Merge remote-tracking branch 'upstream/main' into 'rc/3.14'

2026-04-28 10:15:14 +02:00 · 2024-06-28 19:50:35 +02:00
parent 306e481c5d a85f73972c
commit b12b33c8f9
772 changed files with 16846 additions and 17035 deletions
--- a/java/ql/lib/change-notes/2024-06-13-kotlin-qltest-support.md
+++ b/java/ql/lib/change-notes/2024-06-13-kotlin-qltest-support.md
@@ -0,0 +1,5 @@
+---
+category: fix
+---
+
+* Support for `codeql test run` for Kotlin sources has been fixed.
--- a/java/ql/lib/change-notes/2024-06-14-exclude-loopback-from-reverse-dns.md
+++ b/java/ql/lib/change-notes/2024-06-14-exclude-loopback-from-reverse-dns.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Excluded reverse DNS from the loopback address as a source of untrusted data.
--- a/java/ql/lib/change-notes/2024-06-17-ffbl-implicit-this.md
+++ b/java/ql/lib/change-notes/2024-06-17-ffbl-implicit-this.md
@@ -0,0 +1,7 @@
+---
+category: minorAnalysis
+---
+* A bug has been fixed in the heuristic identification of uncertain control
+  flow, which is used to filter data flow in order to improve performance and
+  reduce false positives. This fix means that slightly more code is identified
+  and hence pruned from data flow.
--- a/java/ql/lib/change-notes/2024-06-28-resource-models.md
+++ b/java/ql/lib/change-notes/2024-06-28-resource-models.md
@@ -0,0 +1,11 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * io.undertow.server.handlers.resource
+  * jakarta.faces.context
+  * javax.faces.context
+  * javax.servlet
+  * org.jboss.vfs
+  * org.springframework.core.io