hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2720f5796590f4eaf8c855ea1fef542e7eb6077c
codeql/csharp/ql/lib/change-notes/released/4.0.1.md
github-actions[bot] 88b6f1e79a Release preparation for version 2.20.1
2025-01-07 20:50:36 +00:00

1.1 KiB
Raw Blame History

4.0.1

Minor Analysis Improvements

  • C# 13: Added QL library support for collection like type params parameters.
  • Added remote flow source models for properties of Blazor components annotated with any of the following attributes from Microsoft.AspNetCore.Components:
    • [SupplyParameterFromForm]
    • [SupplyParameterFromQuery]
  • Added the constructor and explicit cast operator of Microsoft.AspNetCore.Components.MarkupString as an html-injection sink. This will help catch cross-site scripting resulting from using MarkupString.
  • Added flow summaries for the Microsoft.AspNetCore.Mvc.Controller::View method.
  • The data flow library has been updated to track types in a slightly different way: The type of the tainted data (which may be stored into fields, etc.) is tracked more precisely, while the types of intermediate containers for nested contents is tracked less precisely. This may have a slight effect on false positives for complex flow paths.
  • The C# extractor now supports basic extraction of .NET 9 projects. There might be limited support for extraction of code using the new C# 13 language features.