codeql/7.0.0.md at 9d65b5f85c2c1027ca89250ac7bea9f7f8f4668c

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Files

Jon Janego e5efe83243 Fixing upstream backticks around problematic characters so that the RST generator doesn't choke on asterisks

2025-05-19 17:03:23 -05:00

7.0.0

Deleted the deprecated isLValue and isRValue predicates from the VarAccess class, use isVarWrite and isVarRead respectively instead.
Deleted the deprecated getRhs predicate from the VarWrite class, use getASource instead.
Deleted the deprecated LValue and RValue classes, use VarWrite and VarRead respectively instead.
Deleted a lot of deprecated classes ending in *Access, use the corresponding *Call classes instead.
Deleted a lot of deprecated predicates ending in *Access, use the corresponding *Call predicates instead.
Deleted the deprecated EnvInput and DatabaseInput classes from FlowSources.qll, use the threat models feature instead.
Deleted some deprecated API predicates from SensitiveApi.qll, use the Sink classes from that file instead.

We now allow classes which don't have any JAX-RS annotations to inherit JAX-RS annotations from superclasses or interfaces. This is not allowed in the JAX-RS specification, but some implementations, like Apache CXF, allow it. This may lead to more alerts being found.