github
diff --git a/‎.github/workflows/csv-coverage-pr-artifacts.yml
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/csv-coverage-pr-artifacts.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/csv-coverage-update.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/csv-coverage-update.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.gitignore
Lines changed: 3 additions & 0 deletions b/‎.gitignore
Lines changed: 3 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 2 additions & 2 deletions b/‎README.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎cpp/change-notes/2021-06-10-cleartext-transmission.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-06-10-cleartext-transmission.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-06-22-sql-tainted.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-06-22-sql-tainted.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-08-31-range-analysis-upper-bound.md
Lines changed: 4 additions & 0 deletions b/‎cpp/change-notes/2021-08-31-range-analysis-upper-bound.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-09-13-overflow-static.md
Lines changed: 4 additions & 0 deletions b/‎cpp/change-notes/2021-09-13-overflow-static.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-09-27-command-line-injection.md
Lines changed: 2 additions & 0 deletions b/‎cpp/change-notes/2021-09-27-command-line-injection.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎cpp/change-notes/2021-09-27-overflow-static.md
Lines changed: 3 additions & 0 deletions b/‎cpp/change-notes/2021-09-27-overflow-static.md
Lines changed: 3 additions & 0 deletions
@@ -6,6 +6,8 @@ on:
       - '.github/workflows/csv-coverage-pr-comment.yml'
       - '*/ql/src/**/*.ql'
       - '*/ql/src/**/*.qll'
+      - '*/ql/lib/**/*.ql'
+      - '*/ql/lib/**/*.qll'
       - 'misc/scripts/library-coverage/*.py'
       # input data files
       - '*/documentation/library-coverage/cwe-sink.csv'
 
@@ -8,7 +8,7 @@ on:
 jobs:
   update:
     name: Update framework coverage report
-    if: github.event.repository.fork == false
+    if: github.repository == 'github/codeql'
     runs-on: ubuntu-latest
 
     steps:
 
@@ -24,3 +24,6 @@
 /codeql/
 
 csharp/extractor/Semmle.Extraction.CSharp.Driver/Properties/launchSettings.json
+
+# Avoid committing cached package components
+.codeql
@@ -4,8 +4,8 @@ This open source repository contains the standard CodeQL libraries and queries t
 
 ## How do I learn CodeQL and run queries?
 
-There is [extensive documentation](https://help.semmle.com/QL/learn-ql/) on getting started with writing CodeQL.
-You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode.html) extension to try out your queries on any open source project that's currently being analyzed.
+There is [extensive documentation](https://codeql.github.com/docs/) on getting started with writing CodeQL.
+You can use the [interactive query console](https://lgtm.com/help/lgtm/using-query-console) on LGTM.com or the [CodeQL for Visual Studio Code](https://codeql.github.com/docs/codeql-for-visual-studio-code/) extension to try out your queries on any open source project that's currently being analyzed.
 
 ## Contributing
 
 
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* A new query (`cpp/cleartext-transmission`) has been added. This is similar to the `cpp/cleartext-storage-file`, `cpp/cleartext-storage-buffer` and `cpp/cleartext-storage-database` queries but looks for cases where sensitive information is most likely transmitted over a network.
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The 'Uncontrolled data in SQL query' (cpp/sql-injection) query now supports the `libpqxx` library.
@@ -0,0 +1,4 @@
+lgtm,codescanning
+* The `SimpleRangeAnalysis` library includes information from the
+  immediate guard for determining the upper bound of a stack
+  variable for improved accuracy.
@@ -0,0 +1,4 @@
+lgtm,codescanning
+* The `memberMayBeVarSize` predicate considers more fields to be variable size.
+  As a result, the "Static buffer overflow" query (cpp/static-buffer-overflow)
+  produces fewer false positives.
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The "Uncontrolled data used in OS command" (`cpp/command-line-injection`) query has been enhanced to reduce false positive results and its `@precision` increased to `high`
@@ -0,0 +1,3 @@
+lgtm,codescanning
+* Increase precision to high for the "Static buffer overflow" query
+  (`cpp/static-buffer-overflow`). This means the query is run and displayed by default on Code Scanning and LGTM.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* A new query (`cpp/cleartext-transmission`) has been added. This is similar to the `cpp/cleartext-storage-file`, `cpp/cleartext-storage-buffer` and `cpp/cleartext-storage-database` queries but looks for cases where sensitive information is most likely transmitted over a network.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* The 'Uncontrolled data in SQL query' (cpp/sql-injection) query now supports the `libpqxx` library.
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* The "Uncontrolled data used in OS command" (`cpp/command-line-injection`) query has been enhanced to reduce false positive results and its `@precision` increased to `high`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+lgtm,codescanning`
	`2`	`+* Increase precision to high for the "Static buffer overflow" query`
	`3`	+ (`cpp/static-buffer-overflow`). This means the query is run and displayed by default on Code Scanning and LGTM.