hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-29 18:41:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Release preparation for version 2.25.5

Browse Source
This commit is contained in:
github-actions[bot]
2026-05-18 12:05:32 +00:00
parent e55edf2f1f
commit e38616a2ef
167 changed files with 410 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 1.11.3
### Minor Analysis Improvements
* The `java/zipslip` query no longer reports archive entry names that flow only to read-only path sinks such as `ClassLoader.getResource`, `FileInputStream`, and `FileReader`. The query now restricts its sinks to the `path-injection` kind and deliberately excludes the new `path-injection[read]` sub-kind, matching the Zip Slip threat model of unsafe archive extraction.
## 1.11.2
No user-facing changes.

7
java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md → java/ql/src/change-notes/released/1.11.3.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 1.11.3
### Minor Analysis Improvements
* The `java/zipslip` query no longer reports archive entry names that flow only to read-only path sinks such as `ClassLoader.getResource`, `FileInputStream`, and `FileReader`. The query now restricts its sinks to the `path-injection` kind and deliberately excludes the new `path-injection[read]` sub-kind, matching the Zip Slip threat model of unsafe archive extraction.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.11.2
lastReleaseVersion: 1.11.3

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.11.3-dev
version: 1.11.3
groups:
- java
- queries