## 0.9.0

### Breaking Changes

* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction.
* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction.

### Minor Analysis Improvements

* Added new source models for the `Dapper` package. These models can be enabled by enabling the `database` threat model.
* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream.
* Support for C# 12 / .NET8.
* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows.
* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs.
* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models.
* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model.
* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`.