Release preparation for version 2.16.2

2026-04-22 07:15:15 +02:00 · 2024-02-05 17:58:57 +00:00
parent 525f27173d
commit c1b35fbf47
148 changed files with 383 additions and 154 deletions
--- a/java/ql/automodel/src/CHANGELOG.md
+++ b/java/ql/automodel/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.0.14
+
+No user-facing changes.
+
 ## 0.0.13

 No user-facing changes.
--- a/java/ql/automodel/src/change-notes/released/0.0.14.md
+++ b/java/ql/automodel/src/change-notes/released/0.0.14.md
@@ -0,0 +1,3 @@
+## 0.0.14
+
+No user-facing changes.
--- a/java/ql/automodel/src/codeql-pack.release.yml
+++ b/java/ql/automodel/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.13
+lastReleaseVersion: 0.0.14
--- a/java/ql/automodel/src/qlpack.yml
+++ b/java/ql/automodel/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.14-dev
+version: 0.0.14
 groups:
    - java
    - automodel
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.8.8
+
+### Minor Analysis Improvements
+
+* Added models for the following packages:
+
+  * com.fasterxml.jackson.databind
+  * javax.servlet
+* Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
+
 ## 0.8.7

 ### New Features
--- a/java/ql/lib/change-notes/2024-01-24-new-models.md
+++ b/java/ql/lib/change-notes/2024-01-24-new-models.md
@@ -1,7 +0,0 @@
---
-category: minorAnalysis
---
-* Added models for the following packages:
-
-  * com.fasterxml.jackson.databind
-  * javax.servlet
--- a/java/ql/lib/change-notes/2024-01-23-add-uuid-and-date-to-simpletypesanitizer.md
+++ b/java/ql/lib/change-notes/2024-01-23-add-uuid-and-date-to-simpletypesanitizer.md
@@ -1,4 +1,9 @@
---
-category: minorAnalysis
---
+## 0.8.8
+
+### Minor Analysis Improvements
+
+* Added models for the following packages:
+
+  * com.fasterxml.jackson.databind
+  * javax.servlet
 * Added the `java.util.Date` and `java.util.UUID` classes to the list of types in the `SimpleTypeSanitizer` class in `semmle.code.java.security.Sanitizers`.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.7
+lastReleaseVersion: 0.8.8
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.8-dev
+version: 0.8.8
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 0.8.8
+
+### New Queries
+
+* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked. 
+* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications. 
+
 ## 0.8.7

 ### New Queries
@@ -10,10 +17,6 @@

 ## 0.8.6

-### Deprecated Queries
-
-* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
-
 ### New Queries

 * Added the `java/insecure-randomness` query to detect uses of weakly random values which an attacker may be able to predict. Also added the `crypto-parameter` sink kind for sinks which represent the parameters and keys of cryptographic operations. 
@@ -24,6 +27,10 @@
 * The query `java/android/missing-certificate-pinning` should no longer alert about requests pointing to the local filesystem.
 * Removed some spurious sinks related to `com.opensymphony.xwork2.TextProvider.getText` from the query `java/ognl-injection`.

+### Bug Fixes
+
+* The three queries `java/insufficient-key-size`, `java/server-side-template-injection`, and `java/android/implicit-pendingintents` had accidentally general extension points allowing arbitrary string-based flow state. This has been fixed and the old extension points have been deprecated where possible, and otherwise updated.
+
 ## 0.8.5

 No user-facing changes.
--- a/java/ql/src/change-notes/2024-01-15-android-sensitive-notification-query.md
+++ b/java/ql/src/change-notes/2024-01-15-android-sensitive-notification-query.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications. 
--- a/java/ql/src/change-notes/2024-01-29-android-sensitive-text-field-query.md
+++ b/java/ql/src/change-notes/2024-01-29-android-sensitive-text-field-query.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked. 
--- a/java/ql/src/change-notes/released/0.8.8.md
+++ b/java/ql/src/change-notes/released/0.8.8.md
@@ -0,0 +1,6 @@
+## 0.8.8
+
+### New Queries
+
+* Added a new query `java/android/sensitive-text` to detect instances of sensitive data being exposed through text fields without being properly masked. 
+* Added a new query `java/android/sensitive-notification` to detect instances of sensitive data being exposed through Android notifications. 
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.7
+lastReleaseVersion: 0.8.8
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.8-dev
+version: 0.8.8
 groups:
  - java
  - queries