Release preparation for version 2.14.4

2026-04-20 22:44:52 +02:00 · 2023-09-05 16:56:14 +00:00
parent a2659eecfb
commit abf2b12b1c
142 changed files with 392 additions and 177 deletions
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -0,0 +1,3 @@
+## 0.0.3
+
+No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/0.0.3.md
+++ b/java/ql/automodel/src/change-notes/released/0.0.3.md
@@ -0,0 +1,3 @@
+## 0.0.3
+
+No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -0,0 +1,2 @@
+---
+lastReleaseVersion: 0.0.3
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.3-dev
+version: 0.0.3
 groups:
    - java
    - automodel
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,16 @@
+## 0.7.4
+
+### New Features
+
+* Kotlin versions up to 1.9.10 are now supported.
+
+### Minor Analysis Improvements
+
+* Fixed the MaD signature specifications to use proper nested type names.
+* Added new sanitizer to Java command injection model
+* Added more dataflow models for JAX-RS.
+* The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results.
+
 ## 0.7.3

 ### Major Analysis Improvements
--- a/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md
+++ b/java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added more dataflow models for JAX-RS.
--- a/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md
+++ b/java/ql/lib/change-notes/2023-08-21-java-command-injection-sanitizer.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added new sanitizer to Java command injection model
--- a/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md
+++ b/java/ql/lib/change-notes/2023-08-23-mad-nestednames.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed the MaD signature specifications to use proper nested type names.
--- a/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md
+++ b/java/ql/lib/change-notes/2023-08-24-kotlin-1.9.10.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* Kotlin versions up to 1.9.10 are now supported.
--- a/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md
+++ b/java/ql/lib/change-notes/2023-08-07-jaxrs-webmethod-improvements.md
@@ -1,4 +1,12 @@
---
-category: minorAnalysis
---
+## 0.7.4
+
+### New Features
+
+* Kotlin versions up to 1.9.10 are now supported.
+
+### Minor Analysis Improvements
+
+* Fixed the MaD signature specifications to use proper nested type names.
+* Added new sanitizer to Java command injection model
+* Added more dataflow models for JAX-RS.
 * The predicate `JaxWsEndpoint::getARemoteMethod` no longer requires the result to be annotated with `@WebMethod`. Instead, the requirements listed in the JAX-RPC Specification 1.1 for required parameter and return types are used. Applications using JAX-RS may see an increase in results.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.3
+lastReleaseVersion: 0.7.4
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.7.4-dev
+version: 0.7.4
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.7.4
+
+### New Queries
+
+* Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method.
+
+### Minor Analysis Improvements
+
+* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library.
+
 ## 0.7.3

 No user-facing changes.
--- a/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md
+++ b/java/ql/src/change-notes/2023-07-19-xxe-new-sinks.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library.
--- a/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md
+++ b/java/ql/src/change-notes/2023-07-25-trust-boundary-violation-query.md
@@ -1,5 +1,9 @@
---
-category: newQuery
---
+## 0.7.4
+
+### New Queries
+
 * Added the `java/trust-boundary-violation` query to detect trust boundary violations between HTTP requests and the HTTP session. Also added the `trust-boundary-violation` sink kind for sinks which may cross a trust boundary, such as calls to the `HttpSession#setAttribute` method.

+### Minor Analysis Improvements
+
+* The queries "Resolving XML external entity in user-controlled data" (`java/xxe`) and "Resolving XML external entity in user-controlled data from local source" (`java/xxe-local`) now recognize sinks in the MDHT library.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.3
+lastReleaseVersion: 0.7.4
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.7.4-dev
+version: 0.7.4
 groups: 
  - java
  - queries