hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.6
codeql/java/ql/lib/change-notes/released/0.7.2.md
github-actions[bot] 79c90fa36a Release preparation for version 2.14.2
2023-08-07 18:08:52 +00:00

14 lines
880 B
Markdown
Raw Permalink Blame History

## 0.7.2
### New Features
* A `Diagnostic.getCompilationInfo()` predicate has been added.
### Minor Analysis Improvements
* Fixed a typo in the `StdlibRandomSource` class in `RandomDataSource.qll`, which caused the class to improperly model calls to the `nextBytes` method. Queries relying on `StdlibRandomSource` may see an increase in results.
* Improved the precision of virtual dispatch of `java.io.InputStream` methods. Now, calls to these methods will not dispatch to arbitrary implementations of `InputStream` if there is a high-confidence alternative (like a models-as-data summary).
* Added more dataflow steps for `java.io.InputStream`s that wrap other `java.io.InputStream`s.
* Added models for the Struts 2 framework.
* Improved the modeling of Struts 2 sources of untrusted data by tainting the whole object graph of the objects unmarshaled from an HTTP request.
Reference in New Issue View Git Blame Copy Permalink