github-actions[bot]
0db542e9f0
Release preparation for version 2.24.1
2026-02-02 12:09:09 +00:00
github-actions[bot]
48475e66af
Post-release preparation for codeql-cli-2.24.0
2026-01-19 15:49:08 +00:00
github-actions[bot]
4142b9c4ce
Release preparation for version 2.24.0
2026-01-19 14:49:14 +00:00
Ian Lynagh
dcd0a69759
Merge remote-tracking branch 'upstream/main' into igfoo/mb
2026-01-13 01:01:35 +00:00
github-actions[bot]
2cb932cf5d
Post-release preparation for codeql-cli-2.23.9
2026-01-06 15:42:16 +00:00
github-actions[bot]
c00663766e
Release preparation for version 2.23.9
2026-01-05 11:57:06 +00:00
Óscar San José
d972af9ef8
Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main
2025-12-12 13:22:08 +01:00
github-actions[bot]
2854330759
Post-release preparation for codeql-cli-2.23.8
2025-12-08 15:49:10 +00:00
github-actions[bot]
66c51e979e
Release preparation for version 2.23.8
2025-12-08 14:38:23 +00:00
Óscar San José
bc6133de5c
Merge branch 'main' of https://github.com/github/codeql into oscarsj/merge-back-rc-3.20
2025-12-05 19:31:47 +01:00
Anders Schack-Mulligen
78e1879c9e
Use more flowTo.
2025-12-03 14:12:08 +01:00
github-actions[bot]
085faa2bdb
Post-release preparation for codeql-cli-2.23.7
2025-12-02 16:39:43 +00:00
github-actions[bot]
a045b317ac
Release preparation for version 2.23.7
2025-12-02 15:31:27 +00:00
github-actions[bot]
19a13467e0
Release preparation for version 2.23.7
2025-12-01 16:07:37 +00:00
Felicity Chapman
caf6b950ac
Remove trailing periods from @name metadata in query files
...
Fixed 73 .ql query files where the @name metadata contained an ending period.
This ensures consistency with the CodeQL query metadata style guidelines.
2025-11-26 14:29:51 +00:00
Owen Mansel-Chan
7d7af193dc
Fix small mistake in Ruby query help
2025-11-19 14:36:26 +00:00
github-actions[bot]
5ee45af3aa
Post-release preparation for codeql-cli-2.23.6
2025-11-18 09:53:12 +00:00
github-actions[bot]
18fa6799ce
Release preparation for version 2.23.6
2025-11-17 16:38:07 +00:00
Napalys Klicius
d122534398
Merge pull request #20671 from github/napalys/adjust_query_severity
...
Adjust query severity ratings
2025-11-11 12:37:31 +01:00
github-actions[bot]
4014df9a6e
Post-release preparation for codeql-cli-2.23.4
2025-11-04 17:57:52 +00:00
github-actions[bot]
64fcdd1f2f
Release preparation for version 2.23.4
2025-11-03 14:52:23 +00:00
Nora Dimitrijević
6ede0a7950
Ruby/WeakFilePermissions
2025-10-28 09:40:46 +01:00
Nora Dimitrijević
495be51ae7
Ruby/WeakParams
2025-10-28 09:40:43 +01:00
Nora Dimitrijević
50f2540db1
Ruby/ManuallyCheckHttpVerb
2025-10-28 09:40:41 +01:00
Chris Smowton
2e0e9e0834
Merge pull request #20550 from github/smowton/admin/document-rails-5-csrf
...
Ruby: Update CSRF protection notes in documentation
2025-10-27 12:19:16 +00:00
Napalys Klicius
9c70ae04fb
Add change note
2025-10-22 11:48:16 +00:00
Napalys Klicius
fa47174013
CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0
2025-10-22 11:32:33 +00:00
Owen Mansel-Chan
66f95bcbcd
Merge pull request #20603 from owen-mc/update-broken-algo-qhelp
...
Many languages: Update broken algo qhelp
2025-10-17 12:30:43 +01:00
github-actions[bot]
6dd07790ac
Post-release preparation for codeql-cli-2.23.3
2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40
Release preparation for version 2.23.3
2025-10-14 09:30:24 +00:00
Owen Mansel-Chan
2f22acdd06
Remove hashing example when not covered by query
2025-10-08 16:48:57 +01:00
Owen Mansel-Chan
0bcdb91639
Improve qhelp for broken crypto algo queries
...
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
2025-10-08 14:10:54 +01:00
Owen Mansel-Chan
2a1c9d8ec1
Remove erroneous comma
2025-10-08 14:08:36 +01:00
Owen Mansel-Chan
90db349f4b
State that ruby broken crypto algo doesn't deal with hashing
2025-10-08 14:05:00 +01:00
Chris Smowton
ff4b97bf2d
Reword
2025-09-30 13:08:03 +01:00
Chris Smowton
f1239352ce
Note issue in related query
2025-09-29 18:43:59 +01:00
Chris Smowton
18c5cb10d9
Ruby: Update CSRF protection notes in documentation
...
Autofix is confused about how the `protect_from_forgery` method works in Rails >= 5: GPT-5 says:
> In modern Rails versions (>=5, including 6 and 7 which this gem permits), ActionController::Base already enables CSRF protection by default with the `:exception` strategy; an explicit call to `protect_from_forgery` without options does not weaken security.
This is false: manual testing confirms that it actually does downgrade from `:exception` to `:null-session` behaviour when a manual call is made.
I can't find any authoritative source showing this gotcha, so I can see how the AI is confused and how humans might also struggle to verify the truth.
2025-09-29 18:42:11 +01:00
github-actions[bot]
a7a4e43991
Post-release preparation for codeql-cli-2.23.2
2025-09-29 15:10:19 +00:00
github-actions[bot]
d2130a589b
Release preparation for version 2.23.2
2025-09-29 10:28:45 +00:00
github-actions[bot]
4e8343664f
Post-release preparation for codeql-cli-2.23.1
2025-09-17 10:13:40 +00:00
github-actions[bot]
02a1b1efcb
Release preparation for version 2.23.1
2025-09-16 14:14:42 +00:00
Arthur Baars
5d3ec35e29
Remove non-breaking spaces from code
2025-09-05 09:41:15 +02:00
github-actions[bot]
e8a2600a0c
Post-release preparation for codeql-cli-2.23.0
2025-09-02 11:46:23 +00:00
github-actions[bot]
0bfa93828b
Release preparation for version 2.23.0
2025-09-02 11:09:32 +00:00
Anders Schack-Mulligen
e2eb6dbbf2
Ruby: Fix query compilation.
2025-09-01 11:26:37 +02:00
github-actions[bot]
42e3d31c49
Post-release preparation for codeql-cli-2.22.4
2025-08-18 14:42:42 +00:00
github-actions[bot]
90d29994c8
Release preparation for version 2.22.4
2025-08-18 14:06:09 +00:00
github-actions[bot]
fb4b0aac53
Post-release preparation for codeql-cli-2.22.3
2025-08-04 17:18:08 +00:00
github-actions[bot]
fd82aeb1f8
Release preparation for version 2.22.3
2025-08-04 15:47:57 +00:00
github-actions[bot]
37cc78255a
Post-release preparation for codeql-cli-2.22.2
2025-07-22 14:22:20 +00:00
