Skip to content

Merge rc/3.19 into main #20264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Aug 21, 2025
Merged

Merge rc/3.19 into main #20264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
90d2999
Release preparation for version 2.22.4
invalid-email-address Aug 18, 2025
57378ec
Merge pull request #20240 from github/release-prep/2.22.4
smowton Aug 18, 2025
42e3d31
Post-release preparation for codeql-cli-2.22.4
invalid-email-address Aug 18, 2025
238cb9c
Merge pull request #20241 from github/post-release-prep/codeql-cli-2.…
smowton Aug 18, 2025
1829060
Merge remote-tracking branch 'origin/main' into smowton/admin/merge-r…
smowton Aug 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions actions/ql/lib/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 0.4.15

No user-facing changes.

## 0.4.14

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions actions/ql/lib/change-notes/released/0.4.15.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 0.4.15

No user-facing changes.
2 changes: 1 addition & 1 deletion actions/ql/lib/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.14
lastReleaseVersion: 0.4.15
2 changes: 1 addition & 1 deletion actions/ql/lib/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.15-dev
version: 0.4.16-dev
library: true
warnOnImplicitThis: true
dependencies:
Expand Down
4 changes: 4 additions & 0 deletions actions/ql/src/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 0.6.7

No user-facing changes.

## 0.6.6

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions actions/ql/src/change-notes/released/0.6.7.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 0.6.7

No user-facing changes.
2 changes: 1 addition & 1 deletion actions/ql/src/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.6
lastReleaseVersion: 0.6.7
2 changes: 1 addition & 1 deletion actions/ql/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.7-dev
version: 0.6.8-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]
Expand Down
8 changes: 8 additions & 0 deletions cpp/ql/lib/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
## 5.4.1

### Minor Analysis Improvements

* The guards libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been improved to recognize more guards.
* Improved dataflow through global variables in the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`). Queries based on these libraries will produce more results on codebases with many global variables.
* The global value numbering library (`semmle.code.cpp.valuenumbering.GlobalValueNumbering` and `semmle.code.cpp.ir.ValueNumbering`) has been improved so more expressions are assigned the same value number.

## 5.4.0

### New Features
Expand Down
4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2025-08-02-gvn.md
View file
Open in desktop

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2025-08-11-global-variable-flow.md
View file
Open in desktop

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/lib/change-notes/2025-08-13-guards.md
View file
Open in desktop

This file was deleted.

7 changes: 7 additions & 0 deletions cpp/ql/lib/change-notes/released/5.4.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
## 5.4.1

### Minor Analysis Improvements

* The guards libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been improved to recognize more guards.
* Improved dataflow through global variables in the new dataflow library (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`). Queries based on these libraries will produce more results on codebases with many global variables.
* The global value numbering library (`semmle.code.cpp.valuenumbering.GlobalValueNumbering` and `semmle.code.cpp.ir.ValueNumbering`) has been improved so more expressions are assigned the same value number.
2 changes: 1 addition & 1 deletion cpp/ql/lib/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.4.0
lastReleaseVersion: 5.4.1
2 changes: 1 addition & 1 deletion cpp/ql/lib/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 5.4.1-dev
version: 5.4.2-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp
Expand Down
7 changes: 7 additions & 0 deletions cpp/ql/src/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
## 1.4.6

### Minor Analysis Improvements

* The `cpp/short-global-name` query will no longer give alerts for instantiations of template variables, only for the template itself.
* Fixed a false positive in `cpp/overflow-buffer` when the type of the destination buffer is a reference to a class/struct type.

## 1.4.5

### Minor Analysis Improvements
Expand Down
4 changes: 0 additions & 4 deletions cpp/ql/src/change-notes/2025-08-08-overflow-buffer.md
View file
Open in desktop

This file was deleted.

4 changes: 0 additions & 4 deletions cpp/ql/src/change-notes/2025-08-15-short-global-name-template-instantiations.md
View file
Open in desktop

This file was deleted.

6 changes: 6 additions & 0 deletions cpp/ql/src/change-notes/released/1.4.6.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
## 1.4.6

### Minor Analysis Improvements

* The `cpp/short-global-name` query will no longer give alerts for instantiations of template variables, only for the template itself.
* Fixed a false positive in `cpp/overflow-buffer` when the type of the destination buffer is a reference to a class/struct type.
2 changes: 1 addition & 1 deletion cpp/ql/src/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.5
lastReleaseVersion: 1.4.6
2 changes: 1 addition & 1 deletion cpp/ql/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.4.6-dev
version: 1.4.7-dev
groups:
- cpp
- queries
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.7.46

No user-facing changes.

## 1.7.45

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.46.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.7.46

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.45
lastReleaseVersion: 1.7.46
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.46-dev
version: 1.7.47-dev
groups:
- csharp
- solorigate
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.7.46

No user-facing changes.

## 1.7.45

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.46.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.7.46

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.45
lastReleaseVersion: 1.7.46
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.46-dev
version: 1.7.47-dev
groups:
- csharp
- solorigate
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/lib/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 5.2.2

No user-facing changes.

## 5.2.1

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions csharp/ql/lib/change-notes/released/5.2.2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 5.2.2

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/lib/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 5.2.1
lastReleaseVersion: 5.2.2
2 changes: 1 addition & 1 deletion csharp/ql/lib/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.2.2-dev
version: 5.2.3-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp
Expand Down
4 changes: 4 additions & 0 deletions csharp/ql/src/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.3.3

No user-facing changes.

## 1.3.2

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions csharp/ql/src/change-notes/released/1.3.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.3.3

No user-facing changes.
2 changes: 1 addition & 1 deletion csharp/ql/src/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.2
lastReleaseVersion: 1.3.3
2 changes: 1 addition & 1 deletion csharp/ql/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.3.3-dev
version: 1.3.4-dev
groups:
- csharp
- queries
Expand Down
4 changes: 4 additions & 0 deletions go/ql/consistency-queries/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.0.29

No user-facing changes.

## 1.0.28

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions go/ql/consistency-queries/change-notes/released/1.0.29.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.0.29

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.28
lastReleaseVersion: 1.0.29
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.29-dev
version: 1.0.30-dev
groups:
- go
- queries
Expand Down
4 changes: 4 additions & 0 deletions go/ql/lib/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 4.3.2

No user-facing changes.

## 4.3.1

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions go/ql/lib/change-notes/released/4.3.2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 4.3.2

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/lib/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 4.3.1
lastReleaseVersion: 4.3.2
2 changes: 1 addition & 1 deletion go/ql/lib/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-all
version: 4.3.2-dev
version: 4.3.3-dev
groups: go
dbscheme: go.dbscheme
extractor: go
Expand Down
4 changes: 4 additions & 0 deletions go/ql/src/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.4.3

No user-facing changes.

## 1.4.2

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions go/ql/src/change-notes/released/1.4.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.4.3

No user-facing changes.
2 changes: 1 addition & 1 deletion go/ql/src/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.2
lastReleaseVersion: 1.4.3
2 changes: 1 addition & 1 deletion go/ql/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.4.3-dev
version: 1.4.4-dev
groups:
- go
- queries
Expand Down
10 changes: 10 additions & 0 deletions java/ql/lib/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
## 7.6.0

### Major Analysis Improvements

* Added library models for the relevant method calls under `jakarta.servlet.ServletRequest` and `jakarta.servlet.http.HttpServletRequest` as remote flow sources.

### Minor Analysis Improvements

* Guard implication logic involving wrapper methods has been improved. In particular, this means fewer false positives for `java/dereferenced-value-may-be-null`.

## 7.5.0

### New Features
Expand Down
4 changes: 0 additions & 4 deletions java/ql/lib/change-notes/2025-07-28-guardwrappers.md
View file
Open in desktop

This file was deleted.

4 changes: 0 additions & 4 deletions java/ql/lib/change-notes/2025-08-15-lib-models-remotesource.md
View file
Open in desktop

This file was deleted.

9 changes: 9 additions & 0 deletions java/ql/lib/change-notes/released/7.6.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
## 7.6.0

### Major Analysis Improvements

* Added library models for the relevant method calls under `jakarta.servlet.ServletRequest` and `jakarta.servlet.http.HttpServletRequest` as remote flow sources.

### Minor Analysis Improvements

* Guard implication logic involving wrapper methods has been improved. In particular, this means fewer false positives for `java/dereferenced-value-may-be-null`.
2 changes: 1 addition & 1 deletion java/ql/lib/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.5.0
lastReleaseVersion: 7.6.0
2 changes: 1 addition & 1 deletion java/ql/lib/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/java-all
version: 7.5.1-dev
version: 7.6.1-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java
Expand Down
4 changes: 4 additions & 0 deletions java/ql/src/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 1.6.3

No user-facing changes.

## 1.6.2

No user-facing changes.
Expand Down
3 changes: 3 additions & 0 deletions java/ql/src/change-notes/released/1.6.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## 1.6.3

No user-facing changes.
2 changes: 1 addition & 1 deletion java/ql/src/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.6.2
lastReleaseVersion: 1.6.3
2 changes: 1 addition & 1 deletion java/ql/src/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.6.3-dev
version: 1.6.4-dev
groups:
- java
- queries
Expand Down
6 changes: 6 additions & 0 deletions javascript/ql/lib/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
## 2.6.9

### Minor Analysis Improvements

* Improved modeling of command-line argument parsing libraries [arg](https://www.npmjs.com/package/arg), [args](https://www.npmjs.com/package/args), [command-line-args](https://www.npmjs.com/package/command-line-args) and [commander](https://www.npmjs.com/package/commander)

## 2.6.8

### Minor Analysis Improvements
Expand Down
7 changes: 4 additions & 3 deletions ...ge-notes/2025-08-01-cli-code-injection.md → ...ipt/ql/lib/change-notes/released/2.6.9.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 2.6.9

### Minor Analysis Improvements

* Improved modeling of command-line argument parsing libraries [arg](https://www.npmjs.com/package/arg), [args](https://www.npmjs.com/package/args), [command-line-args](https://www.npmjs.com/package/command-line-args) and [commander](https://www.npmjs.com/package/commander)
2 changes: 1 addition & 1 deletion javascript/ql/lib/codeql-pack.release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.6.8
lastReleaseVersion: 2.6.9
2 changes: 1 addition & 1 deletion javascript/ql/lib/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/javascript-all
version: 2.6.9-dev
version: 2.6.10-dev
groups: javascript
dbscheme: semmlecode.javascript.dbscheme
extractor: javascript
Expand Down
Loading
Loading