Merge pull request #18917 from github/smowton/admin/jdk-24-2.20.6

Update supported Java version
2026-05-18 05:07:06 +02:00 · 2025-03-04 07:10:10 -08:00 · 2025-03-04 10:06:20 +00:00 · 2025-03-03 09:22:19 -08:00 · 2025-03-03 09:19:01 -08:00 · 2025-03-03 17:13:19 +00:00
197 changed files with 893 additions and 1308 deletions
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 0.4.4
+
+No user-facing changes.
+
 ## 0.4.3

 ### New Features
--- a/actions/ql/lib/change-notes/released/0.4.4.md
+++ b/actions/ql/lib/change-notes/released/0.4.4.md
@@ -0,0 +1,3 @@
+## 0.4.4
+
+No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.3
+lastReleaseVersion: 0.4.4
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.4-dev
+version: 0.4.4
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,12 @@
+## 0.5.1
+
+### Bug Fixes
+
+* The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
+  Immutable Actions feature is not yet available for customer use. The query remains in the
+  default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
+  available, the query will be updated to report alerts again.
+
 ## 0.5.0

 ### Breaking Changes
--- a/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md
+++ b/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md
@@ -1,6 +1,7 @@
---
-category: fix
---
+## 0.5.1
+
+### Bug Fixes
+
 * The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
  Immutable Actions feature is not yet available for customer use. The query remains in the
  default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.0
+lastReleaseVersion: 0.5.1
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.5.1-dev
+version: 0.5.1
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 4.0.2
+
+### Minor Analysis Improvements
+
+* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
+* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
+
 ## 4.0.1

 No user-facing changes.
--- a/cpp/ql/lib/change-notes/2025-02-20-getbuffersize.md
+++ b/cpp/ql/lib/change-notes/2025-02-20-getbuffersize.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
--- a/cpp/ql/lib/change-notes/2025-02-25-getbuffersize.md
+++ b/cpp/ql/lib/change-notes/2025-02-25-getbuffersize.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
--- a/cpp/ql/lib/change-notes/released/4.0.2.md
+++ b/cpp/ql/lib/change-notes/released/4.0.2.md
@@ -0,0 +1,6 @@
+## 4.0.2
+
+### Minor Analysis Improvements
+
+* Modified the `getBufferSize` predicate in `commons/Buffer.qll` to be more tolerant in some cases involving member variables in a larger struct or class.
+* Fixed an issue where the `getBufferSize` predicate in `commons/Buffer.qll` was returning results for references inside `offsetof` expressions, which are not accesses to a buffer.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.1
+lastReleaseVersion: 4.0.2
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.0.2-dev
+version: 4.0.2
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,10 @@
+## 1.3.5
+
+### Minor Analysis Improvements
+
+* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
+* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
+
 ## 1.3.4

 No user-facing changes.
--- a/cpp/ql/src/change-notes/2025-02-20-overflow-buffer.md
+++ b/cpp/ql/src/change-notes/2025-02-20-overflow-buffer.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
--- a/cpp/ql/src/change-notes/2025-02-27-static-buffer-overflow.md
+++ b/cpp/ql/src/change-notes/2025-02-27-static-buffer-overflow.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
--- a/cpp/ql/src/change-notes/released/1.3.5.md
+++ b/cpp/ql/src/change-notes/released/1.3.5.md
@@ -0,0 +1,6 @@
+## 1.3.5
+
+### Minor Analysis Improvements
+
+* Due to changes in libraries the query "Static array access may cause overflow" (`cpp/static-buffer-overflow`) will no longer report cases where multiple fields of a struct or class are written with a single `memset` or similar operation.
+* The query "Call to memory access function may overflow buffer" (`cpp/overflow-buffer`) has been added to the security-extended query suite. The query detects a range of buffer overflow and underflow issues.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.4
+lastReleaseVersion: 1.3.5
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.5-dev
+version: 1.3.5
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.35
+
+No user-facing changes.
+
 ## 1.7.34

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.35.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.35.md
@@ -0,0 +1,3 @@
+## 1.7.35
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.34
+lastReleaseVersion: 1.7.35
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.35-dev
+version: 1.7.35
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.7.35
+
+No user-facing changes.
+
 ## 1.7.34

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.35.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.35.md
@@ -0,0 +1,3 @@
+## 1.7.35
+
+No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.34
+lastReleaseVersion: 1.7.35
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.35-dev
+version: 1.7.35
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 5.1.1
+
+No user-facing changes.
+
 ## 5.1.0

 ### Deprecated APIs
--- a/csharp/ql/lib/change-notes/released/5.1.1.md
+++ b/csharp/ql/lib/change-notes/released/5.1.1.md
@@ -0,0 +1,3 @@
+## 5.1.1
+
+No user-facing changes.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.0
+lastReleaseVersion: 5.1.1
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.1-dev
+version: 5.1.1
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/Practices/PathCombine.qhelp
+++ b/Practices/PathCombine.qhelp
@@ -1,18 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<overview>
-<p><code>Path.Combine</code> may silently drop its earlier arguments if its later arguments are absolute paths. E.g. <code>Path.Combine("C:\\Users\\Me\\Documents", "C:\\Program Files\\") == "C:\\Program Files"</code>.</p>
-
-</overview>
-<recommendation>
-<p>Use <code>Path.Join</code> instead.</p>
-</recommendation>
-<references>
-
-  <li>Microsoft Learn, .NET API browser, <a href="https://learn.microsoft.com/en-us/dotnet/api/system.io.path.combine?view=net-9.0">Path.Combine</a>.</li>
-  <li>Microsoft Learn, .NET API browser, <a href="https://learn.microsoft.com/en-us/dotnet/api/system.io.path.join?view=net-9.0">Path.Join</a>.</li>
-
-</references>
-</qhelp>
--- a/Practices/PathCombine.ql
+++ b/Practices/PathCombine.ql
@@ -1,16 +0,0 @@
-/**
- * @name Call to System.IO.Path.Combine
- * @description Finds calls to System.IO.Path's Combine method
- * @kind problem
- * @problem.severity recommendation
- * @precision very-high
- * @id cs/path-combine
- * @tags reliability
- */
-
-import csharp
-import semmle.code.csharp.frameworks.System
-
-from MethodCall call
-where call.getTarget().hasFullyQualifiedName("System.IO", "Path", "Combine")
-select call, "Call to 'System.IO.Path.Combine'."
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.0.18
+
+### Minor Analysis Improvements
+
+* C#: Improve precision of the query `cs/call-to-object-tostring` for value tuples.
+
 ## 1.0.17

 No user-facing changes.
--- a/csharp/ql/src/change-notes/2025-02-26-path-combine.md
+++ b/csharp/ql/src/change-notes/2025-02-26-path-combine.md
@@ -1,4 +0,0 @@
---
-category: newQuery
---
-* Added a new query, `csharp/path-combine`, to recommend against the `Path.Combine` method due to it silently discarding its earlier parameters if later parameters are rooted.
--- a/csharp/ql/src/change-notes/2025-02-24-object-tostring.md
+++ b/csharp/ql/src/change-notes/2025-02-24-object-tostring.md
@@ -1,4 +1,5 @@
---
-category: minorAnalysis
---
+## 1.0.18
+
+### Minor Analysis Improvements
+
 * C#: Improve precision of the query `cs/call-to-object-tostring` for value tuples.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.17
+lastReleaseVersion: 1.0.18
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.18-dev
+version: 1.0.18
 groups:
  - csharp
  - queries
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1,14 +0,0 @@
-using System.IO;
-
-class PathCombine
-{
-    void bad()
-    {
-        Path.Combine(@"C:\Users", @"C:\Program Files");
-    }
-
-    void good()
-    {
-        Path.Join(@"C:\Users", @"C:\Program Files");
-    }
-}
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1 +0,0 @@
-| PathCombine.cs:7:9:7:54 | call to method Combine | Call to 'System.IO.Path.Combine'. |
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1 +0,0 @@
-Bad Practices/PathCombine.ql
--- a/csharp/ql/test/query-tests/Bad
+++ b/csharp/ql/test/query-tests/Bad
@@ -1,2 +0,0 @@
-semmle-extractor-options: /nostdlib /noconfig
-semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
--- a/docs/codeql/reusables/supported-versions-compilers.rst
+++ b/docs/codeql/reusables/supported-versions-compilers.rst
@@ -17,7 +17,7 @@

   .NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
   Go (aka Golang), "Go up to 1.24", "Go 1.11 or more recent", ``.go``
-   Java,"Java 7 to 22 [5]_","javac (OpenJDK and Oracle JDK),
+   Java,"Java 7 to 24 [5]_","javac (OpenJDK and Oracle JDK),

   Eclipse compiler for Java (ECJ) [6]_",``.java``
   Kotlin,"Kotlin 1.5.0 to 2.1.2\ *x*","kotlinc",``.kt``
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.18
+
+No user-facing changes.
+
 ## 1.0.17

 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.18.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.18.md
@@ -0,0 +1,3 @@
+## 1.0.18
+
+No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.17
+lastReleaseVersion: 1.0.18
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.18-dev
+version: 1.0.18
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,19 @@
+## 4.2.0
+
+### Deprecated APIs
+
+* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
+
+### Major Analysis Improvements
+
+* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
+
+### Minor Analysis Improvements
+
+* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
+* Added `database` source models for the `github.com/rqlite/gorqlite` package.
+* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
+
 ## 4.1.0

 ### Deprecated APIs
--- a/go/ql/lib/change-notes/2025-01-14-mongodb-models.md
+++ b/go/ql/lib/change-notes/2025-01-14-mongodb-models.md
@@ -1,5 +0,0 @@
---
-category: minorAnalysis
---
-* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
-
--- a/go/ql/lib/change-notes/2025-02-25-go-database-rqlite-sources.md
+++ b/go/ql/lib/change-notes/2025-02-25-go-database-rqlite-sources.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Added `database` source models for the `github.com/rqlite/gorqlite` package.
--- a/go/ql/lib/change-notes/2025-02-26-location-info-changed.md
+++ b/go/ql/lib/change-notes/2025-02-26-location-info-changed.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
--- a/go/ql/lib/change-notes/2025-02-27-go-version-1-24.md
+++ b/go/ql/lib/change-notes/2025-02-27-go-version-1-24.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
--- a/go/ql/lib/change-notes/2025-02-27-haslocationinfo-deprecated.md
+++ b/go/ql/lib/change-notes/2025-02-27-haslocationinfo-deprecated.md
@@ -1,4 +0,0 @@
---
-category: deprecated
---
-* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
--- a/go/ql/lib/change-notes/released/4.2.0.md
+++ b/go/ql/lib/change-notes/released/4.2.0.md
@@ -0,0 +1,15 @@
+## 4.2.0
+
+### Deprecated APIs
+
+* The member predicate `hasLocationInfo` has been deprecated on the following classes: `BasicBlock`, `Callable`, `Content`, `ContentSet`, `ControlFlow::Node`, `DataFlowCallable`, `DataFlow::Node`, `Entity`, `GVN`, `HtmlTemplate::TemplateStmt`, `IR:WriteTarget`, `SourceSinkInterpretationInput::SourceOrSinkElement`, `SourceSinkInterpretationInput::InterpretNode`, `SsaVariable`, `SsaDefinition`, `SsaWithFields`, `StringOps::ConcatenationElement`, `Type`, and `VariableWithFields`. Use `getLocation()` instead.
+
+### Major Analysis Improvements
+
+* Go 1.24 is now supported. This includes the new language feature of generic type aliases.
+
+### Minor Analysis Improvements
+
+* The location info for the following classes has been changed slightly to match a location that is in the database: `BasicBlock`, `ControlFlow::EntryNode`, `ControlFlow::ExitNode`, `ControlFlow::ConditionGuardNode`, `IR::ImplicitLiteralElementIndexInstruction`, `IR::EvalImplicitTrueInstruction`, `SsaImplicitDefinition`, `SsaPhiNode`.
+* Added `database` source models for the `github.com/rqlite/gorqlite` package.
+* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.0
+lastReleaseVersion: 4.2.0
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.1.1-dev
+version: 4.2.0
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.1.9
+
+No user-facing changes.
+
 ## 1.1.8

 ### Minor Analysis Improvements
--- a/go/ql/src/change-notes/released/1.1.9.md
+++ b/go/ql/src/change-notes/released/1.1.9.md
@@ -0,0 +1,3 @@
+## 1.1.9
+
+No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.8
+lastReleaseVersion: 1.1.9
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.1.9-dev
+version: 1.1.9
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 7.1.0
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 24.
+
+### Minor Analysis Improvements
+
+* Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
+
 ## 7.0.1

 No user-facing changes.
--- a/java/ql/lib/change-notes/2025-02-27-jdk-24.md
+++ b/java/ql/lib/change-notes/2025-02-27-jdk-24.md
@@ -1,4 +0,0 @@
---
-category: feature
---
-* The Java extractor and QL libraries now support Java 24.
--- a/java/ql/lib/change-notes/2025-01-16-file-constructor-sanitizer.md
+++ b/java/ql/lib/change-notes/2025-01-16-file-constructor-sanitizer.md
@@ -1,4 +1,9 @@
---
-category: minorAnalysis
---
+## 7.1.0
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 24.
+
+### Minor Analysis Improvements
+
 * Added a path injection sanitizer for the `child` argument of a `java.io.File` constructor if that argument does not contain path traversal sequences.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.0.1
+lastReleaseVersion: 7.1.0
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.0.2-dev
+version: 7.1.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 1.3.0
+
+### Major Analysis Improvements
+
+* Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
+
 ## 1.2.0

 ### New Queries
--- a/Bugs/Concurrency/UnreleasedLock.ql
+++ b/Bugs/Concurrency/UnreleasedLock.ql
@@ -118,26 +118,6 @@ predicate heldByCurrentThreadCheck(LockType t, BasicBlock checkblock, BasicBlock
  )
 }

-/**
- * Holds if there is a variable access in `checkblock` that has `falsesucc` as the false successor.
- *
- * The variable access must have an assigned value that is a lock access on `t`, and
- * the true successor of `checkblock` must contain an unlock access.
- */
-predicate variableLockStateCheck(LockType t, BasicBlock checkblock, BasicBlock falsesucc) {
-  exists(ConditionBlock conditionBlock, VarAccess v |
-    v.getType() instanceof BooleanType and
-    // Ensure that a lock access is assigned to the variable
-    v.getVariable().getAnAssignedValue() = t.getLockAccess() and
-    // Ensure that the `true` successor of the condition block contains an unlock access
-    conditionBlock.getTestSuccessor(true) = t.getUnlockAccess().getBasicBlock() and
-    conditionBlock.getCondition() = v
-  |
-    conditionBlock.getBasicBlock() = checkblock and
-    conditionBlock.getTestSuccessor(false) = falsesucc
-  )
-}
-
 /**
 * A control flow path from a locking call in `src` to `b` such that the number of
 * locks minus the number of unlocks along the way is positive and equal to `locks`.
@@ -151,9 +131,8 @@ predicate blockIsLocked(LockType t, BasicBlock src, BasicBlock b, int locks) {
    // The number of net locks from the `src` block to the predecessor block `pred` is `predlocks`.
    blockIsLocked(t, src, pred, predlocks) and
    // The recursive call ensures that at least one lock is held, so do not consider the false
-    // successor of the `isHeldByCurrentThread()` check or of `variableLockStateCheck`.
+    // successor of the `isHeldByCurrentThread()` check.
    not heldByCurrentThreadCheck(t, pred, b) and
-    not variableLockStateCheck(t, pred, b) and
    // Count a failed lock as an unlock so the net is zero.
    (if failedLock(t, pred, b) then failedlock = 1 else failedlock = 0) and
    (
--- a/java/ql/src/change-notes/2025-03-02-unreleased-lock-fp.md
+++ b/java/ql/src/change-notes/2025-03-02-unreleased-lock-fp.md
@@ -1,4 +0,0 @@
---
-category: majorAnalysis
---
-* Updated the `java/unreleased-lock` query so that it no longer report alerts in cases where a boolean variable is used to track lock state.
--- a/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
+++ b/java/ql/src/change-notes/2025-01-28-fix-xss-content-type-safe.md
@@ -1,4 +1,5 @@
---
-category: majorAnalysis
---
+## 1.3.0
+
+### Major Analysis Improvements
+
 * Fixed false positive alerts in the java query "Cross-site scripting" (`java/xss`) when `javax.servlet.http.HttpServletResponse` is used with a content type which is not exploitable.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.0
+lastReleaseVersion: 1.3.0
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.2.1-dev
+version: 1.3.0
 groups:
  - java
  - queries
--- a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.expected
+++ b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.expected
@@ -3,4 +3,3 @@
 | UnreleasedLock.java:40:3:40:15 | lock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. |
 | UnreleasedLock.java:50:3:50:15 | lock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. |
 | UnreleasedLock.java:72:8:72:23 | tryLock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. |
-| UnreleasedLock.java:114:13:114:28 | tryLock(...) | This lock might not be unlocked or might be locked more times than it is unlocked. |
--- a/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java
+++ b/java/ql/test/query-tests/UnreleasedLock/UnreleasedLock.java
@@ -5,18 +5,18 @@ class Test {
 		void unlock() { }
 		boolean isHeldByCurrentThread() { return true; }
 	}
-
+	
 	void f() throws RuntimeException { }
 	void g() throws RuntimeException { }
-
+	
 	MyLock mylock = new MyLock();
-
+	
 	void bad1() {
 		mylock.lock();
 		f();
 		mylock.unlock();
 	}
-
+	
 	void good2() {
 		mylock.lock();
 		try {
@@ -25,7 +25,7 @@ class Test {
 			mylock.unlock();
 		}
 	}
-
+	
 	void bad3() {
 		mylock.lock();
 		f();
@@ -35,7 +35,7 @@ class Test {
 			mylock.unlock();
 		}
 	}
-
+	
 	void bad4() {
 		mylock.lock();
 		try {
@@ -45,7 +45,7 @@ class Test {
 			mylock.unlock();
 		}
 	}
-
+	
 	void bad5(boolean lockmore) {
 		mylock.lock();
 		try {
@@ -58,7 +58,7 @@ class Test {
 			mylock.unlock();
 		}
 	}
-
+	
 	void good6() {
 		if (!mylock.tryLock()) { return; }
 		try {
@@ -67,7 +67,7 @@ class Test {
 			mylock.unlock();
 		}
 	}
-
+	
 	void bad7() {
 		if (!mylock.tryLock()) { return; }
 		f();
@@ -95,29 +95,4 @@ class Test {
 			mylock.unlock();
 		}
 	}
-
-	void good9() {
-		boolean locked = false;
-		try {
-			locked = mylock.tryLock();
-			if (!locked) { return; }
-		} finally {
-			if (locked) {
-				mylock.unlock();
-			}
-		}
-	}
-
-	void bad10() {
-		boolean locked = false;
-		try {
-			locked = mylock.tryLock();
-			if (!locked) { return; }
-		} finally {
-			if (locked) {
-				g();
-				mylock.unlock();
-			}
-		}
-	}
 }
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 2.5.0
+
+### Major Analysis Improvements
+
+* Added support for the `response` threat model kind, which can enabled with [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
+* Added support for the `useQuery` hook from `@tanstack/react-query`.
+
+### Minor Analysis Improvements
+
+* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
+
 ## 2.4.1

 ### Minor Analysis Improvements
--- a/javascript/ql/lib/change-notes/2025-02-12-express-download.md
+++ b/javascript/ql/lib/change-notes/2025-02-12-express-download.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
--- a/javascript/ql/lib/change-notes/2025-02-21-tanstack.md
+++ b/javascript/ql/lib/change-notes/2025-02-21-tanstack.md
@@ -1,6 +1,10 @@
---
-category: majorAnalysis
---
---
+## 2.5.0
+
+### Major Analysis Improvements
+
 * Added support for the `response` threat model kind, which can enabled with [advanced setup](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). When enabled, the response data coming back from an outgoing HTTP request is considered a source of taint.
 * Added support for the `useQuery` hook from `@tanstack/react-query`.
+
+### Minor Analysis Improvements
+
+* The `response.download()` function in `express` is now recognized as a sink for path traversal attacks.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.4.1
+lastReleaseVersion: 2.5.0
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.4.2-dev
+version: 2.5.0
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/src/CHANGELOG.md
+++ b/javascript/ql/src/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 1.5.0
+
+### Major Analysis Improvements
+
+* Improved precision of data flow through arrays, fixing some spurious flows
+  that would sometimes cause the `length` property of an array to be seen as tainted.
+* Improved call resolution logic to better handle calls resolving "downwards", targeting
+  a method declared in a subclass of the enclosing class. Data flow analysis
+  has also improved to avoid spurious flow between unrelated classes in the class hierarchy.
+
 ## 1.4.1

 ### Bug Fixes
--- a/javascript/ql/src/change-notes/2025-02-18-no-implicit-array-taint.md
+++ b/javascript/ql/src/change-notes/2025-02-18-no-implicit-array-taint.md
@@ -1,5 +0,0 @@
---
-category: majorAnalysis
---
-* Improved precision of data flow through arrays, fixing some spurious flows
-  that would sometimes cause the `length` property of an array to be seen as tainted.
--- a/javascript/ql/src/change-notes/2025-02-17-downward-calls.md
+++ b/javascript/ql/src/change-notes/2025-02-17-downward-calls.md
@@ -1,6 +1,9 @@
---
-category: majorAnalysis
---
+## 1.5.0
+
+### Major Analysis Improvements
+
+* Improved precision of data flow through arrays, fixing some spurious flows
+  that would sometimes cause the `length` property of an array to be seen as tainted.
 * Improved call resolution logic to better handle calls resolving "downwards", targeting
  a method declared in a subclass of the enclosing class. Data flow analysis
  has also improved to avoid spurious flow between unrelated classes in the class hierarchy.
--- a/javascript/ql/src/codeql-pack.release.yml
+++ b/javascript/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.1
+lastReleaseVersion: 1.5.0
--- a/javascript/ql/src/qlpack.yml
+++ b/javascript/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 1.4.2-dev
+version: 1.5.0
 groups:
  - javascript
  - queries
--- a/misc/suite-helpers/CHANGELOG.md
+++ b/misc/suite-helpers/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.0.18
+
+No user-facing changes.
+
 ## 1.0.17

 No user-facing changes.
--- a/misc/suite-helpers/change-notes/released/1.0.18.md
+++ b/misc/suite-helpers/change-notes/released/1.0.18.md
@@ -0,0 +1,3 @@
+## 1.0.18
+
+No user-facing changes.
--- a/misc/suite-helpers/codeql-pack.release.yml
+++ b/misc/suite-helpers/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.17
+lastReleaseVersion: 1.0.18
--- a/misc/suite-helpers/qlpack.yml
+++ b/misc/suite-helpers/qlpack.yml
@@ -1,4 +1,4 @@
 name: codeql/suite-helpers
-version: 1.0.18-dev
+version: 1.0.18
 groups: shared
 warnOnImplicitThis: true
--- a/python/ql/lib/CHANGELOG.md
+++ b/python/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.0.2
+
+No user-facing changes.
+
 ## 4.0.1

 ### Bug Fixes
--- a/python/ql/lib/change-notes/released/4.0.2.md
+++ b/python/ql/lib/change-notes/released/4.0.2.md
@@ -0,0 +1,3 @@
+## 4.0.2
+
+No user-facing changes.
--- a/python/ql/lib/codeql-pack.release.yml
+++ b/python/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.0.1
+lastReleaseVersion: 4.0.2
--- a/python/ql/lib/qlpack.yml
+++ b/python/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 4.0.2-dev
+version: 4.0.2
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python
--- a/python/ql/src/CHANGELOG.md
+++ b/python/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.4.4
+
+No user-facing changes.
+
 ## 1.4.3

 No user-facing changes.
--- a/python/ql/src/change-notes/released/1.4.4.md
+++ b/python/ql/src/change-notes/released/1.4.4.md
@@ -0,0 +1,3 @@
+## 1.4.4
+
+No user-facing changes.
--- a/python/ql/src/codeql-pack.release.yml
+++ b/python/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.3
+lastReleaseVersion: 1.4.4
--- a/python/ql/src/qlpack.yml
+++ b/python/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 1.4.4-dev
+version: 1.4.4
 groups:
  - python
  - queries
--- a/ruby/ql/lib/CHANGELOG.md
+++ b/ruby/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 4.1.1
+
+No user-facing changes.
+
 ## 4.1.0

 ### Deprecated APIs
--- a/ruby/ql/lib/change-notes/released/4.1.1.md
+++ b/ruby/ql/lib/change-notes/released/4.1.1.md
@@ -0,0 +1,3 @@
+## 4.1.1
+
+No user-facing changes.
--- a/ruby/ql/lib/codeql-pack.release.yml
+++ b/ruby/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.1.0
+lastReleaseVersion: 4.1.1
--- a/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
+++ b/ruby/ql/lib/codeql/ruby/frameworks/http_clients/NetHttp.qll
@@ -54,15 +54,7 @@ class NetHttpRequest extends Http::Client::Request::Range, DataFlow::CallNode {
  override DataFlow::Node getAUrlPart() {
    result = request.getArgument(0)
    or
-    result = this.getAUrlPartHelper()
-  }
-
-  /**
-   * Helper predicate for `getAUrlPart`.
-   *
-   * This handles `Net::HTTP.new(...).get(...)` etc.
-   */
-  private DataFlow::Node getAUrlPartHelper() {
+    // Net::HTTP.new(...).get(...)
    exists(API::Node new |
      new = API::getTopLevelMember("Net").getMember("HTTP").getInstance() and
      requestNode = new.getReturn(_)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Chuan-kai Lin	dbffe91a20	Merge pull request #18917 from github/smowton/admin/jdk-24-2.20.6 Update supported Java version	2025-03-04 07:10:10 -08:00
Chris Smowton	fba47877c7	Update supported Java version	2025-03-04 10:06:20 +00:00
Chuan-kai Lin	c1dca1038a	Merge pull request #18911 from github/release-prep/2.20.6 Release preparation for version 2.20.6	2025-03-03 09:22:19 -08:00
Chuan-kai Lin	17acb31f65	JS: Fix changelog formatting	2025-03-03 09:19:01 -08:00
github-actions[bot]	fa850cccb1	Release preparation for version 2.20.6	2025-03-03 17:13:19 +00:00
				`@@ -1 +0,0 @@`
				`\| PathCombine.cs:7:9:7:54 \| call to method Combine \| Call to 'System.IO.Path.Combine'. \|`