diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 0a7a31b8db9..30a996fdba6 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.4 + +No user-facing changes. + ## 0.4.3 ### Minor Analysis Improvements diff --git a/cpp/ql/lib/change-notes/released/0.4.4.md b/cpp/ql/lib/change-notes/released/0.4.4.md new file mode 100644 index 00000000000..33e1c91255d --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.4.4.md @@ -0,0 +1,3 @@ +## 0.4.4 + +No user-facing changes. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index ef1fd2099a3..e8c0a17068e 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.4.4-dev +version: 0.4.4 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index f32f416b540..5546105176e 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.4 + +No user-facing changes. + ## 0.4.3 ### Minor Analysis Improvements diff --git a/cpp/ql/src/change-notes/released/0.4.4.md b/cpp/ql/src/change-notes/released/0.4.4.md new file mode 100644 index 00000000000..33e1c91255d --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.4.4.md @@ -0,0 +1,3 @@ +## 0.4.4 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 3a44ef8b743..4ee5b28070c 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.4.4-dev +version: 0.4.4 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 98c13dfaa77..4aa822f9369 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.4 + +No user-facing changes. + ## 1.3.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.4.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.4.md new file mode 100644 index 00000000000..5073aca7222 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.4.md @@ -0,0 +1,3 @@ +## 1.3.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index eb1f7dabc84..8263ddf2c8b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.3 +lastReleaseVersion: 1.3.4 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index ccab1b3a8b8..41c454bb5c0 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.3.4-dev +version: 1.3.4 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 98c13dfaa77..4aa822f9369 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.4 + +No user-facing changes. + ## 1.3.3 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.4.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.4.md new file mode 100644 index 00000000000..5073aca7222 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.4.md @@ -0,0 +1,3 @@ +## 1.3.4 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index eb1f7dabc84..8263ddf2c8b 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.3 +lastReleaseVersion: 1.3.4 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 209538a2014..7ba0669ba7b 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.3.4-dev +version: 1.3.4 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 2fff5e72443..265b1a3183d 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.4 + +### Minor Analysis Improvements + +* The `[Summary|Sink|Source]ModelCsv` classes have been deprecated and Models as Data models are defined as data extensions instead. + ## 0.4.3 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2022-11-09-modelsasdataextensions.md b/csharp/ql/lib/change-notes/released/0.4.4.md similarity index 72% rename from csharp/ql/lib/change-notes/2022-11-09-modelsasdataextensions.md rename to csharp/ql/lib/change-notes/released/0.4.4.md index 1c9bb14754d..b3d7e2c3be1 100644 --- a/csharp/ql/lib/change-notes/2022-11-09-modelsasdataextensions.md +++ b/csharp/ql/lib/change-notes/released/0.4.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- -* The `[Summary|Sink|Source]ModelCsv` classes have been deprecated and Models as Data models are defined as data extensions instead. \ No newline at end of file +## 0.4.4 + +### Minor Analysis Improvements + +* The `[Summary|Sink|Source]ModelCsv` classes have been deprecated and Models as Data models are defined as data extensions instead. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index a43762f9433..bd5cd1b7e16 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.4.4-dev +version: 0.4.4 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 46be24580ef..486c21a1125 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.4 + +No user-facing changes. + ## 0.4.3 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/0.4.4.md b/csharp/ql/src/change-notes/released/0.4.4.md new file mode 100644 index 00000000000..33e1c91255d --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.4.4.md @@ -0,0 +1,3 @@ +## 0.4.4 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 7f537bcae49..6964f93b085 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.4.4-dev +version: 0.4.4 groups: - csharp - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 681412ed46f..a5f5d96020a 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.4 + +No user-facing changes. + ## 0.3.3 No user-facing changes. diff --git a/go/ql/lib/change-notes/released/0.3.4.md b/go/ql/lib/change-notes/released/0.3.4.md new file mode 100644 index 00000000000..5fae94b07c9 --- /dev/null +++ b/go/ql/lib/change-notes/released/0.3.4.md @@ -0,0 +1,3 @@ +## 0.3.4 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 9da182d3394..5ed15c24b9c 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.3 +lastReleaseVersion: 0.3.4 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 9daccdd80b6..0d453d90f88 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.3.4-dev +version: 0.3.4 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 65aa3c40d99..f74e3c23d7c 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.4 + +No user-facing changes. + ## 0.3.3 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/released/0.3.4.md b/go/ql/src/change-notes/released/0.3.4.md new file mode 100644 index 00000000000..5fae94b07c9 --- /dev/null +++ b/go/ql/src/change-notes/released/0.3.4.md @@ -0,0 +1,3 @@ +## 0.3.4 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 9da182d3394..5ed15c24b9c 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.3 +lastReleaseVersion: 0.3.4 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index e44f8ef80d9..297b6ce7ff9 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.3.4-dev +version: 0.3.4 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 696c3097fac..47c2cc4289d 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,15 @@ +## 0.4.4 + +### New Features + +* The new `string Compilation.getInfo(string)` provides access to some information about compilations. +* Kotlin support is now in beta. This means that Java analyses will also include Kotlin code by default. Kotlin support can be disabled by setting `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN` to `true` in the environment. + +### Minor Analysis Improvements + + * The ReDoS libraries in `semmle.code.java.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated. +* Added data flow summaries for tainted Android intents sent to activities via `Activity.startActivities`. + ## 0.4.3 No user-facing changes. diff --git a/java/ql/lib/change-notes/2022-10-19-android-startactivities-summaries.md b/java/ql/lib/change-notes/2022-10-19-android-startactivities-summaries.md deleted file mode 100644 index 4716fb2ac41..00000000000 --- a/java/ql/lib/change-notes/2022-10-19-android-startactivities-summaries.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added data flow summaries for tainted Android intents sent to activities via `Activity.startActivities`. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2022-10-31-shared-redos-pack.md b/java/ql/lib/change-notes/2022-10-31-shared-redos-pack.md deleted file mode 100644 index 405ddd1108c..00000000000 --- a/java/ql/lib/change-notes/2022-10-31-shared-redos-pack.md +++ /dev/null @@ -1,4 +0,0 @@ ---- - category: minorAnalysis ---- - * The ReDoS libraries in `semmle.code.java.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2022-11-10-getInfo.md b/java/ql/lib/change-notes/2022-11-10-getInfo.md deleted file mode 100644 index 7a113ca3459..00000000000 --- a/java/ql/lib/change-notes/2022-11-10-getInfo.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The new `string Compilation.getInfo(string)` provides access to some information about compilations. diff --git a/java/ql/lib/change-notes/2022-11-10-kotlin-default.md b/java/ql/lib/change-notes/2022-11-10-kotlin-default.md deleted file mode 100644 index d411c58173c..00000000000 --- a/java/ql/lib/change-notes/2022-11-10-kotlin-default.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin support is now in beta. This means that Java analyses will also include Kotlin code by default. Kotlin support can be disabled by setting `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN` to `true` in the environment. diff --git a/java/ql/lib/change-notes/released/0.4.4.md b/java/ql/lib/change-notes/released/0.4.4.md new file mode 100644 index 00000000000..09858b4465d --- /dev/null +++ b/java/ql/lib/change-notes/released/0.4.4.md @@ -0,0 +1,11 @@ +## 0.4.4 + +### New Features + +* The new `string Compilation.getInfo(string)` provides access to some information about compilations. +* Kotlin support is now in beta. This means that Java analyses will also include Kotlin code by default. Kotlin support can be disabled by setting `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN` to `true` in the environment. + +### Minor Analysis Improvements + + * The ReDoS libraries in `semmle.code.java.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated. +* Added data flow summaries for tainted Android intents sent to activities via `Activity.startActivities`. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 4b103c629a2..65e160f8720 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.4.4-dev +version: 0.4.4 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 61b4170ca74..78c032e50b4 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.4.4 + +### New Queries + +* The query `java/insufficient-key-size` has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4926). +* Added a new query, `java/android/sensitive-keyboard-cache`, to detect instances of sensitive information possibly being saved to the keyboard cache. + ## 0.4.3 No user-facing changes. diff --git a/java/ql/src/change-notes/2022-10-07-sensitive-keyboard-cache.md b/java/ql/src/change-notes/2022-10-07-sensitive-keyboard-cache.md deleted file mode 100644 index 21a1652cc93..00000000000 --- a/java/ql/src/change-notes/2022-10-07-sensitive-keyboard-cache.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `java/android/sensitive-keyboard-cache`, to detect instances of sensitive information possibly being saved to the keyboard cache. \ No newline at end of file diff --git a/java/ql/src/change-notes/2022-10-19-insufficient-key-size.md b/java/ql/src/change-notes/released/0.4.4.md similarity index 59% rename from java/ql/src/change-notes/2022-10-19-insufficient-key-size.md rename to java/ql/src/change-notes/released/0.4.4.md index e117b5b5941..6cf1320bbd1 100644 --- a/java/ql/src/change-notes/2022-10-19-insufficient-key-size.md +++ b/java/ql/src/change-notes/released/0.4.4.md @@ -1,4 +1,6 @@ ---- -category: newQuery ---- +## 0.4.4 + +### New Queries + * The query `java/insufficient-key-size` has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @luchua-bc](https://github.com/github/codeql/pull/4926). +* Added a new query, `java/android/sensitive-keyboard-cache`, to detect instances of sensitive information possibly being saved to the keyboard cache. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 87267893413..b15d45f78f9 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.4.4-dev +version: 0.4.4 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index ac17e9e9f27..7bf9f7f1db0 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.3.4 + +### Major Analysis Improvements + +* Added support for TypeScript 4.9. + ## 0.3.3 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2022-11-15-typescript-4-9.md b/javascript/ql/lib/change-notes/2022-11-15-typescript-4-9.md deleted file mode 100644 index 723f0a5c65f..00000000000 --- a/javascript/ql/lib/change-notes/2022-11-15-typescript-4-9.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Added support for TypeScript 4.9. diff --git a/javascript/ql/lib/change-notes/released/0.3.4.md b/javascript/ql/lib/change-notes/released/0.3.4.md new file mode 100644 index 00000000000..04b51176020 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.3.4.md @@ -0,0 +1,5 @@ +## 0.3.4 + +### Major Analysis Improvements + +* Added support for TypeScript 4.9. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 9da182d3394..5ed15c24b9c 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.3 +lastReleaseVersion: 0.3.4 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 0a3a773e368..8e1f29f47e0 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.3.4-dev +version: 0.3.4 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index bdd74c9a701..0783d222cb8 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.4.4 + +### Minor Analysis Improvements + +* Added support for @hapi/glue and Hapi plugins to the frameworks/Hapi.qll library. + +### Bug Fixes + +* Fixed a bug that would cause the extractor to crash when an `import` type is used in + the `extends` clause of an `interface`. +* Fixed an issue with multi-line strings in YAML files being associated with an invalid location, + causing alerts related to such strings to appear at the top of the YAML file. + ## 0.4.3 ### New Queries diff --git a/javascript/ql/src/change-notes/2022-11-08-hapi-glue.md b/javascript/ql/src/change-notes/2022-11-08-hapi-glue.md deleted file mode 100644 index 18816a2af13..00000000000 --- a/javascript/ql/src/change-notes/2022-11-08-hapi-glue.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for @hapi/glue and Hapi plugins to the frameworks/Hapi.qll library. diff --git a/javascript/ql/src/change-notes/2022-11-08-yaml-locations.md b/javascript/ql/src/change-notes/2022-11-08-yaml-locations.md deleted file mode 100644 index 68664780beb..00000000000 --- a/javascript/ql/src/change-notes/2022-11-08-yaml-locations.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- -* Fixed an issue with multi-line strings in YAML files being associated with an invalid location, - causing alerts related to such strings to appear at the top of the YAML file. diff --git a/javascript/ql/src/change-notes/2022-11-14-dynamic-import-type-expr.md b/javascript/ql/src/change-notes/2022-11-14-dynamic-import-type-expr.md deleted file mode 100644 index 5f975516620..00000000000 --- a/javascript/ql/src/change-notes/2022-11-14-dynamic-import-type-expr.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: fix ---- -* Fixed a bug that would cause the extractor to crash when an `import` type is used in - the `extends` clause of an `interface`. diff --git a/javascript/ql/src/change-notes/released/0.4.4.md b/javascript/ql/src/change-notes/released/0.4.4.md new file mode 100644 index 00000000000..e423d671d22 --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.4.4.md @@ -0,0 +1,12 @@ +## 0.4.4 + +### Minor Analysis Improvements + +* Added support for @hapi/glue and Hapi plugins to the frameworks/Hapi.qll library. + +### Bug Fixes + +* Fixed a bug that would cause the extractor to crash when an `import` type is used in + the `extends` clause of an `interface`. +* Fixed an issue with multi-line strings in YAML files being associated with an invalid location, + causing alerts related to such strings to appear at the top of the YAML file. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 0d9eb306ee9..ba9e83a24cd 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.4.4-dev +version: 0.4.4 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index e3d9cec6f66..9ee41acc1ec 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.4 + +No user-facing changes. + ## 0.3.3 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.3.4.md b/misc/suite-helpers/change-notes/released/0.3.4.md new file mode 100644 index 00000000000..5fae94b07c9 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.3.4.md @@ -0,0 +1,3 @@ +## 0.3.4 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 9da182d3394..5ed15c24b9c 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.3 +lastReleaseVersion: 0.3.4 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 6a377895b2a..24d2ef3172f 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,3 +1,3 @@ name: codeql/suite-helpers -version: 0.3.4-dev +version: 0.3.4 groups: shared diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index ee84607f683..88107c85b2e 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.6.4 + +### Minor Analysis Improvements + + * The ReDoS libraries in `semmle.code.python.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated. + ## 0.6.3 No user-facing changes. diff --git a/python/ql/lib/change-notes/2022-10-31-shared-redos-pack.md b/python/ql/lib/change-notes/released/0.6.4.md similarity index 59% rename from python/ql/lib/change-notes/2022-10-31-shared-redos-pack.md rename to python/ql/lib/change-notes/released/0.6.4.md index 44212066527..75f233118a7 100644 --- a/python/ql/lib/change-notes/2022-10-31-shared-redos-pack.md +++ b/python/ql/lib/change-notes/released/0.6.4.md @@ -1,4 +1,5 @@ ---- - category: minorAnalysis ---- - * The ReDoS libraries in `semmle.code.python.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated. \ No newline at end of file +## 0.6.4 + +### Minor Analysis Improvements + + * The ReDoS libraries in `semmle.code.python.security.regexp` has been moved to a shared pack inside the `shared/` folder, and the previous location has been deprecated. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index b7dafe32c5d..ced8cf94614 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.3 +lastReleaseVersion: 0.6.4 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index cf9d72aa9d2..ad7d4faa837 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.6.4-dev +version: 0.6.4 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 9e30f0aba2f..8c5b1bbc2ed 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.5.4 + +No user-facing changes. + ## 0.5.3 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.5.4.md b/python/ql/src/change-notes/released/0.5.4.md new file mode 100644 index 00000000000..1686ab4354d --- /dev/null +++ b/python/ql/src/change-notes/released/0.5.4.md @@ -0,0 +1,3 @@ +## 0.5.4 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 2164e038a5d..cd3f72e2513 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.3 +lastReleaseVersion: 0.5.4 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index c5f06d5b464..6e3ab19be4b 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.5.4-dev +version: 0.5.4 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index c92874cdbb7..7d0ff13d907 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 0.4.4 + +### Minor Analysis Improvements + +* Data flow through the `ActiveSupport` extension `Enumerable#index_by` is now modeled. +* The `codeql.ruby.Concepts` library now has a `SqlConstruction` class, in addition to the existing `SqlExecution` class. +* Calls to `Arel.sql` are now modeled as instances of the new `SqlConstruction` concept. +* Arguments to RPC endpoints (public methods) on subclasses of `ActionCable::Channel::Base` are now recognized as sources of remote user input. +* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters. +* Calls to `logger` in `ActiveSupport` actions are now recognised as logger instances. +* Calls to `send_data` in `ActiveSupport` actions are recognised as HTTP responses. +* Calls to `body_stream` in `ActiveSupport` actions are recognised as HTTP request accesses. +* The `ActiveSupport` extensions `Object#try` and `Object#try!` are now recognised as code executions. + ## 0.4.3 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/2022-10-28-try-code-execution.md b/ruby/ql/lib/change-notes/2022-10-28-try-code-execution.md deleted file mode 100644 index af5b1cb59e4..00000000000 --- a/ruby/ql/lib/change-notes/2022-10-28-try-code-execution.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `ActiveSupport` extensions `Object#try` and `Object#try!` are now recognised as code executions. diff --git a/ruby/ql/lib/change-notes/2022-11-01-actioncontroller-logger.md b/ruby/ql/lib/change-notes/2022-11-01-actioncontroller-logger.md deleted file mode 100644 index 367665ac61a..00000000000 --- a/ruby/ql/lib/change-notes/2022-11-01-actioncontroller-logger.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: minorAnalysis ---- -* Calls to `logger` in `ActiveSupport` actions are now recognised as logger instances. -* Calls to `send_data` in `ActiveSupport` actions are recognised as HTTP responses. -* Calls to `body_stream` in `ActiveSupport` actions are recognised as HTTP request accesses. diff --git a/ruby/ql/lib/change-notes/2022-11-08-activesupport-hash-extensions.md b/ruby/ql/lib/change-notes/2022-11-08-activesupport-hash-extensions.md deleted file mode 100644 index e979c49ce0a..00000000000 --- a/ruby/ql/lib/change-notes/2022-11-08-activesupport-hash-extensions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters. diff --git a/ruby/ql/lib/change-notes/2022-11-09-actioncable-channels.md b/ruby/ql/lib/change-notes/2022-11-09-actioncable-channels.md deleted file mode 100644 index 3248fc194e0..00000000000 --- a/ruby/ql/lib/change-notes/2022-11-09-actioncable-channels.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Arguments to RPC endpoints (public methods) on subclasses of `ActionCable::Channel::Base` are now recognized as sources of remote user input. diff --git a/ruby/ql/lib/change-notes/2022-11-10-arel-sql.md b/ruby/ql/lib/change-notes/2022-11-10-arel-sql.md deleted file mode 100644 index e803d0e0895..00000000000 --- a/ruby/ql/lib/change-notes/2022-11-10-arel-sql.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The `codeql.ruby.Concepts` library now has a `SqlConstruction` class, in addition to the existing `SqlExecution` class. -* Calls to `Arel.sql` are now modeled as instances of the new `SqlConstruction` concept. diff --git a/ruby/ql/lib/change-notes/2022-11-14-activesupport-enumerable-index-by.md b/ruby/ql/lib/change-notes/2022-11-14-activesupport-enumerable-index-by.md deleted file mode 100644 index 812c292dd94..00000000000 --- a/ruby/ql/lib/change-notes/2022-11-14-activesupport-enumerable-index-by.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Data flow through the `ActiveSupport` extension `Enumerable#index_by` is now modeled. diff --git a/ruby/ql/lib/change-notes/released/0.4.4.md b/ruby/ql/lib/change-notes/released/0.4.4.md new file mode 100644 index 00000000000..6147687886b --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.4.4.md @@ -0,0 +1,13 @@ +## 0.4.4 + +### Minor Analysis Improvements + +* Data flow through the `ActiveSupport` extension `Enumerable#index_by` is now modeled. +* The `codeql.ruby.Concepts` library now has a `SqlConstruction` class, in addition to the existing `SqlExecution` class. +* Calls to `Arel.sql` are now modeled as instances of the new `SqlConstruction` concept. +* Arguments to RPC endpoints (public methods) on subclasses of `ActionCable::Channel::Base` are now recognized as sources of remote user input. +* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters. +* Calls to `logger` in `ActiveSupport` actions are now recognised as logger instances. +* Calls to `send_data` in `ActiveSupport` actions are recognised as HTTP responses. +* Calls to `body_stream` in `ActiveSupport` actions are recognised as HTTP request accesses. +* The `ActiveSupport` extensions `Object#try` and `Object#try!` are now recognised as code executions. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 016f75260eb..cf26086c71c 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.4.4-dev +version: 0.4.4 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 1e45bb15389..ea095374247 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.4.4 + +### New Queries + +* Added a new query, `rb/shell-command-constructed-from-input`, to detect libraries that unsafely construct shell commands from their inputs. + +### Minor Analysis Improvements + +* The `rb/sql-injection` query now considers consider SQL constructions, such as calls to `Arel.sql`, as sinks. + ## 0.4.3 ### Minor Analysis Improvements diff --git a/ruby/ql/src/change-notes/2022-10-10-unsafe-shell-command-construction.md b/ruby/ql/src/change-notes/2022-10-10-unsafe-shell-command-construction.md deleted file mode 100644 index fba6a9304cf..00000000000 --- a/ruby/ql/src/change-notes/2022-10-10-unsafe-shell-command-construction.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `rb/shell-command-constructed-from-input`, to detect libraries that unsafely construct shell commands from their inputs. diff --git a/ruby/ql/src/change-notes/2022-11-10-arel-sql.md b/ruby/ql/src/change-notes/2022-11-10-arel-sql.md deleted file mode 100644 index 918e46a9d9b..00000000000 --- a/ruby/ql/src/change-notes/2022-11-10-arel-sql.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `rb/sql-injection` query now considers consider SQL constructions, such as calls to `Arel.sql`, as sinks. diff --git a/ruby/ql/src/change-notes/released/0.4.4.md b/ruby/ql/src/change-notes/released/0.4.4.md new file mode 100644 index 00000000000..59be09518f7 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.4.4.md @@ -0,0 +1,9 @@ +## 0.4.4 + +### New Queries + +* Added a new query, `rb/shell-command-constructed-from-input`, to detect libraries that unsafely construct shell commands from their inputs. + +### Minor Analysis Improvements + +* The `rb/sql-injection` query now considers consider SQL constructions, such as calls to `Arel.sql`, as sinks. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 1ec9c4ea5d9..e9b57993a01 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.3 +lastReleaseVersion: 0.4.4 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 93c261cc264..5d1a123e58a 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.4.4-dev +version: 0.4.4 groups: - ruby - queries diff --git a/shared/regex/change-notes/2022-09-26-initial-version.md b/shared/regex/CHANGELOG.md similarity index 76% rename from shared/regex/change-notes/2022-09-26-initial-version.md rename to shared/regex/CHANGELOG.md index e4d6e0490c2..68156d29a72 100644 --- a/shared/regex/change-notes/2022-09-26-initial-version.md +++ b/shared/regex/CHANGELOG.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.0.1 + +### Minor Analysis Improvements + * Initial release. Extracted common regex related code, including the ReDoS analysis, into a library pack to share code between languages. diff --git a/shared/regex/change-notes/released/0.0.1.md b/shared/regex/change-notes/released/0.0.1.md new file mode 100644 index 00000000000..68156d29a72 --- /dev/null +++ b/shared/regex/change-notes/released/0.0.1.md @@ -0,0 +1,5 @@ +## 0.0.1 + +### Minor Analysis Improvements + +* Initial release. Extracted common regex related code, including the ReDoS analysis, into a library pack to share code between languages. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml new file mode 100644 index 00000000000..c6933410b71 --- /dev/null +++ b/shared/regex/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.1 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 4b25672b6c5..c82cff186d0 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.0.1-dev +version: 0.0.1 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index d26b43c4358..76932ab7a0f 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.0.5.md b/shared/ssa/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..766ec2723b5 --- /dev/null +++ b/shared/ssa/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 80e454bf99f..7fb2ed664cb 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/ssa -version: 0.0.5-dev +version: 0.0.5 groups: shared library: true diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 6741585b960..89e542713a7 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.5 + +No user-facing changes. + ## 0.0.4 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.0.5.md b/shared/typos/change-notes/released/0.0.5.md new file mode 100644 index 00000000000..766ec2723b5 --- /dev/null +++ b/shared/typos/change-notes/released/0.0.5.md @@ -0,0 +1,3 @@ +## 0.0.5 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index ec411a674bc..bb45a1ab018 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.4 +lastReleaseVersion: 0.0.5 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 1bada6ef1ff..39df1ba73d5 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/typos -version: 0.0.5-dev +version: 0.0.5 groups: shared library: true