hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-09 00:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f6975117fe4591a735caad7ca310de7651227939
codeql/java/ql/src/change-notes/released/1.4.0.md
github-actions[bot] 84f6564cc0 Release preparation for version 2.21.0
2025-03-31 17:35:15 +00:00

1.2 KiB
Raw Blame History

1.4.0

New Queries

  • Added a new quality query, java/empty-method, to detect empty methods.
  • The query java/spring-boot-exposed-actuators has been promoted from experimental to the main query pack. Its results will now appear by default, and the query itself will be removed from the CodeQL Community Packs. This query was originally submitted as an experimental query by @ggolawski.

Major Analysis Improvements

  • Updated the java/unreleased-lock query so that it no longer report alerts in cases where a boolean variable is used to track lock state.

Minor Analysis Improvements

  • Fixed a false positive in "Time-of-check time-of-use race condition" (java/toctou-race-condition) where a field of a non-static class was not considered always-locked if it was accessed in a constructor.
  • Overrides of BroadcastReceiver::onReceive with no statements in their body are no longer considered unverified by the java/improper-intent-verification query. This will reduce false positives from onReceive methods which do not perform any actions.