diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 03201c9603af..d625bc6f619e 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.33 + +No user-facing changes. + ## 0.4.32 No user-facing changes. diff --git a/actions/ql/lib/change-notes/released/0.4.33.md b/actions/ql/lib/change-notes/released/0.4.33.md new file mode 100644 index 000000000000..99c04e352dff --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.33.md @@ -0,0 +1,3 @@ +## 0.4.33 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 3201cd9b0637..7581fef2abf7 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.32 +lastReleaseVersion: 0.4.33 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index bc4a8ba134ba..131f29b87aaa 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.33-dev +version: 0.4.33 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index e42a19a8168f..d991237aca97 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.25 + +No user-facing changes. + ## 0.6.24 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.25.md b/actions/ql/src/change-notes/released/0.6.25.md new file mode 100644 index 000000000000..b9d9e69c728d --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.25.md @@ -0,0 +1,3 @@ +## 0.6.25 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index f4aa7271ace7..b8288b392226 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.24 +lastReleaseVersion: 0.6.25 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 3f76a5273f15..024862b808a6 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.25-dev +version: 0.6.25 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 686195e9211e..5b5bc748c5dd 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,23 @@ +## 9.0.0 + +### Breaking Changes + +* The `SourceModelCsv`, `SinkModelCsv`, and `SummaryModelCsv` classes and the associated CSV parsing infrastructure have been removed from `ExternalFlow.qll`. New models should be added as `.model.yml` files in the `ext/` directory. + +### New Features + +* Added a subclass `MesonPrivateTestFile` of `ConfigurationTestFile` that represents files created by Meson to test the build configuration. +* Added a class `ConstructorDirectFieldInit` to represent field initializations that occur in member initializer lists. +* Added a class `ConstructorDefaultFieldInit` to represent default field initializations. +* Added a class `DataFlow::IndirectParameterNode` to represent the indirection of a parameter as a dataflow node. +* Added a predicate `Node::asIndirectInstruction` which returns the `Instruction` that defines the indirect dataflow node, if any. +* Added a class `IndirectUninitializedNode` to represent the indirection of an uninitialized local variable as a dataflow node. + +### Minor Analysis Improvements + +* Added `HttpReceiveHttpRequest`, `HttpReceiveRequestEntityBody`, and `HttpReceiveClientCertificate` from Win32's `http.h` as remote flow sources. +* Added dataflow through members initialized via non-static data member initialization (NSDMI). + ## 8.0.3 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2026-03-20-add-indirect-uninitialized-node.md b/cpp/ql/lib/change-notes/2026-03-20-add-indirect-uninitialized-node.md deleted file mode 100644 index 07235e047d43..000000000000 --- a/cpp/ql/lib/change-notes/2026-03-20-add-indirect-uninitialized-node.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a class `IndirectUninitializedNode` to represent the indirection of an uninitialized local variable as a dataflow node. diff --git a/cpp/ql/lib/change-notes/2026-03-23-indirect-parameter-nodes-and-indirect-instructions.md b/cpp/ql/lib/change-notes/2026-03-23-indirect-parameter-nodes-and-indirect-instructions.md deleted file mode 100644 index c3bd4028ee97..000000000000 --- a/cpp/ql/lib/change-notes/2026-03-23-indirect-parameter-nodes-and-indirect-instructions.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* Added a class `DataFlow::IndirectParameterNode` to represent the indirection of a parameter as a dataflow node. -* Added a predicate `Node::asIndirectInstruction` which returns the `Instruction` that defines the indirect dataflow node, if any. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2026-03-24-field-init.md b/cpp/ql/lib/change-notes/2026-03-24-field-init.md deleted file mode 100644 index c11329a3d9f0..000000000000 --- a/cpp/ql/lib/change-notes/2026-03-24-field-init.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* Added a class `ConstructorDirectFieldInit` to represent field initializations that occur in member initializer lists. -* Added a class `ConstructorDefaultFieldInit` to represent default field initializations. diff --git a/cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md b/cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md deleted file mode 100644 index 41d77b518f14..000000000000 --- a/cpp/ql/lib/change-notes/2026-03-26-convert-csv-models-to-yml.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The `SourceModelCsv`, `SinkModelCsv`, and `SummaryModelCsv` classes and the associated CSV parsing infrastructure have been removed from `ExternalFlow.qll`. New models should be added as `.model.yml` files in the `ext/` directory. diff --git a/cpp/ql/lib/change-notes/2026-03-30-nsdmi-dataflow.md b/cpp/ql/lib/change-notes/2026-03-30-nsdmi-dataflow.md deleted file mode 100644 index 8bf879003304..000000000000 --- a/cpp/ql/lib/change-notes/2026-03-30-nsdmi-dataflow.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added dataflow through members initialized via non-static data member initialization (NSDMI). \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2026-03-31-http-flow-sources.md b/cpp/ql/lib/change-notes/2026-03-31-http-flow-sources.md deleted file mode 100644 index 54a0ad81036d..000000000000 --- a/cpp/ql/lib/change-notes/2026-03-31-http-flow-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added `HttpReceiveHttpRequest`, `HttpReceiveRequestEntityBody`, and `HttpReceiveClientCertificate` from Win32's `http.h` as remote flow sources. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2026-03-31-meson.md b/cpp/ql/lib/change-notes/2026-03-31-meson.md deleted file mode 100644 index c18de40b85db..000000000000 --- a/cpp/ql/lib/change-notes/2026-03-31-meson.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a subclass `MesonPrivateTestFile` of `ConfigurationTestFile` that represents files created by Meson to test the build configuration. diff --git a/cpp/ql/lib/change-notes/released/9.0.0.md b/cpp/ql/lib/change-notes/released/9.0.0.md new file mode 100644 index 000000000000..2f97209a02d2 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/9.0.0.md @@ -0,0 +1,19 @@ +## 9.0.0 + +### Breaking Changes + +* The `SourceModelCsv`, `SinkModelCsv`, and `SummaryModelCsv` classes and the associated CSV parsing infrastructure have been removed from `ExternalFlow.qll`. New models should be added as `.model.yml` files in the `ext/` directory. + +### New Features + +* Added a subclass `MesonPrivateTestFile` of `ConfigurationTestFile` that represents files created by Meson to test the build configuration. +* Added a class `ConstructorDirectFieldInit` to represent field initializations that occur in member initializer lists. +* Added a class `ConstructorDefaultFieldInit` to represent default field initializations. +* Added a class `DataFlow::IndirectParameterNode` to represent the indirection of a parameter as a dataflow node. +* Added a predicate `Node::asIndirectInstruction` which returns the `Instruction` that defines the indirect dataflow node, if any. +* Added a class `IndirectUninitializedNode` to represent the indirection of an uninitialized local variable as a dataflow node. + +### Minor Analysis Improvements + +* Added `HttpReceiveHttpRequest`, `HttpReceiveRequestEntityBody`, and `HttpReceiveClientCertificate` from Win32's `http.h` as remote flow sources. +* Added dataflow through members initialized via non-static data member initialization (NSDMI). diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 1be4ac8d0d39..fd5f4a48b3c1 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 8.0.3 +lastReleaseVersion: 9.0.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 802f3c3e4de8..e4e7a96ef681 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 8.0.4-dev +version: 9.0.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 126b1d9efa34..a3f9d1836ade 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,17 @@ +## 1.6.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `cpp/cgi-xss` has been increased from 6.1 (medium) to 7.8 (high). + +### Minor Analysis Improvements + +* The "Extraction warnings" (`cpp/diagnostics/extraction-warnings`) diagnostics query no longer yields `ExtractionRecoverableWarning`s for `build-mode: none` databases. The results were found to significantly increase the sizes of the produced SARIF files, making them unprocessable in some cases. +* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases. +* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations. +* Fixed an issue with the "Wrong type of arguments to formatting function" (`cpp/wrong-type-format-argument`) query causing false positive results in `build-mode: none` databases. +* Fixed an issue with the "Multiplication result converted to larger type" (`cpp/integer-multiplication-cast-to-long`) query causing false positive results in `build-mode: none` databases. + ## 1.5.15 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2026-03-11-integer-multiplication-cast-to-long.md b/cpp/ql/src/change-notes/2026-03-11-integer-multiplication-cast-to-long.md deleted file mode 100644 index 4d4a66c0a226..000000000000 --- a/cpp/ql/src/change-notes/2026-03-11-integer-multiplication-cast-to-long.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed an issue with the "Multiplication result converted to larger type" (`cpp/integer-multiplication-cast-to-long`) query causing false positive results in `build-mode: none` databases. diff --git a/cpp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/cpp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md deleted file mode 100644 index 0810e9c49bac..000000000000 --- a/cpp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The `@security-severity` metadata of `cpp/cgi-xss` has been increased from 6.1 (medium) to 7.8 (high). diff --git a/cpp/ql/src/change-notes/2026-03-16-wrong-type-format-argument.md b/cpp/ql/src/change-notes/2026-03-16-wrong-type-format-argument.md deleted file mode 100644 index 84aef7791fcf..000000000000 --- a/cpp/ql/src/change-notes/2026-03-16-wrong-type-format-argument.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed an issue with the "Wrong type of arguments to formatting function" (`cpp/wrong-type-format-argument`) query causing false positive results in `build-mode: none` databases. diff --git a/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md b/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md deleted file mode 100644 index 387e2d44b469..000000000000 --- a/cpp/ql/src/change-notes/2026-03-19-suspicious-add-sizeof.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases. diff --git a/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md b/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md deleted file mode 100644 index 6a1133917bf7..000000000000 --- a/cpp/ql/src/change-notes/2026-03-19-tainted-format-string.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations. diff --git a/cpp/ql/src/change-notes/2026-03-30-warning-diagnostics.md b/cpp/ql/src/change-notes/2026-03-30-warning-diagnostics.md deleted file mode 100644 index 0db0d7c718da..000000000000 --- a/cpp/ql/src/change-notes/2026-03-30-warning-diagnostics.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Extraction warnings" (`cpp/diagnostics/extraction-warnings`) diagnostics query no longer yields `ExtractionRecoverableWarning`s for `build-mode: none` databases. The results were found to significantly increase the sizes of the produced SARIF files, making them unprocessable in some cases. diff --git a/cpp/ql/src/change-notes/released/1.6.0.md b/cpp/ql/src/change-notes/released/1.6.0.md new file mode 100644 index 000000000000..3bbb94806609 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.6.0.md @@ -0,0 +1,13 @@ +## 1.6.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `cpp/cgi-xss` has been increased from 6.1 (medium) to 7.8 (high). + +### Minor Analysis Improvements + +* The "Extraction warnings" (`cpp/diagnostics/extraction-warnings`) diagnostics query no longer yields `ExtractionRecoverableWarning`s for `build-mode: none` databases. The results were found to significantly increase the sizes of the produced SARIF files, making them unprocessable in some cases. +* Fixed an issue with the "Suspicious add with sizeof" (`cpp/suspicious-add-sizeof`) query causing false positive results in `build-mode: none` databases. +* Fixed an issue with the "Uncontrolled format string" (`cpp/tainted-format-string`) query involving certain kinds of formatting function implementations. +* Fixed an issue with the "Wrong type of arguments to formatting function" (`cpp/wrong-type-format-argument`) query causing false positive results in `build-mode: none` databases. +* Fixed an issue with the "Multiplication result converted to larger type" (`cpp/integer-multiplication-cast-to-long`) query causing false positive results in `build-mode: none` databases. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index b41e6e78a66a..c4f0b07d5336 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.15 +lastReleaseVersion: 1.6.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 3160da2efb68..fa0391ae9c15 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.16-dev +version: 1.6.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index dfbc0f9f376d..f7107d18c014 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.64 + +No user-facing changes. + ## 1.7.63 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.64.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.64.md new file mode 100644 index 000000000000..47290bbbeb30 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.64.md @@ -0,0 +1,3 @@ +## 1.7.64 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 3d19252da0b4..f41e954c9ae2 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.63 +lastReleaseVersion: 1.7.64 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 972746e92550..9c094c18dc6d 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.64-dev +version: 1.7.64 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index dfbc0f9f376d..f7107d18c014 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.64 + +No user-facing changes. + ## 1.7.63 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.64.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.64.md new file mode 100644 index 000000000000..47290bbbeb30 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.64.md @@ -0,0 +1,3 @@ +## 1.7.64 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 3d19252da0b4..f41e954c9ae2 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.63 +lastReleaseVersion: 1.7.64 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 7a4e4fff627d..666c44a2805e 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.64-dev +version: 1.7.64 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 7261891eed7d..57d99a41480b 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 5.4.12 + +### Minor Analysis Improvements + +* The extractor no longer synthesizes expanded forms of compound assignments. This may have a small impact on the results of queries that explicitly or implicitly rely on the expanded form of compound assignments. +* The `cs/log-forging` query no longer treats arguments to extension methods with + source code on `ILogger` types as sinks. Instead, taint is tracked interprocedurally + through extension method bodies, reducing false positives when extension methods + sanitize input internally. + ## 5.4.11 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2026-03-26-expanded-assignments.md b/csharp/ql/lib/change-notes/2026-03-26-expanded-assignments.md deleted file mode 100644 index 159ab1ee3c64..000000000000 --- a/csharp/ql/lib/change-notes/2026-03-26-expanded-assignments.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extractor no longer synthesizes expanded forms of compound assignments. This may have a small impact on the results of queries that explicitly or implicitly rely on the expanded form of compound assignments. diff --git a/csharp/ql/lib/change-notes/2026-03-19-fix-log-forging-extension-methods.md b/csharp/ql/lib/change-notes/released/5.4.12.md similarity index 52% rename from csharp/ql/lib/change-notes/2026-03-19-fix-log-forging-extension-methods.md rename to csharp/ql/lib/change-notes/released/5.4.12.md index 65ce217b1058..506fae5a15e1 100644 --- a/csharp/ql/lib/change-notes/2026-03-19-fix-log-forging-extension-methods.md +++ b/csharp/ql/lib/change-notes/released/5.4.12.md @@ -1,6 +1,8 @@ ---- -category: minorAnalysis ---- +## 5.4.12 + +### Minor Analysis Improvements + +* The extractor no longer synthesizes expanded forms of compound assignments. This may have a small impact on the results of queries that explicitly or implicitly rely on the expanded form of compound assignments. * The `cs/log-forging` query no longer treats arguments to extension methods with source code on `ILogger` types as sinks. Instead, taint is tracked interprocedurally through extension method bodies, reducing false positives when extension methods diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index f742ee59b537..43db6e52c988 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.4.11 +lastReleaseVersion: 5.4.12 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index b45bd57ad56e..d5088885cdb0 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.4.12-dev +version: 5.4.12 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 39bfe944d5d6..fc0f8c58d794 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 1.7.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `cs/log-forging` has been reduced from 7.8 (high) to 6.1 (medium). +* The `@security-severity` metadata of `cs/web/xss` has been increased from 6.1 (medium) to 7.8 (high). + +### Major Analysis Improvements + +* The `cs/constant-condition` query has been simplified. The query no longer reports trivially constant conditions as they were found to generally be intentional. As a result, it should now produce fewer false positives. Additionally, the simplification means that it now reports all the results that `cs/constant-comparison` used to report, and as consequence, that query has been deleted. + ## 1.6.6 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/csharp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md deleted file mode 100644 index c317194bc259..000000000000 --- a/csharp/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: queryMetadata ---- -* The `@security-severity` metadata of `cs/log-forging` has been reduced from 7.8 (high) to 6.1 (medium). -* The `@security-severity` metadata of `cs/web/xss` has been increased from 6.1 (medium) to 7.8 (high). diff --git a/csharp/ql/src/change-notes/2026-03-31-constantcondition-simplify.md b/csharp/ql/src/change-notes/released/1.7.0.md similarity index 58% rename from csharp/ql/src/change-notes/2026-03-31-constantcondition-simplify.md rename to csharp/ql/src/change-notes/released/1.7.0.md index a1051d4c00f4..906a13d68d0a 100644 --- a/csharp/ql/src/change-notes/2026-03-31-constantcondition-simplify.md +++ b/csharp/ql/src/change-notes/released/1.7.0.md @@ -1,4 +1,10 @@ ---- -category: majorAnalysis ---- +## 1.7.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `cs/log-forging` has been reduced from 7.8 (high) to 6.1 (medium). +* The `@security-severity` metadata of `cs/web/xss` has been increased from 6.1 (medium) to 7.8 (high). + +### Major Analysis Improvements + * The `cs/constant-condition` query has been simplified. The query no longer reports trivially constant conditions as they were found to generally be intentional. As a result, it should now produce fewer false positives. Additionally, the simplification means that it now reports all the results that `cs/constant-comparison` used to report, and as consequence, that query has been deleted. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index f8e54f30a672..d1184cc67507 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.6 +lastReleaseVersion: 1.7.0 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 728074e959dc..64d02609317a 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.6.7-dev +version: 1.7.0 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 065f61912fa9..34ae2fd22778 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.47.md b/go/ql/consistency-queries/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index ba15945e1a24..53b3d29e717b 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.47-dev +version: 1.0.47 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 09f0c8843205..441d15a0d0e8 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 7.0.5 + +No user-facing changes. + ## 7.0.4 No user-facing changes. diff --git a/go/ql/lib/change-notes/released/7.0.5.md b/go/ql/lib/change-notes/released/7.0.5.md new file mode 100644 index 000000000000..adee6ebe3a75 --- /dev/null +++ b/go/ql/lib/change-notes/released/7.0.5.md @@ -0,0 +1,3 @@ +## 7.0.5 + +No user-facing changes. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 6630ee1984ad..2cff21d59fec 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.0.4 +lastReleaseVersion: 7.0.5 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index f3e9e50bf7bc..5c371bb7ae48 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 7.0.5-dev +version: 7.0.5 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index f6fcaa51ab3f..2bc95cc19222 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.6.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `go/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). +* The `@security-severity` metadata of `go/html-template-escaping-bypass-xss`, `go/reflected-xss` and `go/stored-xss` has been increased from 6.1 (medium) to 7.8 (high). + ## 1.5.10 No user-facing changes. diff --git a/go/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/go/ql/src/change-notes/released/1.6.0.md similarity index 87% rename from go/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md rename to go/ql/src/change-notes/released/1.6.0.md index 45320bcd719c..1e508254885a 100644 --- a/go/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ b/go/ql/src/change-notes/released/1.6.0.md @@ -1,5 +1,6 @@ ---- -category: queryMetadata ---- +## 1.6.0 + +### Query Metadata Changes + * The `@security-severity` metadata of `go/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). * The `@security-severity` metadata of `go/html-template-escaping-bypass-xss`, `go/reflected-xss` and `go/stored-xss` has been increased from 6.1 (medium) to 7.8 (high). diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index fda54b31bffb..c4f0b07d5336 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.10 +lastReleaseVersion: 1.6.0 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index fd374637a9b7..1ec2c5b9430e 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.5.11-dev +version: 1.6.0 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index ecbffa5461c8..caa1eaecb948 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,12 @@ +## 9.0.3 + +### Minor Analysis Improvements + +* The `java/tainted-arithmetic` query no longer flags arithmetic expressions that are used directly as an operand of a comparison in `if`-condition bounds-checking patterns. For example, `if (off + len > array.length)` is now recognized as a bounds check rather than a potentially vulnerable computation, reducing false positives. +* The `java/potentially-weak-cryptographic-algorithm` query no longer flags Elliptic Curve algorithms (`EC`, `ECDSA`, `ECDH`, `EdDSA`, `Ed25519`, `Ed448`, `XDH`, `X25519`, `X448`), HMAC-based algorithms (`HMACSHA1`, `HMACSHA256`, `HMACSHA384`, `HMACSHA512`), or PBKDF2 key derivation as potentially insecure. These are modern, secure algorithms recommended by NIST and other standards bodies. This will reduce the number of false positives for this query. +* The first argument of the method `getInstance` of `java.security.Signature` is now modeled as a sink for `java/potentially-weak-cryptographic-algorithm`, `java/weak-cryptographic-algorithm` and `java/rsa-without-oaep`. This will increase the number of alerts for these queries. +* Kotlin versions up to 2.3.20 are now supported. + ## 9.0.2 No user-facing changes. diff --git a/java/ql/lib/change-notes/2026-03-26-kotlin-2.3.20.md b/java/ql/lib/change-notes/2026-03-26-kotlin-2.3.20.md deleted file mode 100644 index b18cff457049..000000000000 --- a/java/ql/lib/change-notes/2026-03-26-kotlin-2.3.20.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Kotlin versions up to 2.3.20 are now supported. diff --git a/java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md b/java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md deleted file mode 100644 index 0688815c822f..000000000000 --- a/java/ql/lib/change-notes/2026-03-28-tainted-arithmetic-bounds-check.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `java/tainted-arithmetic` query no longer flags arithmetic expressions that are used directly as an operand of a comparison in `if`-condition bounds-checking patterns. For example, `if (off + len > array.length)` is now recognized as a bounds check rather than a potentially vulnerable computation, reducing false positives. diff --git a/java/ql/lib/change-notes/2026-03-27-add-ec-to-secure-algorithms.md b/java/ql/lib/change-notes/released/9.0.3.md similarity index 63% rename from java/ql/lib/change-notes/2026-03-27-add-ec-to-secure-algorithms.md rename to java/ql/lib/change-notes/released/9.0.3.md index ee53bedd4176..828b5867f8b2 100644 --- a/java/ql/lib/change-notes/2026-03-27-add-ec-to-secure-algorithms.md +++ b/java/ql/lib/change-notes/released/9.0.3.md @@ -1,5 +1,8 @@ ---- -category: minorAnalysis ---- +## 9.0.3 + +### Minor Analysis Improvements + +* The `java/tainted-arithmetic` query no longer flags arithmetic expressions that are used directly as an operand of a comparison in `if`-condition bounds-checking patterns. For example, `if (off + len > array.length)` is now recognized as a bounds check rather than a potentially vulnerable computation, reducing false positives. * The `java/potentially-weak-cryptographic-algorithm` query no longer flags Elliptic Curve algorithms (`EC`, `ECDSA`, `ECDH`, `EdDSA`, `Ed25519`, `Ed448`, `XDH`, `X25519`, `X448`), HMAC-based algorithms (`HMACSHA1`, `HMACSHA256`, `HMACSHA384`, `HMACSHA512`), or PBKDF2 key derivation as potentially insecure. These are modern, secure algorithms recommended by NIST and other standards bodies. This will reduce the number of false positives for this query. * The first argument of the method `getInstance` of `java.security.Signature` is now modeled as a sink for `java/potentially-weak-cryptographic-algorithm`, `java/weak-cryptographic-algorithm` and `java/rsa-without-oaep`. This will increase the number of alerts for these queries. +* Kotlin versions up to 2.3.20 are now supported. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 533351acdc92..175658aaf53d 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 9.0.2 +lastReleaseVersion: 9.0.3 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index fc1d2c13281a..d840954d6236 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 9.0.3-dev +version: 9.0.3 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 8d9ce4a75b4e..2a2f8052092f 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.11.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `java/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). +* The `@security-severity` metadata of `java/android/webview-addjavascriptinterface`, `java/android/websettings-javascript-enabled` and `java/xss` has been increased from 6.1 (medium) to 7.8 (high). + ## 1.10.11 No user-facing changes. diff --git a/java/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/java/ql/src/change-notes/released/1.11.0.md similarity index 88% rename from java/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md rename to java/ql/src/change-notes/released/1.11.0.md index fa1288af16eb..0be4b0481d60 100644 --- a/java/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ b/java/ql/src/change-notes/released/1.11.0.md @@ -1,5 +1,6 @@ ---- -category: queryMetadata ---- +## 1.11.0 + +### Query Metadata Changes + * The `@security-severity` metadata of `java/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). * The `@security-severity` metadata of `java/android/webview-addjavascriptinterface`, `java/android/websettings-javascript-enabled` and `java/xss` has been increased from 6.1 (medium) to 7.8 (high). diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index d267e07fb669..276088d81dc8 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.10.11 +lastReleaseVersion: 1.11.0 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 78372a6ec85b..2c4f95fb25bb 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.10.12-dev +version: 1.11.0 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 52d003921a0d..fedb0b9b587f 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.6.27 + +No user-facing changes. + ## 2.6.26 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/released/2.6.27.md b/javascript/ql/lib/change-notes/released/2.6.27.md new file mode 100644 index 000000000000..94482b5ebe68 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.27.md @@ -0,0 +1,3 @@ +## 2.6.27 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 679fedfb2ca3..2ce86b10a85d 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.26 +lastReleaseVersion: 2.6.27 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 06ba4c2b8c6c..df3fa463f358 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.27-dev +version: 2.6.27 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 272799b3da36..29e6c8e8da32 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.3.7 + +No user-facing changes. + ## 2.3.6 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/2.3.7.md b/javascript/ql/src/change-notes/released/2.3.7.md new file mode 100644 index 000000000000..5be2835f3988 --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.3.7.md @@ -0,0 +1,3 @@ +## 2.3.7 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 2c82422104bf..914cded08b38 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.3.6 +lastReleaseVersion: 2.3.7 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index c01152a2480c..7bd7a08f955f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.3.7-dev +version: 2.3.7 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 1b5fe4c06dab..4b73639b1f75 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.47.md b/misc/suite-helpers/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 3107188efcfc..9ee0e7338b2d 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.47-dev +version: 1.0.47 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index ec5ff5ffe4f0..a6833ea8db3d 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.0.4 + +### Bug Fixes + +- Fixed the resolution of relative imports such as `from . import helper` inside namespace packages (directories without an `__init__.py` file), which previously did not work correctly, leading to missing flow. + ## 7.0.3 No user-facing changes. diff --git a/python/ql/lib/change-notes/2026-03-11-fix-unresolved-relative-imports.md b/python/ql/lib/change-notes/released/7.0.4.md similarity index 89% rename from python/ql/lib/change-notes/2026-03-11-fix-unresolved-relative-imports.md rename to python/ql/lib/change-notes/released/7.0.4.md index 15290fb3d669..91464598a0e5 100644 --- a/python/ql/lib/change-notes/2026-03-11-fix-unresolved-relative-imports.md +++ b/python/ql/lib/change-notes/released/7.0.4.md @@ -1,5 +1,5 @@ ---- -category: fix ---- +## 7.0.4 + +### Bug Fixes - Fixed the resolution of relative imports such as `from . import helper` inside namespace packages (directories without an `__init__.py` file), which previously did not work correctly, leading to missing flow. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index cf80607304e3..6630ee1984ad 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.0.3 +lastReleaseVersion: 7.0.4 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index bdf4cd0d8046..11bd07835834 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 7.0.4-dev +version: 7.0.4 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 4b109dca5698..d5f5269c61d9 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 1.8.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `py/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). +* The `@security-severity` metadata of `py/jinja2/autoescape-false` and `py/reflective-xss` has been increased from 6.1 (medium) to 7.8 (high). + +### Major Analysis Improvements + +- Several quality queries have been ported away from using the legacy points-to library. This may lead to changes in alerts. + ## 1.7.11 No user-facing changes. diff --git a/python/ql/src/change-notes/2026-03-13-port-simple-points-to-queries.md b/python/ql/src/change-notes/2026-03-13-port-simple-points-to-queries.md deleted file mode 100644 index 3673b6de83a1..000000000000 --- a/python/ql/src/change-notes/2026-03-13-port-simple-points-to-queries.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: majorAnalysis ---- - -- Several quality queries have been ported away from using the legacy points-to library. This may lead to changes in alerts. diff --git a/python/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/python/ql/src/change-notes/released/1.8.0.md similarity index 56% rename from python/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md rename to python/ql/src/change-notes/released/1.8.0.md index 4278d0171e34..123b4604da31 100644 --- a/python/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ b/python/ql/src/change-notes/released/1.8.0.md @@ -1,5 +1,10 @@ ---- -category: queryMetadata ---- +## 1.8.0 + +### Query Metadata Changes + * The `@security-severity` metadata of `py/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). * The `@security-severity` metadata of `py/jinja2/autoescape-false` and `py/reflective-xss` has been increased from 6.1 (medium) to 7.8 (high). + +### Major Analysis Improvements + +- Several quality queries have been ported away from using the legacy points-to library. This may lead to changes in alerts. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 6e5b0b6e2f2b..dc8a37cc443d 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.11 +lastReleaseVersion: 1.8.0 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 32f1015130b1..d3c52c315e85 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.7.12-dev +version: 1.8.0 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index ce1187d64420..40cb88d396f4 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.1.15 + +No user-facing changes. + ## 5.1.14 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/released/5.1.15.md b/ruby/ql/lib/change-notes/released/5.1.15.md new file mode 100644 index 000000000000..c3ff6293f36f --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.1.15.md @@ -0,0 +1,3 @@ +## 5.1.15 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index bf92d1c672e0..840348ed924e 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.14 +lastReleaseVersion: 5.1.15 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 56537ce0a173..687618237bb6 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.15-dev +version: 5.1.15 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 884e126d9a16..cb4c0ae7874a 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.6.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `rb/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). +* The `@security-severity` metadata of `rb/reflected-xss`, `rb/stored-xss` and `rb/html-constructed-from-input` has been increased from 6.1 (medium) to 7.8 (high). + ## 1.5.11 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/ruby/ql/src/change-notes/released/1.6.0.md similarity index 87% rename from ruby/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md rename to ruby/ql/src/change-notes/released/1.6.0.md index 459c2ce7f916..0398dab7aaf4 100644 --- a/ruby/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ b/ruby/ql/src/change-notes/released/1.6.0.md @@ -1,5 +1,6 @@ ---- -category: queryMetadata ---- +## 1.6.0 + +### Query Metadata Changes + * The `@security-severity` metadata of `rb/log-injection` has been reduced from 7.8 (high) to 6.1 (medium). * The `@security-severity` metadata of `rb/reflected-xss`, `rb/stored-xss` and `rb/html-constructed-from-input` has been increased from 6.1 (medium) to 7.8 (high). diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 7e8e8103d99a..c4f0b07d5336 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.11 +lastReleaseVersion: 1.6.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 20487d171b1c..a0473f5f849b 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.5.12-dev +version: 1.6.0 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 2672c08645b4..eea5bd6e89d8 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.11 + +No user-facing changes. + ## 0.2.10 No user-facing changes. diff --git a/rust/ql/lib/change-notes/released/0.2.11.md b/rust/ql/lib/change-notes/released/0.2.11.md new file mode 100644 index 000000000000..1037f9194f83 --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.2.11.md @@ -0,0 +1,3 @@ +## 0.2.11 + +No user-facing changes. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index a71167814cb7..2ee635b99371 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.10 +lastReleaseVersion: 0.2.11 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 502f10265fae..cef8c27d1cb4 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.2.11-dev +version: 0.2.11 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 35445b7d626f..eab921bcbd6b 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.1.32 + +### Query Metadata Changes + +* The `@security-severity` metadata of `rust/log-injection` has been increased from 2.6 (low) to 6.1 (medium). +* The `@security-severity` metadata of `rust/xss` has been increased from 6.1 (medium) to 7.8 (high). + ## 0.1.31 No user-facing changes. diff --git a/rust/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/rust/ql/src/change-notes/released/0.1.32.md similarity index 84% rename from rust/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md rename to rust/ql/src/change-notes/released/0.1.32.md index 8bfc5be15517..d18f3ccd08df 100644 --- a/rust/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ b/rust/ql/src/change-notes/released/0.1.32.md @@ -1,5 +1,6 @@ ---- -category: queryMetadata ---- +## 0.1.32 + +### Query Metadata Changes + * The `@security-severity` metadata of `rust/log-injection` has been increased from 2.6 (low) to 6.1 (medium). * The `@security-severity` metadata of `rust/xss` has been increased from 6.1 (medium) to 7.8 (high). diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index 8f9b017abfeb..21bbd752f27a 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.31 +lastReleaseVersion: 0.1.32 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 48abcc305eec..41f566526eb9 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.32-dev +version: 0.1.32 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index fc5bdcd8e23e..704ea3e8e019 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.21 + +No user-facing changes. + ## 0.0.20 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.21.md b/shared/concepts/change-notes/released/0.0.21.md new file mode 100644 index 000000000000..d32472e976d2 --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.21.md @@ -0,0 +1,3 @@ +## 0.0.21 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index d2e86745bcaa..0c15c351db40 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.20 +lastReleaseVersion: 0.0.21 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 04966d3a5b1f..c2cc618dd2d9 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.21-dev +version: 0.0.21 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 8725b6df20a6..baca729ddda8 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.31 + +No user-facing changes. + ## 2.0.30 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.31.md b/shared/controlflow/change-notes/released/2.0.31.md new file mode 100644 index 000000000000..b3cd05e3de4d --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.31.md @@ -0,0 +1,3 @@ +## 2.0.31 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 19c804295854..783d47207cda 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.30 +lastReleaseVersion: 2.0.31 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 2bb2efdb8c00..c5c64a8bcb68 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.31-dev +version: 2.0.31 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index b2836038ddfa..52c893f78e27 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.1.3 + +No user-facing changes. + ## 2.1.2 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.1.3.md b/shared/dataflow/change-notes/released/2.1.3.md new file mode 100644 index 000000000000..a1338012fcdd --- /dev/null +++ b/shared/dataflow/change-notes/released/2.1.3.md @@ -0,0 +1,3 @@ +## 2.1.3 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 1a4e53e87724..345fb0c73a44 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.1.2 +lastReleaseVersion: 2.1.3 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index da82b4bcd403..3009091cfdb3 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.1.3-dev +version: 2.1.3 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index f08f6492daf1..1bffb976cf8c 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.47.md b/shared/mad/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 00243bdecc08..678be4858dc4 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 20ebb6b42c02..8d524a11a093 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.25 + +No user-facing changes. + ## 0.0.24 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.25.md b/shared/quantum/change-notes/released/0.0.25.md new file mode 100644 index 000000000000..e41a9acfa062 --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.25.md @@ -0,0 +1,3 @@ +## 0.0.25 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index b956773a07f5..6d0e80a50c3f 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.24 +lastReleaseVersion: 0.0.25 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 4a33f9168a25..38fca7fc6dc4 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.25-dev +version: 0.0.25 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 0014924513d3..0ab7487192cb 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.47.md b/shared/rangeanalysis/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index fe558ac3f189..2cf45348dc0e 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 0b6da82a669a..dd6f0c4cad6b 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.47.md b/shared/regex/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 58fc5cc3e106..b2070c25fb15 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 9b5af9899648..3573140fc410 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.23 + +No user-facing changes. + ## 2.0.22 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.23.md b/shared/ssa/change-notes/released/2.0.23.md new file mode 100644 index 000000000000..ab6f6f171ed6 --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.23.md @@ -0,0 +1,3 @@ +## 2.0.23 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 980bdfe195ba..1bd7e296a34f 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.22 +lastReleaseVersion: 2.0.23 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 3cf46284247c..ab991edccccf 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.23-dev +version: 2.0.23 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 065f61912fa9..34ae2fd22778 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.47.md b/shared/threat-models/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index c3589be5880d..37f9b1ba7448 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.47-dev +version: 1.0.47 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 297d40b694f4..cf8f60d1d46a 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.47.md b/shared/tutorial/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 53716b9b5cad..d2ab12f93454 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 039a7ef99a3d..8c5ee5e94864 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.47.md b/shared/typeflow/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index ea0f559611c9..c8d7a74c2978 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index be06e2108a8a..7153b9314b18 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.28 + +No user-facing changes. + ## 0.0.27 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.28.md b/shared/typeinference/change-notes/released/0.0.28.md new file mode 100644 index 000000000000..1b4fdd478196 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.28.md @@ -0,0 +1,3 @@ +## 0.0.28 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index dbab90d69898..3462db7d348f 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.27 +lastReleaseVersion: 0.0.28 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 75aedbf6423b..d459c36ce72c 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.28-dev +version: 0.0.28 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 4132c8bcd999..f779002267aa 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.31 + +No user-facing changes. + ## 2.0.30 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.31.md b/shared/typetracking/change-notes/released/2.0.31.md new file mode 100644 index 000000000000..b3cd05e3de4d --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.31.md @@ -0,0 +1,3 @@ +## 2.0.31 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 19c804295854..783d47207cda 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.30 +lastReleaseVersion: 2.0.31 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index b9998e1240a1..d2d55be5b550 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.31-dev +version: 2.0.31 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 6f0db2fa4b3a..b49f756fef03 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.47.md b/shared/typos/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index dc62caedd6b0..b9b579b51763 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 56a45488e079..cb3ac7bbe797 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.34 + +No user-facing changes. + ## 2.0.33 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.34.md b/shared/util/change-notes/released/2.0.34.md new file mode 100644 index 000000000000..fd170d38ce6d --- /dev/null +++ b/shared/util/change-notes/released/2.0.34.md @@ -0,0 +1,3 @@ +## 2.0.34 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 92e23200b4d6..339a3ce7c57a 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.33 +lastReleaseVersion: 2.0.34 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index d27b3d6c59c1..4f7bb193afbb 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.34-dev +version: 2.0.34 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index dc06867e32db..98702251320c 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.47.md b/shared/xml/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 5195fcbbe18c..fe6e59d133ed 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 557db2b44052..4a41f8ee9dfe 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.47 + +No user-facing changes. + ## 1.0.46 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.47.md b/shared/yaml/change-notes/released/1.0.47.md new file mode 100644 index 000000000000..0c12039c1809 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.47.md @@ -0,0 +1,3 @@ +## 1.0.47 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 05205e6a59e2..dcec0f6405ab 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.46 +lastReleaseVersion: 1.0.47 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index b6f74301d3af..f8e5976f8fa7 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.47-dev +version: 1.0.47 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index fda32d265b0c..3967689b9331 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 6.3.3 + +No user-facing changes. + ## 6.3.2 No user-facing changes. diff --git a/swift/ql/lib/change-notes/released/6.3.3.md b/swift/ql/lib/change-notes/released/6.3.3.md new file mode 100644 index 000000000000..86c54aaebb24 --- /dev/null +++ b/swift/ql/lib/change-notes/released/6.3.3.md @@ -0,0 +1,3 @@ +## 6.3.3 + +No user-facing changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index bf4d875e15a0..83b98dcdbc38 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 6.3.2 +lastReleaseVersion: 6.3.3 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index d403d14d991b..ebe1f051136b 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 6.3.3-dev +version: 6.3.3 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 1d4d9877b604..f880dc3366f8 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.3.0 + +### Query Metadata Changes + +* The `@security-severity` metadata of `swift/unsafe-webview-fetch` has been increased from 6.1 (medium) to 7.8 (high). + ## 1.2.20 No user-facing changes. diff --git a/swift/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md b/swift/ql/src/change-notes/released/1.3.0.md similarity index 75% rename from swift/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md rename to swift/ql/src/change-notes/released/1.3.0.md index a46302ed1462..5a85d7239d7b 100644 --- a/swift/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md +++ b/swift/ql/src/change-notes/released/1.3.0.md @@ -1,4 +1,5 @@ ---- -category: queryMetadata ---- +## 1.3.0 + +### Query Metadata Changes + * The `@security-severity` metadata of `swift/unsafe-webview-fetch` has been increased from 6.1 (medium) to 7.8 (high). diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 8e035aaa1f41..ec16350ed6fd 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.20 +lastReleaseVersion: 1.3.0 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 64c712af472d..84b3e1d0b5d5 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.21-dev +version: 1.3.0 groups: - swift - queries