Release preparation for version 2.17.0

java/ql/src/CHANGELOG.md

@@ -1,3 +1,18 @@
+## 0.8.13
+
+### New Queries
+
+* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).
+
+### Major Analysis Improvements
+
+* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
+
+### Minor Analysis Improvements
+
+* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
+* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.
+
 ## 0.8.12
 
 No user-facing changes.

java/ql/src/change-notes/2024-03-06-url-forward-query.md

@@ -1,4 +0,0 @@
----
-category: newQuery
----
-* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).

java/ql/src/change-notes/2024-03-12-request-sanitizers.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.

java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.

java/ql/src/change-notes/2024-03-27-MissingEnumInSwitch.md

@@ -1,4 +0,0 @@
----
-category: majorAnalysis
----
-* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.

java/ql/src/change-notes/released/0.8.13.md

@@ -0,0 +1,14 @@
+## 0.8.13
+
+### New Queries
+
+* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286).
+
+### Major Analysis Improvements
+
+* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing.
+
+### Minor Analysis Improvements
+
+* Variables named `tokenImage` are no longer sources for  the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts.
+* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries.

java/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.12
+lastReleaseVersion: 0.8.13

java/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.8.13-dev
+version: 0.8.13
 groups:
   - java
   - queries