diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 4dfbb8413e29..1759333d659d 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.4.26 + +### Major Analysis Improvements + +* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`. + ## 0.4.25 No user-facing changes. diff --git a/actions/ql/lib/change-notes/2025-11-28-fix-code-injection-alert-filtering.md b/actions/ql/lib/change-notes/released/0.4.26.md similarity index 81% rename from actions/ql/lib/change-notes/2025-11-28-fix-code-injection-alert-filtering.md rename to actions/ql/lib/change-notes/released/0.4.26.md index b80ef77c2bcc..80962fa638ee 100644 --- a/actions/ql/lib/change-notes/2025-11-28-fix-code-injection-alert-filtering.md +++ b/actions/ql/lib/change-notes/released/0.4.26.md @@ -1,4 +1,5 @@ ---- -category: majorAnalysis ---- +## 0.4.26 + +### Major Analysis Improvements + * The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 7b212c2605fb..06a4605c7674 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.25 +lastReleaseVersion: 0.4.26 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index f22b1a9a1991..4aeb44050836 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.26-dev +version: 0.4.26 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index 1e5d2cab0e7b..f667d2841851 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.18 + +No user-facing changes. + ## 0.6.17 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.18.md b/actions/ql/src/change-notes/released/0.6.18.md new file mode 100644 index 000000000000..77cbff5698a3 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.18.md @@ -0,0 +1,3 @@ +## 0.6.18 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index e1ac143badf0..b694a16787b1 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.17 +lastReleaseVersion: 0.6.18 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 70e9a6951167..f8b801a168a5 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.18-dev +version: 0.6.18 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 3a543c0da92e..a626fec99ae5 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,27 @@ +## 7.0.0 + +### Breaking Changes + +* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases. + +### Deprecated APIs + +* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead. + +### New Features + +* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations. +* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter. +* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators. + +### Minor Analysis Improvements + +* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants. + +### Bug Fixes + +* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results. + ## 6.1.4 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2026-01-02-constant-folding.md b/cpp/ql/lib/change-notes/2026-01-02-constant-folding.md deleted file mode 100644 index 8ac0f91b939b..000000000000 --- a/cpp/ql/lib/change-notes/2026-01-02-constant-folding.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants. diff --git a/cpp/ql/lib/change-notes/2026-01-02-decimal-removal.md b/cpp/ql/lib/change-notes/2026-01-02-decimal-removal.md deleted file mode 100644 index 19d0d545576f..000000000000 --- a/cpp/ql/lib/change-notes/2026-01-02-decimal-removal.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases. diff --git a/cpp/ql/lib/change-notes/2026-01-08-multidimensional-subscript-operator-1.md b/cpp/ql/lib/change-notes/2026-01-08-multidimensional-subscript-operator-1.md deleted file mode 100644 index c0ed98ac50b8..000000000000 --- a/cpp/ql/lib/change-notes/2026-01-08-multidimensional-subscript-operator-1.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators. diff --git a/cpp/ql/lib/change-notes/2026-01-08-multidimensional-subscript-operator-2.md b/cpp/ql/lib/change-notes/2026-01-08-multidimensional-subscript-operator-2.md deleted file mode 100644 index 0ce3bf385355..000000000000 --- a/cpp/ql/lib/change-notes/2026-01-08-multidimensional-subscript-operator-2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead. diff --git a/cpp/ql/lib/change-notes/2026-01-09-builtins.md b/cpp/ql/lib/change-notes/2026-01-09-builtins.md deleted file mode 100644 index ece5fba5de65..000000000000 --- a/cpp/ql/lib/change-notes/2026-01-09-builtins.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations. diff --git a/cpp/ql/lib/change-notes/2026-01-09-this-access.md b/cpp/ql/lib/change-notes/2026-01-09-this-access.md deleted file mode 100644 index e0934d8926b1..000000000000 --- a/cpp/ql/lib/change-notes/2026-01-09-this-access.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter. diff --git a/cpp/ql/lib/change-notes/2026-01-16-barrier-guard-conflation.md b/cpp/ql/lib/change-notes/2026-01-16-barrier-guard-conflation.md deleted file mode 100644 index fa1b52e469b9..000000000000 --- a/cpp/ql/lib/change-notes/2026-01-16-barrier-guard-conflation.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/released/7.0.0.md b/cpp/ql/lib/change-notes/released/7.0.0.md new file mode 100644 index 000000000000..737d9def38a6 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/7.0.0.md @@ -0,0 +1,23 @@ +## 7.0.0 + +### Breaking Changes + +* The `_Decimal32`, `_Decimal64`, and `_Decimal128` types are no longer exposed as builtin types. Support for these gcc-specific types was incomplete, and are generally not used in C/C++ codebases. + +### Deprecated APIs + +* The `OverloadedArrayExpr::getArrayOffset/0` predicate has been deprecated. Use `OverloadedArrayExpr::getArrayOffset/1` and `OverloadedArrayExpr::getAnArrayOffset` instead. + +### New Features + +* Added subclasses of `BuiltInOperations` for the `__is_bitwise_cloneable`, `__is_invocable`, and `__is_nothrow_invocable` builtin operations. +* Added a `isThisAccess` predicate to `ParamAccessForType` that holds when the access is to the implicit object parameter. +* Predicates `getArrayOffset/1` and `getAnArrayOffset` have been added to the `OverloadedArrayExpr` class to support C++23 multidimensional subscript operators. + +### Minor Analysis Improvements + +* Some constants will now be represented by their unfolded expression trees. The `isConstant` predicate of `Expr` will no longer yield a result for those constants. + +### Bug Fixes + +* Fixed a bug in the `DataFlow::BarrierGuard<...>::getABarrierNode` predicate which caused the predicate to return `DataFlow::Node`s with incorrect indirections. If you use `getABarrierNode` to implement barriers in a dataflow/taint-tracking query it may result in more query results. You can use `DataFlow::BarrierGuard<...>::getAnIndirectBarrierNode` to remove those query results. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 7dbbf7fb5537..e0db21c78694 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.1.4 +lastReleaseVersion: 7.0.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 028760350467..0eb6d3814258 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 6.1.5-dev +version: 7.0.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 6747d616b432..02a055ee266c 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.5.9 + +### Minor Analysis Improvements + +* The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees. + ## 1.5.8 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2026-01-02-constant-comparison.md b/cpp/ql/src/change-notes/released/1.5.9.md similarity index 78% rename from cpp/ql/src/change-notes/2026-01-02-constant-comparison.md rename to cpp/ql/src/change-notes/released/1.5.9.md index 2b37f31268d4..bc06ade90f72 100644 --- a/cpp/ql/src/change-notes/2026-01-02-constant-comparison.md +++ b/cpp/ql/src/change-notes/released/1.5.9.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.5.9 + +### Minor Analysis Improvements + * The `cpp/constant-comparison` query has been updated to not produce false positives for constants that are now represented by their unfolded expression trees. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index d26e0a527640..5ac7d08bfbfc 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.8 +lastReleaseVersion: 1.5.9 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 188d20e50b2d..6ae2e8d17505 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.9-dev +version: 1.5.9 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 6f9460e613ca..029e03a4c9e6 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.57 + +No user-facing changes. + ## 1.7.56 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.57.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.57.md new file mode 100644 index 000000000000..5d7f99bf24b4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.57.md @@ -0,0 +1,3 @@ +## 1.7.57 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index c228b5e0e710..4b2fd88d6a3e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.56 +lastReleaseVersion: 1.7.57 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 2e3b6a3a72d8..fbfa5cf88fad 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.57-dev +version: 1.7.57 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 6f9460e613ca..029e03a4c9e6 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.57 + +No user-facing changes. + ## 1.7.56 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.57.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.57.md new file mode 100644 index 000000000000..5d7f99bf24b4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.57.md @@ -0,0 +1,3 @@ +## 1.7.57 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index c228b5e0e710..4b2fd88d6a3e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.56 +lastReleaseVersion: 1.7.57 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 48e68f99dfa8..76ee08aa0b24 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.57-dev +version: 1.7.57 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 346d48fca291..371e10c370a3 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,22 @@ +## 5.4.5 + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files. +* Updated the generated .NET “models as data” runtime models to cover .NET 10. +* C# 14: Support for *implicit* span conversions in the QL library. +* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis. +* Added autobuilder and `build-mode: none` support for `.slnx` solution files. +* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere. +* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted. + +### Bug Fixes + +* Fixed two issues affecting build mode `none`: + * Corrected version sorting logic when detecting the newest .NET framework to use. + * Improved stability for .NET 10 compatibility. +* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed. + ## 5.4.4 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2025-12-03-implicit-map-value-reads.md b/csharp/ql/lib/change-notes/2025-12-03-implicit-map-value-reads.md deleted file mode 100644 index 2b7f47fe98d5..000000000000 --- a/csharp/ql/lib/change-notes/2025-12-03-implicit-map-value-reads.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2025-12-03-run-tracer-after-compilation.md b/csharp/ql/lib/change-notes/2025-12-03-run-tracer-after-compilation.md deleted file mode 100644 index d7dd475cb0b4..000000000000 --- a/csharp/ql/lib/change-notes/2025-12-03-run-tracer-after-compilation.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed. diff --git a/csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md b/csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md deleted file mode 100644 index af1f1b919666..000000000000 --- a/csharp/ql/lib/change-notes/2025-12-04-bmn-dotnet-fixes.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: fix ---- -* Fixed two issues affecting build mode `none`: - * Corrected version sorting logic when detecting the newest .NET framework to use. - * Improved stability for .NET 10 compatibility. diff --git a/csharp/ql/lib/change-notes/2025-12-09-bmn-default-dotnet.md b/csharp/ql/lib/change-notes/2025-12-09-bmn-default-dotnet.md deleted file mode 100644 index 832e6069ee07..000000000000 --- a/csharp/ql/lib/change-notes/2025-12-09-bmn-default-dotnet.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere. diff --git a/csharp/ql/lib/change-notes/2025-12-11-net10-basic-support.md b/csharp/ql/lib/change-notes/2025-12-11-net10-basic-support.md deleted file mode 100644 index d15a55a7eb41..000000000000 --- a/csharp/ql/lib/change-notes/2025-12-11-net10-basic-support.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis. diff --git a/csharp/ql/lib/change-notes/2025-12-11-slnx-support.md b/csharp/ql/lib/change-notes/2025-12-11-slnx-support.md deleted file mode 100644 index 9ca9b9898125..000000000000 --- a/csharp/ql/lib/change-notes/2025-12-11-slnx-support.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added autobuilder and `build-mode: none` support for `.slnx` solution files. diff --git a/csharp/ql/lib/change-notes/2025-12-18-implicit-span-conversions.md b/csharp/ql/lib/change-notes/2025-12-18-implicit-span-conversions.md deleted file mode 100644 index 0c2f54d20920..000000000000 --- a/csharp/ql/lib/change-notes/2025-12-18-implicit-span-conversions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* C# 14: Support for *implicit* span conversions in the QL library. diff --git a/csharp/ql/lib/change-notes/2026-01-05-net-runtime-models.md b/csharp/ql/lib/change-notes/2026-01-05-net-runtime-models.md deleted file mode 100644 index 58b27f1893fb..000000000000 --- a/csharp/ql/lib/change-notes/2026-01-05-net-runtime-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Updated the generated .NET “models as data” runtime models to cover .NET 10. diff --git a/csharp/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md b/csharp/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md deleted file mode 100644 index ac96e579147d..000000000000 --- a/csharp/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files. diff --git a/csharp/ql/lib/change-notes/released/5.4.5.md b/csharp/ql/lib/change-notes/released/5.4.5.md new file mode 100644 index 000000000000..a084df5f2008 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/5.4.5.md @@ -0,0 +1,18 @@ +## 5.4.5 + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the C# extractor's search for `.config`, `.props`, XML and project files. +* Updated the generated .NET “models as data” runtime models to cover .NET 10. +* C# 14: Support for *implicit* span conversions in the QL library. +* Basic extractor support for .NET 10 is now available. Extraction is supported for .NET 10 projects in both traced mode and `build mode: none`. However, code that uses language features new to C# 14 is not yet fully supported for extraction and analysis. +* Added autobuilder and `build-mode: none` support for `.slnx` solution files. +* In `build mode: none`, .NET 10 is now used by default unless a specific .NET version is specified elsewhere. +* Added implicit reads of `System.Collections.Generic.KeyValuePair.Value` at taint-tracking sinks and at inputs to additional taint steps. As a result, taint-tracking queries will now produce more results when a container is tainted. + +### Bug Fixes + +* Fixed two issues affecting build mode `none`: + * Corrected version sorting logic when detecting the newest .NET framework to use. + * Improved stability for .NET 10 compatibility. +* Fixed an issue where compiler-generated files were not being extracted. The extractor now runs after compilation completes to ensure all generated files are properly analyzed. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index cb0e3d32e76a..e79e40bd1d84 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.4.4 +lastReleaseVersion: 5.4.5 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index a524b9cefbc9..2991ad96180d 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.4.5-dev +version: 5.4.5 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 3ac11a9af346..b3c3276ae5cc 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 1.6.0 + +### Query Metadata Changes + +* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem. + +### Minor Analysis Improvements + +* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks. +* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core. + ## 1.5.4 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2025-12-08-csrf-aspnetcore.md b/csharp/ql/src/change-notes/2025-12-08-csrf-aspnetcore.md deleted file mode 100644 index e4a1f64ef144..000000000000 --- a/csharp/ql/src/change-notes/2025-12-08-csrf-aspnetcore.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core. diff --git a/csharp/ql/src/change-notes/2025-12-11-nhibernate-sql-sinks.md b/csharp/ql/src/change-notes/2025-12-11-nhibernate-sql-sinks.md deleted file mode 100644 index c2ce476dd7a7..000000000000 --- a/csharp/ql/src/change-notes/2025-12-11-nhibernate-sql-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks. \ No newline at end of file diff --git a/csharp/ql/src/change-notes/2025-12-16-path-combine-metadata.md b/csharp/ql/src/change-notes/2025-12-16-path-combine-metadata.md deleted file mode 100644 index 23c74d273984..000000000000 --- a/csharp/ql/src/change-notes/2025-12-16-path-combine-metadata.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem. diff --git a/csharp/ql/src/change-notes/released/1.6.0.md b/csharp/ql/src/change-notes/released/1.6.0.md new file mode 100644 index 000000000000..36b3c6574eab --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.6.0.md @@ -0,0 +1,10 @@ +## 1.6.0 + +### Query Metadata Changes + +* Updated the `name`, `description`, and alert message of `cs/path-combine` to have more details about why it's a problem. + +### Minor Analysis Improvements + +* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks. +* The `Missing cross-site request forgery token validation` query was extended to support ASP.NET Core. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index c216828ee1c3..c4f0b07d5336 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.4 +lastReleaseVersion: 1.6.0 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index b54e4d5c3670..0dbbc39c39d2 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.5.5-dev +version: 1.6.0 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index dd213e111b4e..8718668249fd 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.40.md b/go/ql/consistency-queries/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index afcddda3b5a8..8e49b3c32254 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.40-dev +version: 1.0.40 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 53eac41e6963..97391d2342af 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 6.0.0 + +### Breaking Changes + +* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack. + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files. + ## 5.0.6 No user-facing changes. diff --git a/go/ql/lib/change-notes/2025-11-26-unexpected-frontend-errors-query-moved.md b/go/ql/lib/change-notes/2025-11-26-unexpected-frontend-errors-query-moved.md deleted file mode 100644 index cf4b724dbd92..000000000000 --- a/go/ql/lib/change-notes/2025-11-26-unexpected-frontend-errors-query-moved.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack. diff --git a/go/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md b/go/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md deleted file mode 100644 index bf9c4553573a..000000000000 --- a/go/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files. diff --git a/go/ql/lib/change-notes/released/6.0.0.md b/go/ql/lib/change-notes/released/6.0.0.md new file mode 100644 index 000000000000..1e02ee8eea09 --- /dev/null +++ b/go/ql/lib/change-notes/released/6.0.0.md @@ -0,0 +1,9 @@ +## 6.0.0 + +### Breaking Changes + +* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack. + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Go extractor's search for `.vue` and HTML files. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index cc6fded2554d..f8c4fa43ccb7 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.0.6 +lastReleaseVersion: 6.0.0 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 3b929e9335a8..89863fc641af 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 5.0.7-dev +version: 6.0.0 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 1f4ae4f3a578..8a2f1355eec8 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.4 + +No user-facing changes. + ## 1.5.3 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.5.4.md b/go/ql/src/change-notes/released/1.5.4.md new file mode 100644 index 000000000000..5ff5ac8ebb7c --- /dev/null +++ b/go/ql/src/change-notes/released/1.5.4.md @@ -0,0 +1,3 @@ +## 1.5.4 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 232224b0e267..c216828ee1c3 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.3 +lastReleaseVersion: 1.5.4 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 1545b6b7195a..e6c835ad42a9 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.5.4-dev +version: 1.5.4 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 1180f563d23f..cd0db2ab96f5 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 7.8.4 + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files. +* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled. +* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe. +* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`. +* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`. + ## 7.8.3 No user-facing changes. diff --git a/java/ql/lib/change-notes/2024-09-24-multipart.md b/java/ql/lib/change-notes/2024-09-24-multipart.md deleted file mode 100644 index e11026980658..000000000000 --- a/java/ql/lib/change-notes/2024-09-24-multipart.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md b/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md deleted file mode 100644 index 4a18b5304723..000000000000 --- a/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`. diff --git a/java/ql/lib/change-notes/2025-12-02-improve-regex-sanitizer.md b/java/ql/lib/change-notes/2025-12-02-improve-regex-sanitizer.md deleted file mode 100644 index 77ce0dc583c9..000000000000 --- a/java/ql/lib/change-notes/2025-12-02-improve-regex-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe. diff --git a/java/ql/lib/change-notes/2025-12-08-spring-websocket-handler.md b/java/ql/lib/change-notes/2025-12-08-spring-websocket-handler.md deleted file mode 100644 index d3ca7f07025c..000000000000 --- a/java/ql/lib/change-notes/2025-12-08-spring-websocket-handler.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled. \ No newline at end of file diff --git a/java/ql/lib/change-notes/2025-12-16-java-xml-paths.md b/java/ql/lib/change-notes/2025-12-16-java-xml-paths.md deleted file mode 100644 index 877d0e7e2edd..000000000000 --- a/java/ql/lib/change-notes/2025-12-16-java-xml-paths.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files. diff --git a/java/ql/lib/change-notes/released/7.8.4.md b/java/ql/lib/change-notes/released/7.8.4.md new file mode 100644 index 000000000000..cfeb5048cffc --- /dev/null +++ b/java/ql/lib/change-notes/released/7.8.4.md @@ -0,0 +1,9 @@ +## 7.8.4 + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Java extractor's search for XML and properties files. +* Additional remote flow sources from the `org.springframework.web.socket` package have been modeled. +* A sanitizer has been added to `java/ssrf` to remove alerts when a regular expression check is used to verify that the value is safe. +* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`. +* Added more dataflow models of `org.apache.commons.fileupload.FileItem`, `javax/jakarta.servlet.http.Part` and `org.apache.commons.fileupload.util.Streams`. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 41a48ad0ff83..c8145c25bf66 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.8.3 +lastReleaseVersion: 7.8.4 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 4cf6e5e75f43..e4c0fd1c9a1e 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.8.4-dev +version: 7.8.4 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index be5a172bb6c6..113c024d14a2 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.10.5 + +### Minor Analysis Improvements + +* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Credentials queries. +* Java thread safety analysis now understands initialization to thread safe classes inside constructors. + ## 1.10.4 No user-facing changes. diff --git a/java/ql/src/change-notes/2025-11-25-thread-safe-initializers.md b/java/ql/src/change-notes/2025-11-25-thread-safe-initializers.md deleted file mode 100644 index f373dae839df..000000000000 --- a/java/ql/src/change-notes/2025-11-25-thread-safe-initializers.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Java thread safety analysis now understands initialization to thread safe classes inside constructors. \ No newline at end of file diff --git a/java/ql/src/change-notes/2025-12-24-couchbase-sinks.md b/java/ql/src/change-notes/2025-12-24-couchbase-sinks.md deleted file mode 100644 index 473c708dcfb4..000000000000 --- a/java/ql/src/change-notes/2025-12-24-couchbase-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Cretentials queries. diff --git a/java/ql/src/change-notes/released/1.10.5.md b/java/ql/src/change-notes/released/1.10.5.md new file mode 100644 index 000000000000..03136b7afe28 --- /dev/null +++ b/java/ql/src/change-notes/released/1.10.5.md @@ -0,0 +1,6 @@ +## 1.10.5 + +### Minor Analysis Improvements + +* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Credentials queries. +* Java thread safety analysis now understands initialization to thread safe classes inside constructors. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 35049ec188b1..2b3096747d57 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.10.4 +lastReleaseVersion: 1.10.5 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index cfff0aa4e78a..e3fa999e0bc0 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.10.5-dev +version: 1.10.5 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 88fd8b8ea016..08f8bb5fbb26 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 2.6.20 + +### Minor Analysis Improvements + +* Support `use cache` directives for Next.js 16. +* Added `PreCallGraphStep` flow model for React's `useRef` hook. +* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook. + ## 2.6.19 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2025-10-21-react-precallgraph-step.md b/javascript/ql/lib/change-notes/2025-10-21-react-precallgraph-step.md deleted file mode 100644 index e28a900e8d9c..000000000000 --- a/javascript/ql/lib/change-notes/2025-10-21-react-precallgraph-step.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `PreCallGraphStep` flow model for React's `useRef` hook. -* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/2025-11-30-use-cache-directives.md b/javascript/ql/lib/change-notes/2025-11-30-use-cache-directives.md deleted file mode 100644 index 6a8edce26d1e..000000000000 --- a/javascript/ql/lib/change-notes/2025-11-30-use-cache-directives.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -- Support `use cache` directives for Next.js 16. diff --git a/javascript/ql/lib/change-notes/released/2.6.20.md b/javascript/ql/lib/change-notes/released/2.6.20.md new file mode 100644 index 000000000000..d5c89a62f513 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.20.md @@ -0,0 +1,7 @@ +## 2.6.20 + +### Minor Analysis Improvements + +* Support `use cache` directives for Next.js 16. +* Added `PreCallGraphStep` flow model for React's `useRef` hook. +* Added a `DomValueSource` that uses the `current` property off the object returned by React's `useRef` hook. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 679db550b200..3c7db9023cc3 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.19 +lastReleaseVersion: 2.6.20 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 889177c61b73..2a70f7bc42ef 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.20-dev +version: 2.6.20 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 8c7ad99925a1..d3a5bfa8f82a 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,20 @@ +## 2.3.0 + +### Major Analysis Improvements + +* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed. + For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable + `CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`. + +### Minor Analysis Improvements + +* The model of `vue-router` now properly detects taint sources in cases where + the `props` property is a callback. +* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files + named `route` or `page` appearing outside `api` and `pages` folders. +* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header + is set, since the content type defaults to `text/plain`. + ## 2.2.4 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2025-11-26-nextjs-page-route-files.md b/javascript/ql/src/change-notes/2025-11-26-nextjs-page-route-files.md deleted file mode 100644 index b1f87b63d316..000000000000 --- a/javascript/ql/src/change-notes/2025-11-26-nextjs-page-route-files.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files - named `route` or `page` appearing outside `api` and `pages` folders. diff --git a/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md b/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md deleted file mode 100644 index 67ece0e53539..000000000000 --- a/javascript/ql/src/change-notes/2025-11-26-response-default-content-type.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header - is set, since the content type defaults to `text/plain`. diff --git a/javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md b/javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md deleted file mode 100644 index 6d5309fa5c7a..000000000000 --- a/javascript/ql/src/change-notes/2025-12-05-skip-minified-files.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -category: majorAnalysis ---- -* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed. - For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable - `CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`. diff --git a/javascript/ql/src/change-notes/2026-01-13-vue-props-callbacks.md b/javascript/ql/src/change-notes/2026-01-13-vue-props-callbacks.md deleted file mode 100644 index f84e193782d2..000000000000 --- a/javascript/ql/src/change-notes/2026-01-13-vue-props-callbacks.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The model of `vue-router` now properly detects taint sources in cases where - the `props` property is a callback. diff --git a/javascript/ql/src/change-notes/released/2.3.0.md b/javascript/ql/src/change-notes/released/2.3.0.md new file mode 100644 index 000000000000..cae1b2f75030 --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.3.0.md @@ -0,0 +1,16 @@ +## 2.3.0 + +### Major Analysis Improvements + +* JavaScript files with an average line length greater than 200 are now considered minified and will no longer be analyzed. + For use-cases where minified files should be analyzed, the original behavior can be restored by setting the environment variable + `CODEQL_EXTRACTOR_JAVASCRIPT_ALLOW_MINIFIED_FILES=true`. + +### Minor Analysis Improvements + +* The model of `vue-router` now properly detects taint sources in cases where + the `props` property is a callback. +* Fixed a bug in the Next.js model that would cause the analysis to miss server-side taint sources in files + named `route` or `page` appearing outside `api` and `pages` folders. +* `new Response(x)` is no longer seen as a reflected XSS sink when no `content-type` header + is set, since the content type defaults to `text/plain`. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 5d34f486fd4b..5936154675ae 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.2.4 +lastReleaseVersion: 2.3.0 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 3b73d75ad232..354f56fbdec8 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.2.5-dev +version: 2.3.0 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 61f60bfdac21..3fa0771beca0 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.40.md b/misc/suite-helpers/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index fd26cf0f0077..1bbc2748929c 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.40-dev +version: 1.0.40 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index c18a0cc83d17..c1cb74c2e310 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,24 @@ +## 6.0.0 + +### Breaking Changes + +* All modules that depend on the points-to analysis have now been removed from the top level `python.qll` module. To access the points-to functionality, import the new `LegacyPointsTo` module. This also means that some predicates have been removed from various classes, for instance `Function.getFunctionObject()`. To access these predicates, import the `LegacyPointsTo` module and use the `FunctionWithPointsTo` class instead. Most cases follow this pattern, but there are a few exceptions: + * The `getLiteralObject` method on `ImmutableLiteral` subclasses has been replaced with a predicate `getLiteralObject(ImmutableLiteral l)` in the `LegacyPointsTo` module. + * The `getMetrics` method on `Function`, `Class`, and `Module` has been removed. To access metrics, import `LegacyPointsTo` and use the classes `FunctionMetrics`, etc. instead. + +### New Features + +* The extractor now supports the new, relaxed syntax `except A, B, C: ...` (which would previously have to be written as `except (A, B, C): ...`) as defined in [PEP-758](https://peps.python.org/pep-0758/). This may cause changes in results for code that uses Python 2-style exception binding (`except Foo, e: ...`). The more modern format, `except Foo as e: ...` (available since Python 2.6) is unaffected. +* The Python extractor now supports template strings as defined in [PEP-750](https://peps.python.org/pep-0750/), through the classes `TemplateString` and `JoinedTemplateString`. + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Python extractor's search for YAML files. +* The `compression.zstd` library (added in Python 3.14) is now supported by the `py/decompression-bomb` query. +* Added taint flow model and type model for `urllib.parseurl`. +* Remote flow sources for the `python-socketio` package have been modeled. +* Additional models for remote flow sources for `tornado.websocket.WebSocketHandler` have been added. + ## 5.0.4 No user-facing changes. diff --git a/python/ql/lib/change-notes/2025-11-22-tornado-websockets.md b/python/ql/lib/change-notes/2025-11-22-tornado-websockets.md deleted file mode 100644 index 8ba2ef549eea..000000000000 --- a/python/ql/lib/change-notes/2025-11-22-tornado-websockets.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional models for remote flow sources for `tornado.websocket.WebSocketHandler` have been added. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2025-11-26-model-ParseResult.md b/python/ql/lib/change-notes/2025-11-26-model-ParseResult.md deleted file mode 100644 index 9d4616436133..000000000000 --- a/python/ql/lib/change-notes/2025-11-26-model-ParseResult.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added taint flow model and type model for `urllib.parseurl`. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2025-11-26-remove-top-level-points-to-import.md b/python/ql/lib/change-notes/2025-11-26-remove-top-level-points-to-import.md deleted file mode 100644 index 7122c217c418..000000000000 --- a/python/ql/lib/change-notes/2025-11-26-remove-top-level-points-to-import.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -category: breaking ---- - -* All modules that depend on the points-to analysis have now been removed from the top level `python.qll` module. To access the points-to functionality, import the new `LegacyPointsTo` module. This also means that some predicates have been removed from various classes, for instance `Function.getFunctionObject()`. To access these predicates, import the `LegacyPointsTo` module and use the `FunctionWithPointsTo` class instead. Most cases follow this pattern, but there are a few exceptions: - * The `getLiteralObject` method on `ImmutableLiteral` subclasses has been replaced with a predicate `getLiteralObject(ImmutableLiteral l)` in the `LegacyPointsTo` module. - * The `getMetrics` method on `Function`, `Class`, and `Module` has been removed. To access metrics, import `LegacyPointsTo` and use the classes `FunctionMetrics`, etc. instead. diff --git a/python/ql/lib/change-notes/2025-11-26-socketio.md b/python/ql/lib/change-notes/2025-11-26-socketio.md deleted file mode 100644 index e58bec0bbc12..000000000000 --- a/python/ql/lib/change-notes/2025-11-26-socketio.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Remote flow sources for the `python-socketio` package have been modeled. \ No newline at end of file diff --git a/python/ql/lib/change-notes/2025-12-04-support-template-string-literals.md b/python/ql/lib/change-notes/2025-12-04-support-template-string-literals.md deleted file mode 100644 index 1c4fc58c09b7..000000000000 --- a/python/ql/lib/change-notes/2025-12-04-support-template-string-literals.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The Python extractor now supports template strings as defined in [PEP-750](https://peps.python.org/pep-0750/), through the classes `TemplateString` and `JoinedTemplateString`. diff --git a/python/ql/lib/change-notes/2025-12-09-add-modelling-of-zstd-compression.md b/python/ql/lib/change-notes/2025-12-09-add-modelling-of-zstd-compression.md deleted file mode 100644 index 8ec42ca0db2e..000000000000 --- a/python/ql/lib/change-notes/2025-12-09-add-modelling-of-zstd-compression.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `compression.zstd` library (added in Python 3.14) is now supported by the `py/decompression-bomb` query. diff --git a/python/ql/lib/change-notes/2025-12-09-python-support-relaxed-except-syntax.md b/python/ql/lib/change-notes/2025-12-09-python-support-relaxed-except-syntax.md deleted file mode 100644 index 6187bc8136c0..000000000000 --- a/python/ql/lib/change-notes/2025-12-09-python-support-relaxed-except-syntax.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The extractor now supports the new, relaxed syntax `except A, B, C: ...` (which would previously have to be written as `except (A, B, C): ...`) as defined in [PEP-758](https://peps.python.org/pep-0758/). This may cause changes in results for code that uses Python 2-style exception binding (`except Foo, e: ...`). The more modern format, `except Foo as e: ...` (available since Python 2.6) is unaffected. diff --git a/python/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md b/python/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md deleted file mode 100644 index ed16f8b6565d..000000000000 --- a/python/ql/lib/change-notes/2026-01-06-paths-directives-ancillary-data.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Python extractor's search for YAML files. diff --git a/python/ql/lib/change-notes/released/6.0.0.md b/python/ql/lib/change-notes/released/6.0.0.md new file mode 100644 index 000000000000..57de62fb2580 --- /dev/null +++ b/python/ql/lib/change-notes/released/6.0.0.md @@ -0,0 +1,20 @@ +## 6.0.0 + +### Breaking Changes + +* All modules that depend on the points-to analysis have now been removed from the top level `python.qll` module. To access the points-to functionality, import the new `LegacyPointsTo` module. This also means that some predicates have been removed from various classes, for instance `Function.getFunctionObject()`. To access these predicates, import the `LegacyPointsTo` module and use the `FunctionWithPointsTo` class instead. Most cases follow this pattern, but there are a few exceptions: + * The `getLiteralObject` method on `ImmutableLiteral` subclasses has been replaced with a predicate `getLiteralObject(ImmutableLiteral l)` in the `LegacyPointsTo` module. + * The `getMetrics` method on `Function`, `Class`, and `Module` has been removed. To access metrics, import `LegacyPointsTo` and use the classes `FunctionMetrics`, etc. instead. + +### New Features + +* The extractor now supports the new, relaxed syntax `except A, B, C: ...` (which would previously have to be written as `except (A, B, C): ...`) as defined in [PEP-758](https://peps.python.org/pep-0758/). This may cause changes in results for code that uses Python 2-style exception binding (`except Foo, e: ...`). The more modern format, `except Foo as e: ...` (available since Python 2.6) is unaffected. +* The Python extractor now supports template strings as defined in [PEP-750](https://peps.python.org/pep-0750/), through the classes `TemplateString` and `JoinedTemplateString`. + +### Minor Analysis Improvements + +* When a code-scanning configuration specifies the `paths:` and/or `paths-ignore:` settings, these are now taken into account by the Python extractor's search for YAML files. +* The `compression.zstd` library (added in Python 3.14) is now supported by the `py/decompression-bomb` query. +* Added taint flow model and type model for `urllib.parseurl`. +* Remote flow sources for the `python-socketio` package have been modeled. +* Additional models for remote flow sources for `tornado.websocket.WebSocketHandler` have been added. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 8cb0167caf0c..f8c4fa43ccb7 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.0.4 +lastReleaseVersion: 6.0.0 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 359cd85edc21..1a004b22db39 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 5.0.5-dev +version: 6.0.0 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 5293d4c00a48..9b09127c0ae7 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.5 + +No user-facing changes. + ## 1.7.4 No user-facing changes. diff --git a/python/ql/src/change-notes/released/1.7.5.md b/python/ql/src/change-notes/released/1.7.5.md new file mode 100644 index 000000000000..f17d9279e0df --- /dev/null +++ b/python/ql/src/change-notes/released/1.7.5.md @@ -0,0 +1,3 @@ +## 1.7.5 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index f4f3a4d51201..83aebd7c12a0 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.4 +lastReleaseVersion: 1.7.5 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 235fe00a9bcb..12afe3f0f0e7 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.7.5-dev +version: 1.7.5 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 5a83b32807ad..e6150ac44bc0 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.1.8 + +No user-facing changes. + ## 5.1.7 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/5.1.8.md b/ruby/ql/lib/change-notes/released/5.1.8.md new file mode 100644 index 000000000000..9e1ff36f31f5 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.1.8.md @@ -0,0 +1,3 @@ +## 5.1.8 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index f26524e1fd9a..8ffbb79d2249 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.7 +lastReleaseVersion: 5.1.8 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 8418f9186bbe..26d2c7779c71 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.8-dev +version: 5.1.8 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 3968418c40b0..43e207937df8 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.5 + +No user-facing changes. + ## 1.5.4 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.5.5.md b/ruby/ql/src/change-notes/released/1.5.5.md new file mode 100644 index 000000000000..76d0ac894891 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.5.5.md @@ -0,0 +1,3 @@ +## 1.5.5 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index c216828ee1c3..1c73e9d9ce9e 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.4 +lastReleaseVersion: 1.5.5 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 00834e121520..bdd831593cb9 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.5.5-dev +version: 1.5.5 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 6dd2293abebd..c06726370dfd 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.2.4 + +### Minor Analysis Improvements + +* The `Deref` trait is now considered during method resolution. This means that method calls on receivers implementing the `Deref` trait will correctly resolve to methods defined on the target type. This may result in additional query results, especially for data flow queries. +* Renamed the `Adt` class to `TypeItem` and moved common predicates from `Struct`, `Enum`, and `Union` to `TypeItem`. +* Added models for the Axum web application framework. +* Reading content of a value now carries taint if the value itself is tainted. For instance, if `s` is tainted then `s.field` is also tainted. This generally improves taint flow. +* The call graph is now more precise for calls that target a trait function with a default implemention. This reduces the number of false positives for data flow queries. +* Improved type inference for raw pointers (`*const` and `*mut`). This includes type inference for the raw borrow operators (`&raw const` and `&raw mut`) and dereferencing of raw pointers. + ## 0.2.3 No user-facing changes. diff --git a/rust/ql/lib/change-notes/2025-12-03-type-inference-raw-pointers.md b/rust/ql/lib/change-notes/2025-12-03-type-inference-raw-pointers.md deleted file mode 100644 index a24f86ad897a..000000000000 --- a/rust/ql/lib/change-notes/2025-12-03-type-inference-raw-pointers.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved type inference for raw pointers (`*const` and `*mut`). This includes type inference for the raw borrow operators (`&raw const` and `&raw mut`) and dereferencing of raw pointers. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/2025-12-05-trait-function-dispatch.md b/rust/ql/lib/change-notes/2025-12-05-trait-function-dispatch.md deleted file mode 100644 index 5a6f09911619..000000000000 --- a/rust/ql/lib/change-notes/2025-12-05-trait-function-dispatch.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The call graph is now more precise for calls that target a trait function with a default implemention. This reduces the number of false positives for data flow queries. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/2025-12-11-read-as-taint.md b/rust/ql/lib/change-notes/2025-12-11-read-as-taint.md deleted file mode 100644 index 3e1cabd75f79..000000000000 --- a/rust/ql/lib/change-notes/2025-12-11-read-as-taint.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Reading content of a value now carries taint if the value itself is tainted. For instance, if `s` is tainted then `s.field` is also tainted. This generally improves taint flow. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/2025-12-16-axum-models.md b/rust/ql/lib/change-notes/2025-12-16-axum-models.md deleted file mode 100644 index baa5910d799c..000000000000 --- a/rust/ql/lib/change-notes/2025-12-16-axum-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the Axum web application framework. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/2025-12-17-adt-rename.md b/rust/ql/lib/change-notes/2025-12-17-adt-rename.md deleted file mode 100644 index 0b66b4664a15..000000000000 --- a/rust/ql/lib/change-notes/2025-12-17-adt-rename.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Renamed the `Adt` class to `TypeItem` and moved common predicates from `Struct`, `Enum`, and `Union` to `TypeItem`. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/2026-01-07-method-resolution-deref-trait.md b/rust/ql/lib/change-notes/2026-01-07-method-resolution-deref-trait.md deleted file mode 100644 index 2ed9cf750cb2..000000000000 --- a/rust/ql/lib/change-notes/2026-01-07-method-resolution-deref-trait.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `Deref` trait is now considered during method resolution. This means that method calls on receivers implementing the `Deref` trait will correctly resolve to methods defined on the target type. This may result in additional query results, especially for data flow queries. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/released/0.2.4.md b/rust/ql/lib/change-notes/released/0.2.4.md new file mode 100644 index 000000000000..3920a3080444 --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.2.4.md @@ -0,0 +1,10 @@ +## 0.2.4 + +### Minor Analysis Improvements + +* The `Deref` trait is now considered during method resolution. This means that method calls on receivers implementing the `Deref` trait will correctly resolve to methods defined on the target type. This may result in additional query results, especially for data flow queries. +* Renamed the `Adt` class to `TypeItem` and moved common predicates from `Struct`, `Enum`, and `Union` to `TypeItem`. +* Added models for the Axum web application framework. +* Reading content of a value now carries taint if the value itself is tainted. For instance, if `s` is tainted then `s.field` is also tainted. This generally improves taint flow. +* The call graph is now more precise for calls that target a trait function with a default implemention. This reduces the number of false positives for data flow queries. +* Improved type inference for raw pointers (`*const` and `*mut`). This includes type inference for the raw borrow operators (`&raw const` and `&raw mut`) and dereferencing of raw pointers. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index 0b605901b424..7f1e3841dcd6 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.3 +lastReleaseVersion: 0.2.4 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 568418c13326..ef1689ff0763 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.4-dev +version: 0.2.4 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 36aec92674df..6f17ba911334 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,12 @@ +## 0.1.25 + +### Minor Analysis Improvements + +* Fixed common false positives for the `rust/unused-variable` and `rust/unused-value` queries. +* Fixed false positives from the `rust/access-invalid-pointer` query, by only considering dereferences of raw pointers as sinks. +* Fixed false positives from the `rust/access-after-lifetime-ended` query, involving calls to trait methods. +* The `rust/hard-coded-cryptographic-value` query has been extended with new heuristic sinks identifying passwords, initialization vectors, nonces and salts. + ## 0.1.24 No user-facing changes. diff --git a/rust/ql/src/change-notes/2025-12-01-hard-coded-cryptographic-value.md b/rust/ql/src/change-notes/2025-12-01-hard-coded-cryptographic-value.md deleted file mode 100644 index f211982df625..000000000000 --- a/rust/ql/src/change-notes/2025-12-01-hard-coded-cryptographic-value.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `rust/hard-coded-cryptographic-value` query has been extended with new heuristic sinks identifying passwords, initialization vectors, nonces and salts. diff --git a/rust/ql/src/change-notes/2025-12-04-access-after-lifetime-ended.md b/rust/ql/src/change-notes/2025-12-04-access-after-lifetime-ended.md deleted file mode 100644 index 1e9200eec8f1..000000000000 --- a/rust/ql/src/change-notes/2025-12-04-access-after-lifetime-ended.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed false positives from the `rust/access-after-lifetime-ended` query, involving calls to trait methods. diff --git a/rust/ql/src/change-notes/2025-12-05-exclude-dereference-sinks.md b/rust/ql/src/change-notes/2025-12-05-exclude-dereference-sinks.md deleted file mode 100644 index c0ccd758e8d7..000000000000 --- a/rust/ql/src/change-notes/2025-12-05-exclude-dereference-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed false positives from the `rust/access-invalid-pointer` query, by only considering dereferences of raw pointers as sinks. diff --git a/rust/ql/src/change-notes/2025-12-10-unused-variable.md b/rust/ql/src/change-notes/2025-12-10-unused-variable.md deleted file mode 100644 index 7391255e608c..000000000000 --- a/rust/ql/src/change-notes/2025-12-10-unused-variable.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed common false positives for the `rust/unused-variable` and `rust/unused-value` queries. diff --git a/rust/ql/src/change-notes/released/0.1.25.md b/rust/ql/src/change-notes/released/0.1.25.md new file mode 100644 index 000000000000..36eda5e08519 --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.25.md @@ -0,0 +1,8 @@ +## 0.1.25 + +### Minor Analysis Improvements + +* Fixed common false positives for the `rust/unused-variable` and `rust/unused-value` queries. +* Fixed false positives from the `rust/access-invalid-pointer` query, by only considering dereferences of raw pointers as sinks. +* Fixed false positives from the `rust/access-after-lifetime-ended` query, involving calls to trait methods. +* The `rust/hard-coded-cryptographic-value` query has been extended with new heuristic sinks identifying passwords, initialization vectors, nonces and salts. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index 561fd0bfe38f..44eb1ee2438f 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.24 +lastReleaseVersion: 0.1.25 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 6a834256d50e..b52234c51d66 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.25-dev +version: 0.1.25 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index 48b330cf5a12..161a50915157 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.14 + +No user-facing changes. + ## 0.0.13 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.14.md b/shared/concepts/change-notes/released/0.0.14.md new file mode 100644 index 000000000000..63b4d50ca454 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.14.md @@ -0,0 +1,3 @@ +## 0.0.14 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index 044e54e4f7e5..ca29e45d0a67 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.13 +lastReleaseVersion: 0.0.14 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 767770ce24ab..8689cc4a66fd 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.14-dev +version: 0.0.14 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index f5521a1d4034..a0141238ede7 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.24 + +No user-facing changes. + ## 2.0.23 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.24.md b/shared/controlflow/change-notes/released/2.0.24.md new file mode 100644 index 000000000000..6547901c3343 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.24.md @@ -0,0 +1,3 @@ +## 2.0.24 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 1bd7e296a34f..1460df314d51 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.23 +lastReleaseVersion: 2.0.24 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 4829cf189407..1e786f4a39a6 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.24-dev +version: 2.0.24 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index b8f8111a341d..2190138e037d 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.24 + +No user-facing changes. + ## 2.0.23 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.0.24.md b/shared/dataflow/change-notes/released/2.0.24.md new file mode 100644 index 000000000000..6547901c3343 --- /dev/null +++ b/shared/dataflow/change-notes/released/2.0.24.md @@ -0,0 +1,3 @@ +## 2.0.24 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 1bd7e296a34f..1460df314d51 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.23 +lastReleaseVersion: 2.0.24 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 88e3717ad91d..2030371e5faa 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.24-dev +version: 2.0.24 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 799b76d1aad3..40e305bad35d 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.40.md b/shared/mad/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/mad/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 3726498ddf2b..c5247c9c9337 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 96dafca57683..172f2ee2b297 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.18 + +No user-facing changes. + ## 0.0.17 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.18.md b/shared/quantum/change-notes/released/0.0.18.md new file mode 100644 index 000000000000..86c60b8abe73 --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.18.md @@ -0,0 +1,3 @@ +## 0.0.18 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index cbc3d3cd4934..a0d2bc59d979 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.17 +lastReleaseVersion: 0.0.18 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index d9c5869107fc..9cd39b4671d3 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.18-dev +version: 0.0.18 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index c9073a6a0d3a..7c9e43f8ff3e 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.40.md b/shared/rangeanalysis/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 1f3aa054b0f3..0a65a5b3543f 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index bd4172a6f246..ecf8ebbe399d 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.40.md b/shared/regex/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/regex/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 708ae7ee1b27..6ef8edaa2ad7 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index e37d98b1dc1b..03f338ad3e62 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.16 + +No user-facing changes. + ## 2.0.15 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.16.md b/shared/ssa/change-notes/released/2.0.16.md new file mode 100644 index 000000000000..221400d393f2 --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.16.md @@ -0,0 +1,3 @@ +## 2.0.16 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 0377ae283a31..c10461a785cf 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.15 +lastReleaseVersion: 2.0.16 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index f755bda3379d..090657b131b1 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.16-dev +version: 2.0.16 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index dd213e111b4e..8718668249fd 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.40.md b/shared/threat-models/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 45e4e04f51cd..083a882a597a 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.40-dev +version: 1.0.40 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 1e813c59b636..6a9afbe090a3 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.40.md b/shared/tutorial/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 651844a76ad7..ab99a483de0a 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index e937ff6cb9ee..37cada863622 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.40.md b/shared/typeflow/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index eb199d36dee7..8ecec46f7bd4 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 7ac497bdb32c..2daa850c9cd1 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.21 + +No user-facing changes. + ## 0.0.20 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.21.md b/shared/typeinference/change-notes/released/0.0.21.md new file mode 100644 index 000000000000..d32472e976d2 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.21.md @@ -0,0 +1,3 @@ +## 0.0.21 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index d2e86745bcaa..0c15c351db40 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.20 +lastReleaseVersion: 0.0.21 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 1c533ad3863f..8316949f0545 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.21-dev +version: 0.0.21 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 7f86f9e81666..769f68dd3dd5 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.24 + +No user-facing changes. + ## 2.0.23 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.24.md b/shared/typetracking/change-notes/released/2.0.24.md new file mode 100644 index 000000000000..6547901c3343 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.24.md @@ -0,0 +1,3 @@ +## 2.0.24 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 1bd7e296a34f..1460df314d51 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.23 +lastReleaseVersion: 2.0.24 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 2a1ef48e92ab..e16b1b4393b6 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.24-dev +version: 2.0.24 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index c553f4c1f634..5ef65f8781d4 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.40.md b/shared/typos/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/typos/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 6baa76ffa5ca..4d32c8d127eb 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 3578e0001702..1c818e1f21da 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.27 + +No user-facing changes. + ## 2.0.26 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.27.md b/shared/util/change-notes/released/2.0.27.md new file mode 100644 index 000000000000..639cf77090e5 --- /dev/null +++ b/shared/util/change-notes/released/2.0.27.md @@ -0,0 +1,3 @@ +## 2.0.27 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 63d57bef4816..a047558f018b 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.26 +lastReleaseVersion: 2.0.27 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index db3d6fb7f2d9..ff2324b5ebfc 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.27-dev +version: 2.0.27 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 5bb981adb8ca..cb8550f886bc 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.40.md b/shared/xml/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/xml/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index d31c816dafce..e004d8a7cca3 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index dd8504602790..82c9137dbbf5 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.40 + +No user-facing changes. + ## 1.0.39 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.40.md b/shared/yaml/change-notes/released/1.0.40.md new file mode 100644 index 000000000000..3f2f101b3b7d --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.40.md @@ -0,0 +1,3 @@ +## 1.0.40 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index c310c9f1e786..326e4b5da674 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.39 +lastReleaseVersion: 1.0.40 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index d154970377b7..6319b7bab319 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.40-dev +version: 1.0.40 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index d1fa9e09fdd7..efad17a8e8b2 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 6.2.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.2.3. +* Upgraded to allow analysis of Swift 6.2.2. + ## 6.1.4 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2025-12-11-swift-6.2.2.md b/swift/ql/lib/change-notes/2025-12-11-swift-6.2.2.md deleted file mode 100644 index 27927802dba5..000000000000 --- a/swift/ql/lib/change-notes/2025-12-11-swift-6.2.2.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Upgraded to allow analysis of Swift 6.2.2. \ No newline at end of file diff --git a/swift/ql/lib/change-notes/2025-12-18-swift-6.2.3.md b/swift/ql/lib/change-notes/2025-12-18-swift-6.2.3.md deleted file mode 100644 index b81064600493..000000000000 --- a/swift/ql/lib/change-notes/2025-12-18-swift-6.2.3.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Upgraded to allow analysis of Swift 6.2.3. \ No newline at end of file diff --git a/swift/ql/lib/change-notes/released/6.2.0.md b/swift/ql/lib/change-notes/released/6.2.0.md new file mode 100644 index 000000000000..065e47507e99 --- /dev/null +++ b/swift/ql/lib/change-notes/released/6.2.0.md @@ -0,0 +1,6 @@ +## 6.2.0 + +### Major Analysis Improvements + +* Upgraded to allow analysis of Swift 6.2.3. +* Upgraded to allow analysis of Swift 6.2.2. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 7dbbf7fb5537..35c46c599f08 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.1.4 +lastReleaseVersion: 6.2.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 77172d624e79..420bf2ca32e3 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.1.5-dev +version: 6.2.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 093bfc1c99ab..b555657d87af 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.14 + +No user-facing changes. + ## 1.2.13 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.2.14.md b/swift/ql/src/change-notes/released/1.2.14.md new file mode 100644 index 000000000000..a46ed3aa08fc --- /dev/null +++ b/swift/ql/src/change-notes/released/1.2.14.md @@ -0,0 +1,3 @@ +## 1.2.14 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index f95a122f916c..ef55ed9564a8 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.13 +lastReleaseVersion: 1.2.14 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 15a1f6308dc5..b1632592ec80 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.14-dev +version: 1.2.14 groups: - swift - queries