github · aibaars · Sep 2, 2025 · Sep 2, 2025 · Sep 2, 2025 · Sep 2, 2025
@@ -1,3 +1,7 @@
+## 0.4.16
+
+No user-facing changes.
+
 ## 0.4.15
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.4.16
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.15
+lastReleaseVersion: 0.4.16
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.16-dev
+version: 0.4.17-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,7 @@
+## 0.6.8
+
+No user-facing changes.
+
 ## 0.6.7
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.6.8
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.7
+lastReleaseVersion: 0.6.8
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.8-dev
+version: 0.6.9-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,14 @@
+## 5.5.0
+
+### New Features
+
+* Added a new class `PchFile` representing precompiled header (PCH) files used during project compilation.
+
+### Minor Analysis Improvements
+
+* Added flow summaries for the `Microsoft::WRL::ComPtr` member functions.
+* The new dataflow/taint-tracking library (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now resolves virtual function calls more precisely. This results in fewer false positives when running dataflow/taint-tracking queries on C++ projects.
+
 ## 5.4.1
 
 ### Minor Analysis Improvements

@@ -0,0 +1,10 @@
+## 5.5.0
+
+### New Features
+
+* Added a new class `PchFile` representing precompiled header (PCH) files used during project compilation.
+
+### Minor Analysis Improvements
+
+* Added flow summaries for the `Microsoft::WRL::ComPtr` member functions.
+* The new dataflow/taint-tracking library (`semmle.code.cpp.dataflow.new.DataFlow` and `semmle.code.cpp.dataflow.new.TaintTracking`) now resolves virtual function calls more precisely. This results in fewer false positives when running dataflow/taint-tracking queries on C++ projects.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.4.1
+lastReleaseVersion: 5.5.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 5.4.2-dev
+version: 5.5.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,9 @@
+## 1.4.7
+
+### Bug Fixes
+
+* Fixed an inconsistency across languages where most have a `Customizations.qll` file for adding customizations, but not all did.
+
 ## 1.4.6
 
 ### Minor Analysis Improvements

@@ -1,4 +1,5 @@
----
-category: fix
----
-* Fixed an inconsistency across languages where most have a `Customizations.qll` file for adding customizations, but not all did.
+## 1.4.7
+
+### Bug Fixes
+
+* Fixed an inconsistency across languages where most have a `Customizations.qll` file for adding customizations, but not all did.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.6
+lastReleaseVersion: 1.4.7
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.7-dev
+version: 1.4.8-dev
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.47
+
+No user-facing changes.
+
 ## 1.7.46
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.47
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.46
+lastReleaseVersion: 1.7.47
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.47-dev
+version: 1.7.48-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.47
+
+No user-facing changes.
+
 ## 1.7.46
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.47
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.46
+lastReleaseVersion: 1.7.47
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.47-dev
+version: 1.7.48-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,12 @@
+## 5.2.3
+
+### Minor Analysis Improvements
+
+* A bug has been fixed in the data flow analysis, which means that flow through calls using the `base` qualifier may now be tracked more accurately.
+* Added summary models for `System.Xml.XmlReader`, `System.Xml.XmlTextReader` and `System.Xml.XmlDictionaryReader`.
+* Models-as-data summaries for byte and char arrays and pointers now treat the entire collection as tainted, reflecting their common use as string alternatives.
+* The default taint tracking configuration now allows implicit reads from collections at sinks and in additional flow steps. This increases flow coverage for many taint tracking queries and helps reduce false negatives.
+
 ## 5.2.2
 
 No user-facing changes.

@@ -0,0 +1,8 @@
+## 5.2.3
+
+### Minor Analysis Improvements
+
+* A bug has been fixed in the data flow analysis, which means that flow through calls using the `base` qualifier may now be tracked more accurately.
+* Added summary models for `System.Xml.XmlReader`, `System.Xml.XmlTextReader` and `System.Xml.XmlDictionaryReader`.
+* Models-as-data summaries for byte and char arrays and pointers now treat the entire collection as tainted, reflecting their common use as string alternatives.
+* The default taint tracking configuration now allows implicit reads from collections at sinks and in additional flow steps. This increases flow coverage for many taint tracking queries and helps reduce false negatives.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.2.2
+lastReleaseVersion: 5.2.3
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.2.3-dev
+version: 5.2.4-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,7 @@
+## 1.3.4
+
+No user-facing changes.
+
 ## 1.3.3
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.3.4
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.3
+lastReleaseVersion: 1.3.4
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.3.4-dev
+version: 1.3.5-dev
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.30
+
+No user-facing changes.
+
 ## 1.0.29
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.30
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.29
+lastReleaseVersion: 1.0.30
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.30-dev
+version: 1.0.31-dev
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 4.3.3
+
+No user-facing changes.
+
 ## 4.3.2
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 4.3.3
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.3.2
+lastReleaseVersion: 4.3.3
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.3.3-dev
+version: 4.3.4-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,7 @@
+## 1.4.4
+
+No user-facing changes.
+
 ## 1.4.3
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.4.4
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.3
+lastReleaseVersion: 1.4.4
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.4.4-dev
+version: 1.4.5-dev
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 7.6.1
+
+No user-facing changes.
+
 ## 7.6.0
 
 ### Major Analysis Improvements

@@ -0,0 +1,3 @@
+## 7.6.1
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.6.0
+lastReleaseVersion: 7.6.1
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.6.1-dev
+version: 7.6.2-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,19 @@
+## 1.7.0
+
+### New Queries
+
+* The query `java/insecure-spring-actuator-config` has been promoted from experimental to the main query pack as `java/spring-boot-exposed-actuators-config`. Its results will now appear by default. This query detects exposure of Spring Boot actuators through configuration files. It was originally submitted as an experimental query [by @luchua-bc](https://github.com/github/codeql/pull/5384).
+
+### Query Metadata Changes
+
+* The tag `maintainability` has been removed from `java/run-finalizers-on-exit` and the tags `quality`, `correctness`, and `performance` have been added.
+* The tag `maintainability` has been removed from `java/garbage-collection` and the tags `quality` and `correctness` have been added.
+
+### Minor Analysis Improvements
+
+* Fixed a bug that was causing false negatives in rare cases in the query `java/dereferenced-value-may-be-null`.
+* Removed the `java/empty-statement` query that was subsumed by the `java/empty-block` query.
+
 ## 1.6.3
 
 No user-facing changes.