Release preparation for version 2.20.6

2026-04-21 06:55:31 +02:00 · 2025-03-03 17:13:19 +00:00
parent 7f56c67544
commit fa850cccb1
164 changed files with 423 additions and 144 deletions
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 7.1.0
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 24.
+
+### Minor Analysis Improvements
+
+* Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
+
 ## 7.0.1

 No user-facing changes.
--- a/java/ql/lib/change-notes/2025-02-27-jdk-24.md
+++ b/java/ql/lib/change-notes/2025-02-27-jdk-24.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* The Java extractor and QL libraries now support Java 24.
--- a/java/ql/lib/change-notes/2025-01-16-file-constructor-sanitizer.md
+++ b/java/ql/lib/change-notes/2025-01-16-file-constructor-sanitizer.md
@@ -1,4 +1,9 @@
---
-category: minorAnalysis
---
+## 7.1.0
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 24.
+
+### Minor Analysis Improvements
+
 * Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.0.1
+lastReleaseVersion: 7.1.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.0.2-dev
+version: 7.1.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.3.0
+
+### Major Analysis Improvements
+
+* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
+
 ## 1.2.0

 ### New Queries
--- a/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
+++ b/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
@@ -1,4 +1,5 @@
---
-category: majorAnalysis
---
+## 1.3.0
+
+### Major Analysis Improvements
+
 * Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.0
+lastReleaseVersion: 1.3.0
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.2.1-dev
+version: 1.3.0
 groups:
  - java
  - queries