation-error`, `cs/compilation-message`, `cs/extraction-error`, and `cs/extraction-message`.
+
+### Minor Analysis Improvements
+
+* The syntax of the (source|sink|summary)model CSV format has been changed slightly for Java and C#. A new column called `provenance` has been introduced, where the allowed values are `manual` and `generated`. The value used to indicate whether a model as been written by hand (`manual`) or create by the CSV model generator (`generated`).
+* All auto implemented public properties with public getters and setters on ASP.NET Core remote flow sources are now also considered to be tainted.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.2.0-dev
+version: 0.2.0
 groups: 
  - csharp
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.2.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
 ## 0.1.4

 ## 0.1.3
--- a/cpp/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
+++ b/cpp/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
@@ -1,4 +1,5 @@
---
-category: deprecated
---
+## 0.2.0
+
+### Deprecated APIs
+
 * The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.2.0-dev
+version: 0.2.0
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 0.2.0
+
 ## 0.1.4

 ## 0.1.3
--- a/go/ql/src/change-notes/released/0.2.0.md
+++ b/go/ql/src/change-notes/released/0.2.0.md
@@ -0,0 +1 @@
+## 0.2.0
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.2.0-dev
+version: 0.2.0
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
+### Minor Analysis Improvements
+
+Added a flow step for `String.valueOf` calls on tainted `android.text.Editable` objects. 
+
 ## 0.2.3

 ## 0.2.2
--- a/java/ql/lib/change-notes/2022-05-25-string-valueof-editable-step.md
+++ b/java/ql/lib/change-notes/2022-05-25-string-valueof-editable-step.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-Added a flow step for `String.valueOf` calls on tainted `android.text.Editable` objects. 
--- a/java/ql/lib/change-notes/released/0.3.0.md
+++ b/java/ql/lib/change-notes/released/0.3.0.md
@@ -0,0 +1,9 @@
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
+### Minor Analysis Improvements
+
+Added a flow step for `String.valueOf` calls on tainted `android.text.Editable` objects. 
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.3
+lastReleaseVersion: 0.3.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.3.0-dev
+version: 0.3.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.2.0
+
+### Minor Analysis Improvements
+
+* The query `java/log-injection` now reports problems at the source (user-controlled data) instead of at the ultimate logging call. This was changed because user functions that wrap the ultimate logging call could result in most alerts being reported in an uninformative location.
+
 ## 0.1.4

 ## 0.1.3
--- a/java/ql/src/change-notes/2022-06-22-log-injection-location.md
+++ b/java/ql/src/change-notes/2022-06-22-log-injection-location.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 0.2.0
+
+### Minor Analysis Improvements
+
 * The query `java/log-injection` now reports problems at the source (user-controlled data) instead of at the ultimate logging call. This was changed because user functions that wrap the ultimate logging call could result in most alerts being reported in an uninformative location.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.2.0-dev
+version: 0.2.0
 groups: 
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.2.0
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 4.7.
+
+### Minor Analysis Improvements
+
+* All new ECMAScript 2022 features are now supported.
+
 ## 0.1.4

 ## 0.1.3
--- a/javascript/ql/lib/change-notes/2022-05-24-ecmascript-2022.md
+++ b/javascript/ql/lib/change-notes/2022-05-24-ecmascript-2022.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* All new ECMAScript 2022 features are now supported.
--- a/javascript/ql/lib/change-notes/2022-05-24-typescript-4-7.md
+++ b/javascript/ql/lib/change-notes/2022-05-24-typescript-4-7.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Added support for TypeScript 4.7.
--- a/javascript/ql/lib/change-notes/released/0.2.0.md
+++ b/javascript/ql/lib/change-notes/released/0.2.0.md
@@ -0,0 +1,9 @@
+## 0.2.0
+
+### Major Analysis Improvements
+
+* Added support for TypeScript 4.7.
+
+### Minor Analysis Improvements
+
+* All new ECMAScript 2022 features are now supported.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.2.0-dev
+version: 0.2.0
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.2.0
+
+### Minor Analysis Improvements
+
+* The `js/resource-exhaustion` query no longer treats the 3-argument version of `Buffer.from` as a sink,
+  since it does not allocate a new buffer.
+
 ## 0.1.4

 ## 0.1.3
--- a/javascript/ql/src/change-notes/2022-05-24-resource-exhaustion-no-buffer.from.md
+++ b/javascript/ql/src/change-notes/2022-05-24-resource-exhaustion-no-buffer.from.md
@@ -1,5 +1,6 @@
---
-category: minorAnalysis
---
+## 0.2.0
+
+### Minor Analysis Improvements
+
 * The `js/resource-exhaustion` query no longer treats the 3-argument version of `Buffer.from` as a sink,
  since it does not allocate a new buffer.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.2.0-dev
+version: 0.2.0
 groups: 
  - javascript
  - queries
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.5.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
 ## 0.4.1

 ## 0.4.0
--- a/python/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
+++ b/python/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
--- a/java/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
+++ b/java/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
@@ -1,4 +1,5 @@
---
-category: deprecated
---
+## 0.5.0
+
+### Deprecated APIs
+
 * The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.1
+lastReleaseVersion: 0.5.0
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.5.0-dev
+version: 0.5.0
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.2.0
+
+### Major Analysis Improvements
+
+* Improved library modeling for the query "Request without certificate validation" (`py/request-without-cert-validation`), so it now also covers `httpx`, `aiohttp.client`, and `urllib3`.
+
+### Minor Analysis Improvements
+
+* The query "Use of a broken or weak cryptographic algorithm" (`py/weak-cryptographic-algorithm`) now report if a cryptographic operation is potentially insecure due to use of a weak block mode.
+
 ## 0.1.4

 ## 0.1.3
--- a/python/ql/src/change-notes/2022-05-16-broken-crypto-block-mode.md
+++ b/python/ql/src/change-notes/2022-05-16-broken-crypto-block-mode.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query "Use of a broken or weak cryptographic algorithm" (`py/weak-cryptographic-algorithm`) now report if a cryptographic operation is potentially insecure due to use of a weak block mode.
--- a/python/ql/src/change-notes/2022-06-08-request-without-certificate-validation-modeling.md
+++ b/python/ql/src/change-notes/2022-06-08-request-without-certificate-validation-modeling.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Improved library modeling for the query "Request without certificate validation" (`py/request-without-cert-validation`), so it now also covers `httpx`, `aiohttp.client`, and `urllib3`.
--- a/python/ql/src/change-notes/released/0.2.0.md
+++ b/python/ql/src/change-notes/released/0.2.0.md
@@ -0,0 +1,9 @@
+## 0.2.0
+
+### Major Analysis Improvements
+
+* Improved library modeling for the query "Request without certificate validation" (`py/request-without-cert-validation`), so it now also covers `httpx`, `aiohttp.client`, and `urllib3`.
+
+### Minor Analysis Improvements
+
+* The query "Use of a broken or weak cryptographic algorithm" (`py/weak-cryptographic-algorithm`) now report if a cryptographic operation is potentially insecure due to use of a weak block mode.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.2.0-dev
+version: 0.2.0
 groups: 
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,5 +1,15 @@
+## 0.3.0
+
+### Deprecated APIs
+
+* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
+
 ## 0.2.3

+### Minor Analysis Improvements
+
+- Calls to `Zip::File.open` and `Zip::File.new` have been added as `FileSystemAccess` sinks. As a result queries like `rb/path-injection` now flag up cases where users may access arbitrary archive files.
+
 ## 0.2.2

 ### Major Analysis Improvements
--- a/ruby/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
+++ b/ruby/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
--- a/csharp/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
+++ b/csharp/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
@@ -1,4 +1,5 @@
---
-category: deprecated
---
+## 0.3.0
+
+### Deprecated APIs
+
 * The `BarrierGuard` class has been deprecated. Such barriers and sanitizers can now instead be created using the new `BarrierGuard` parameterized module.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.2.3
+lastReleaseVersion: 0.3.0
--- a/ruby/ql/lib/qlpack.yml
+++ b/ruby/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-all
-version: 0.3.0-dev
+version: 0.3.0
 groups: ruby
 extractor: ruby
 dbscheme: ruby.dbscheme
--- a/ruby/ql/src/CHANGELOG.md
+++ b/ruby/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.2.0
+
+### New Queries
+
+* Added a new query, `rb/improper-memoization`. The query finds cases where the parameter of a memoization method is not used in the memoization key.
+
+### Minor Analysis Improvements
+
+* The query "Use of a broken or weak cryptographic algorithm" (`rb/weak-cryptographic-algorithm`) now report if a cryptographic operation is potentially insecure due to use of a weak block mode.
+
 ## 0.1.4

 ## 0.1.3
--- a/ruby/ql/src/change-notes/2022-05-16-broken-crypto-message.md
+++ b/ruby/ql/src/change-notes/2022-05-16-broken-crypto-message.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query "Use of a broken or weak cryptographic algorithm" (`rb/weak-cryptographic-algorithm`) now report if a cryptographic operation is potentially insecure due to use of a weak block mode.
--- a/ruby/ql/src/change-notes/2022-05-24-improper-memoization.md
+++ b/ruby/ql/src/change-notes/2022-05-24-improper-memoization.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `rb/improper-memoization`. The query finds cases where the parameter of a memoization method is not used in the memoization key.
--- a/ruby/ql/src/change-notes/released/0.2.0.md
+++ b/ruby/ql/src/change-notes/released/0.2.0.md
@@ -0,0 +1,9 @@
+## 0.2.0
+
+### New Queries
+
+* Added a new query, `rb/improper-memoization`. The query finds cases where the parameter of a memoization method is not used in the memoization key.
+
+### Minor Analysis Improvements
+
+* The query "Use of a broken or weak cryptographic algorithm" (`rb/weak-cryptographic-algorithm`) now report if a cryptographic operation is potentially insecure due to use of a weak block mode.
--- a/ruby/ql/src/codeql-pack.release.yml
+++ b/ruby/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.4
+lastReleaseVersion: 0.2.0
--- a/ruby/ql/src/qlpack.yml
+++ b/ruby/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/ruby-queries
-version: 0.2.0-dev
+version: 0.2.0
 groups: 
  - ruby
  - queries