Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3

Post-release preparation for codeql-cli-2.10.3
2025-12-20 10:46:30 +01:00 · 2022-08-16 12:04:07 +01:00
parent c927ac9b33 21d0c78376
commit d02ad51d74
76 changed files with 175 additions and 93 deletions
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,17 @@
+## 0.3.2
+
+### New Queries
+
+* A new query "Android `WebView` that accepts all certificates" (`java/improper-webview-certificate-validation`) has been added. This query finds implementations of `WebViewClient`s that accept all certificates in the case of an SSL error.
+
+### Major Analysis Improvements
+
+* The query `java/sensitive-log` has been improved to no longer report results that are effectively duplicates due to one source flowing to another source.
+
+### Minor Analysis Improvements
+
+* The query `java/path-injection` now recognises vulnerable APIs defined using the `SinkModelCsv` class with the `create-file` type. Out of the box this includes Apache Commons-IO functions, as well as any user-defined sinks.
+
 ## 0.3.1

 ## 0.3.0
--- a/java/ql/src/change-notes/2022-06-22-improper-webview-certificate-validation.md
+++ b/java/ql/src/change-notes/2022-06-22-improper-webview-certificate-validation.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* A new query "Android `WebView` that accepts all certificates" (`java/improper-webview-certificate-validation`) has been added. This query finds implementations of `WebViewClient`s that accept all certificates in the case of an SSL error.
--- a/java/ql/src/change-notes/2022-08-03-tainted-path-mad.md
+++ b/java/ql/src/change-notes/2022-08-03-tainted-path-mad.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query `java/path-injection` now recognises vulnerable APIs defined using the `SinkModelCsv` class with the `create-file` type. Out of the box this includes Apache Commons-IO functions, as well as any user-defined sinks.
--- a/java/ql/src/change-notes/2022-08-10-sensitive-log-dedup.md
+++ b/java/ql/src/change-notes/2022-08-10-sensitive-log-dedup.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* The query `java/sensitive-log` has been improved to no longer report results that are effectively duplicates due to one source flowing to another source.
--- a/java/ql/src/change-notes/released/0.3.2.md
+++ b/java/ql/src/change-notes/released/0.3.2.md
@@ -0,0 +1,13 @@
+## 0.3.2
+
+### New Queries
+
+* A new query "Android `WebView` that accepts all certificates" (`java/improper-webview-certificate-validation`) has been added. This query finds implementations of `WebViewClient`s that accept all certificates in the case of an SSL error.
+
+### Major Analysis Improvements
+
+* The query `java/sensitive-log` has been improved to no longer report results that are effectively duplicates due to one source flowing to another source.
+
+### Minor Analysis Improvements
+
+* The query `java/path-injection` now recognises vulnerable APIs defined using the `SinkModelCsv` class with the `create-file` type. Out of the box this includes Apache Commons-IO functions, as well as any user-defined sinks.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.3.1
+lastReleaseVersion: 0.3.2
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.3.2-dev
+version: 0.3.3-dev
 groups: 
  - java
  - queries