diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 4b69a1d5b361..0ca4b5393255 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 0.12.10 + +### New Features + +* Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field. +* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. +* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant. +* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. +* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant. +* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement. + +### Minor Analysis Improvements + +* Added destructors for temporary objects with extended lifetimes to the intermediate representation. + ## 0.12.9 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2024-03-15-switches-in-guard-conditions.md b/cpp/ql/lib/change-notes/2024-03-15-switches-in-guard-conditions.md deleted file mode 100644 index cf0b920e29dc..000000000000 --- a/cpp/ql/lib/change-notes/2024-03-15-switches-in-guard-conditions.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-03-19-ir-temp-extended-destructors.md b/cpp/ql/lib/change-notes/2024-03-19-ir-temp-extended-destructors.md deleted file mode 100644 index 6def83033361..000000000000 --- a/cpp/ql/lib/change-notes/2024-03-19-ir-temp-extended-destructors.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added destructors for temporary objects with extended lifetimes to the intermediate representation. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-03-19-predicates-for-switches-as-guards-2.md b/cpp/ql/lib/change-notes/2024-03-19-predicates-for-switches-as-guards-2.md deleted file mode 100644 index 88b4048f8cd1..000000000000 --- a/cpp/ql/lib/change-notes/2024-03-19-predicates-for-switches-as-guards-2.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. -* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-03-19-predicates-for-switches-as-guards.md b/cpp/ql/lib/change-notes/2024-03-19-predicates-for-switches-as-guards.md deleted file mode 100644 index 3dde8805599f..000000000000 --- a/cpp/ql/lib/change-notes/2024-03-19-predicates-for-switches-as-guards.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: feature ---- -* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. -* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/2024-03-26-taint-inheriting-content.md b/cpp/ql/lib/change-notes/2024-03-26-taint-inheriting-content.md deleted file mode 100644 index 759386e461f6..000000000000 --- a/cpp/ql/lib/change-notes/2024-03-26-taint-inheriting-content.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field. \ No newline at end of file diff --git a/cpp/ql/lib/change-notes/released/0.12.10.md b/cpp/ql/lib/change-notes/released/0.12.10.md new file mode 100644 index 000000000000..64d91af2118c --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.12.10.md @@ -0,0 +1,14 @@ +## 0.12.10 + +### New Features + +* Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field. +* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant. +* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant. +* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant. +* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant. +* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement. + +### Minor Analysis Improvements + +* Added destructors for temporary objects with extended lifetimes to the intermediate representation. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index dce1e02b6465..bd659eb114fa 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.12.9 +lastReleaseVersion: 0.12.10 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index eebc47c089bf..f8358ae72df4 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.12.10-dev +version: 0.12.10 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 52c46f65267e..01ec26e694f9 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,19 @@ +## 0.9.9 + +### New Queries + +* Added a new query, `cpp/type-confusion`, to detect casts to invalid types. + +### Query Metadata Changes + +* `@precision medium` metadata was added to the `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The `@name` metadata of these queries were also updated. + +### Minor Analysis Improvements + +* The "Missing return-value check for a 'scanf'-like function" query (`cpp/missing-check-scanf`) has been converted to a `path-problem` query. +* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) has been converted to a `path-problem` query. +* Added models for `GLib` allocation and deallocation functions. + ## 0.9.8 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2024-03-05-type-confusion-query.md b/cpp/ql/src/change-notes/2024-03-05-type-confusion-query.md deleted file mode 100644 index f96a4684b769..000000000000 --- a/cpp/ql/src/change-notes/2024-03-05-type-confusion-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `cpp/type-confusion`, to detect casts to invalid types. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2024-03-13-glib-alloc-and-dealloc.md b/cpp/ql/src/change-notes/2024-03-13-glib-alloc-and-dealloc.md deleted file mode 100644 index bc9082285d41..000000000000 --- a/cpp/ql/src/change-notes/2024-03-13-glib-alloc-and-dealloc.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for `GLib` allocation and deallocation functions. diff --git a/cpp/ql/src/change-notes/2024-03-18-uninitialized-local-path-problem.md b/cpp/ql/src/change-notes/2024-03-18-uninitialized-local-path-problem.md deleted file mode 100644 index 14a8c2e7ce74..000000000000 --- a/cpp/ql/src/change-notes/2024-03-18-uninitialized-local-path-problem.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) has been converted to a `path-problem` query. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2024-03-20-missing-check-scanf-path-problem.md b/cpp/ql/src/change-notes/2024-03-20-missing-check-scanf-path-problem.md deleted file mode 100644 index 12a185add1ea..000000000000 --- a/cpp/ql/src/change-notes/2024-03-20-missing-check-scanf-path-problem.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The "Missing return-value check for a 'scanf'-like function" query (`cpp/missing-check-scanf`) has been converted to a `path-problem` query. \ No newline at end of file diff --git a/cpp/ql/src/change-notes/2024-03-22-boost-ssl.md b/cpp/ql/src/change-notes/2024-03-22-boost-ssl.md deleted file mode 100644 index d4a4e0a73073..000000000000 --- a/cpp/ql/src/change-notes/2024-03-22-boost-ssl.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* `@precision medium` metadata was added to the `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The `@name` metadata of these queries were also updated. diff --git a/cpp/ql/src/change-notes/released/0.9.9.md b/cpp/ql/src/change-notes/released/0.9.9.md new file mode 100644 index 000000000000..46f120c28d76 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.9.9.md @@ -0,0 +1,15 @@ +## 0.9.9 + +### New Queries + +* Added a new query, `cpp/type-confusion`, to detect casts to invalid types. + +### Query Metadata Changes + +* `@precision medium` metadata was added to the `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The `@name` metadata of these queries were also updated. + +### Minor Analysis Improvements + +* The "Missing return-value check for a 'scanf'-like function" query (`cpp/missing-check-scanf`) has been converted to a `path-problem` query. +* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) has been converted to a `path-problem` query. +* Added models for `GLib` allocation and deallocation functions. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 9ca6c6f26786..aabed7c396b7 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.8 +lastReleaseVersion: 0.9.9 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index ce202c1b85d1..5d9a5252c00d 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.9.9-dev +version: 0.9.9 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index bea6df22685c..50143af24fbb 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.13 + +No user-facing changes. + ## 1.7.12 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.13.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.13.md new file mode 100644 index 000000000000..e2656ce672c1 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.13.md @@ -0,0 +1,3 @@ +## 1.7.13 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 6d169efe9202..e5f93542dfcc 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.12 +lastReleaseVersion: 1.7.13 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index f3bf8992f7d4..f12c8e2c95e5 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.13-dev +version: 1.7.13 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index bea6df22685c..50143af24fbb 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.13 + +No user-facing changes. + ## 1.7.12 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.13.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.13.md new file mode 100644 index 000000000000..e2656ce672c1 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.13.md @@ -0,0 +1,3 @@ +## 1.7.13 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 6d169efe9202..e5f93542dfcc 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.12 +lastReleaseVersion: 1.7.13 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index a732080cfb41..74444203f849 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.13-dev +version: 1.7.13 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 37d2c804be83..27133addc5c3 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,21 @@ +## 0.9.0 + +### Breaking Changes + +* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction. +* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction. + +### Minor Analysis Improvements + +* Added new source models for the `Dapper` package. These models can be enabled by enabling the `database` threat model. +* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream. +* Support for C# 12 / .NET8. +* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows. +* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs. +* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models. +* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model. +* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`. + ## 0.8.12 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2024-03-04-deprecate-dotnet-and-cil.md b/csharp/ql/lib/change-notes/2024-03-04-deprecate-dotnet-and-cil.md deleted file mode 100644 index fea31bb8bbb2..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-04-deprecate-dotnet-and-cil.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction. diff --git a/csharp/ql/lib/change-notes/2024-03-04-fixed-system.io.textreader-models.md b/csharp/ql/lib/change-notes/2024-03-04-fixed-system.io.textreader-models.md deleted file mode 100644 index a32f8a7c22c7..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-04-fixed-system.io.textreader-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`. diff --git a/csharp/ql/lib/change-notes/2024-03-05-new-commandargs-and-environment-models.md b/csharp/ql/lib/change-notes/2024-03-05-new-commandargs-and-environment-models.md deleted file mode 100644 index 0bee733157ce..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-05-new-commandargs-and-environment-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models. -* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model. diff --git a/csharp/ql/lib/change-notes/2024-03-07-remove-cil-extractor.md b/csharp/ql/lib/change-notes/2024-03-07-remove-cil-extractor.md deleted file mode 100644 index 36be2372b4ec..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-07-remove-cil-extractor.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction. diff --git a/csharp/ql/lib/change-notes/2024-03-07-update-system.net.http.httprequestmessage-models.md b/csharp/ql/lib/change-notes/2024-03-07-update-system.net.http.httprequestmessage-models.md deleted file mode 100644 index 2ac3a1059c6b..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-07-update-system.net.http.httprequestmessage-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2024-03-11-csharp12-dotnet8.md b/csharp/ql/lib/change-notes/2024-03-11-csharp12-dotnet8.md deleted file mode 100644 index 7111e8966d68..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-11-csharp12-dotnet8.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Support for C# 12 / .NET8. diff --git a/csharp/ql/lib/change-notes/2024-03-11-registry-sources.md b/csharp/ql/lib/change-notes/2024-03-11-registry-sources.md deleted file mode 100644 index 1d1050491855..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-11-registry-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows. diff --git a/csharp/ql/lib/change-notes/2024-03-13-system.io-models.md b/csharp/ql/lib/change-notes/2024-03-13-system.io-models.md deleted file mode 100644 index 84db6a663aea..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-13-system.io-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream. diff --git a/csharp/ql/lib/change-notes/2024-03-14-dapper-source-models.md b/csharp/ql/lib/change-notes/2024-03-14-dapper-source-models.md deleted file mode 100644 index 204ae7db3ae9..000000000000 --- a/csharp/ql/lib/change-notes/2024-03-14-dapper-source-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added new source models for the `Dapper` package. These models can be enabled by enabling the `database` threat model. diff --git a/csharp/ql/lib/change-notes/released/0.9.0.md b/csharp/ql/lib/change-notes/released/0.9.0.md new file mode 100644 index 000000000000..32e8e35d76d1 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.9.0.md @@ -0,0 +1,17 @@ +## 0.9.0 + +### Breaking Changes + +* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction. +* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction. + +### Minor Analysis Improvements + +* Added new source models for the `Dapper` package. These models can be enabled by enabling the `database` threat model. +* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream. +* Support for C# 12 / .NET8. +* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows. +* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs. +* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models. +* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model. +* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index af4e83c549e4..8b9fc185202d 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.9.0 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 7d389b9e5604..bd9558fa2494 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.13-dev +version: 0.9.0 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index df97b469252a..bbd7f8bc147e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.8.13 + +### Major Analysis Improvements + +* The `Stored` variants of some queries (`cs/stored-command-line-injection`, `cs/web/stored-xss`, `cs/stored-ldap-injection`, `cs/xml/stored-xpath-injection`, `cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the `file` and `database` threat models in your threat model configuration. + +### Minor Analysis Improvements + +* The alert message of `cs/wrong-compareto-signature` has been changed to remove unnecessary element references. +* Data flow queries that track flow from *local* flow sources now use the current *threat model* configuration instead. This may lead to changes in the produced alerts if the threat model configuration only uses *remote* flow sources. The changed queries are `cs/code-injection`, `cs/resource-injection`, `cs/sql-injection`, and `cs/uncontrolled-format-string`. + ## 0.8.12 No user-facing changes. diff --git a/csharp/ql/src/change-notes/2024-03-06-remove-default-local-sources.md b/csharp/ql/src/change-notes/2024-03-06-remove-default-local-sources.md deleted file mode 100644 index 19494571ad15..000000000000 --- a/csharp/ql/src/change-notes/2024-03-06-remove-default-local-sources.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Data flow queries that track flow from *local* flow sources now use the current *threat model* configuration instead. This may lead to changes in the produced alerts if the threat model configuration only uses *remote* flow sources. The changed queries are `cs/code-injection`, `cs/resource-injection`, `cs/sql-injection`, and `cs/uncontrolled-format-string`. - diff --git a/csharp/ql/src/change-notes/2024-03-11-remove-stored-query-variants.md b/csharp/ql/src/change-notes/2024-03-11-remove-stored-query-variants.md deleted file mode 100644 index 3ca0b14f7b2b..000000000000 --- a/csharp/ql/src/change-notes/2024-03-11-remove-stored-query-variants.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: majorAnalysis ---- -* The `Stored` variants of some queries (`cs/stored-command-line-injection`, `cs/web/stored-xss`, `cs/stored-ldap-injection`, `cs/xml/stored-xpath-injection`, `cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the `file` and `database` threat models in your threat model configuration. - diff --git a/csharp/ql/src/change-notes/2024-03-21-change-compareto-signature.md b/csharp/ql/src/change-notes/2024-03-21-change-compareto-signature.md deleted file mode 100644 index 026321ea9af2..000000000000 --- a/csharp/ql/src/change-notes/2024-03-21-change-compareto-signature.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The alert message of `cs/wrong-compareto-signature` has been changed to remove unnecessary element references. - diff --git a/csharp/ql/src/change-notes/released/0.8.13.md b/csharp/ql/src/change-notes/released/0.8.13.md new file mode 100644 index 000000000000..e534c66fc8ed --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.8.13.md @@ -0,0 +1,10 @@ +## 0.8.13 + +### Major Analysis Improvements + +* The `Stored` variants of some queries (`cs/stored-command-line-injection`, `cs/web/stored-xss`, `cs/stored-ldap-injection`, `cs/xml/stored-xpath-injection`, `cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the `file` and `database` threat models in your threat model configuration. + +### Minor Analysis Improvements + +* The alert message of `cs/wrong-compareto-signature` has been changed to remove unnecessary element references. +* Data flow queries that track flow from *local* flow sources now use the current *threat model* configuration instead. This may lead to changes in the produced alerts if the threat model configuration only uses *remote* flow sources. The changed queries are `cs/code-injection`, `cs/resource-injection`, `cs/sql-injection`, and `cs/uncontrolled-format-string`. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index af4e83c549e4..0fb6f3d786cb 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.8.13 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index e9d1d526a81b..609c625fe5a3 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.13-dev +version: 0.8.13 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index d9dd6b6f2e25..83a42fb05515 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.12 + +No user-facing changes. + ## 0.0.11 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.12.md b/go/ql/consistency-queries/change-notes/released/0.0.12.md new file mode 100644 index 000000000000..0e206033bc47 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.12.md @@ -0,0 +1,3 @@ +## 0.0.12 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index e679dc420925..997fb8da83cd 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.11 +lastReleaseVersion: 0.0.12 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 3c398a7cf84f..fbd2978d4389 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.12-dev +version: 0.0.12 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index bc6537af817a..0fa4dfe0ec80 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.7.13 + +### Minor Analysis Improvements + +* The `CODEQL_EXTRACTOR_GO_FAST_PACKAGE_INFO` option, which speeds up retrieval of dependency information, is now on by default. This was originally an external contribution by @xhd2015. +* Added dataflow sources for the package `gopkg.in/macaron.v1`. + ## 0.7.12 No user-facing changes. diff --git a/go/ql/lib/change-notes/2024-03-04-macaron-sources.md b/go/ql/lib/change-notes/2024-03-04-macaron-sources.md deleted file mode 100644 index 72ea242510de..000000000000 --- a/go/ql/lib/change-notes/2024-03-04-macaron-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added dataflow sources for the package `gopkg.in/macaron.v1`. diff --git a/go/ql/lib/change-notes/2024-03-20-dependecy-retrieval-improvement.md b/go/ql/lib/change-notes/released/0.7.13.md similarity index 63% rename from go/ql/lib/change-notes/2024-03-20-dependecy-retrieval-improvement.md rename to go/ql/lib/change-notes/released/0.7.13.md index 42fc258f9735..c6fab4935a1f 100644 --- a/go/ql/lib/change-notes/2024-03-20-dependecy-retrieval-improvement.md +++ b/go/ql/lib/change-notes/released/0.7.13.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.7.13 + +### Minor Analysis Improvements + * The `CODEQL_EXTRACTOR_GO_FAST_PACKAGE_INFO` option, which speeds up retrieval of dependency information, is now on by default. This was originally an external contribution by @xhd2015. +* Added dataflow sources for the package `gopkg.in/macaron.v1`. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 8afa417865a1..8a077216acc0 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.12 +lastReleaseVersion: 0.7.13 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 8cc40e77dec2..2c1fbe254faa 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.13-dev +version: 0.7.13 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 497f82e86798..2bee579db9cb 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 0.7.13 + +### New Queries + +* The query "Slice memory allocation with excessive size value" (`go/uncontrolled-allocation-size`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @Malayke](https://github.com/github/codeql/pull/15130). + +### Minor Analysis Improvements + +* The query `go/hardcoded-credentials` no longer discards string literals based on "weak password" heuristics. +* The query `go/sql-injection` now recognizes more sinks in the package `github.com/Masterminds/squirrel`. + ## 0.7.12 No user-facing changes. diff --git a/go/ql/src/change-notes/2024-03-05-squirrel-sqli-sinks.md b/go/ql/src/change-notes/2024-03-05-squirrel-sqli-sinks.md deleted file mode 100644 index 0b6a78df9f93..000000000000 --- a/go/ql/src/change-notes/2024-03-05-squirrel-sqli-sinks.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `go/sql-injection` now recognizes more sinks in the package `github.com/Masterminds/squirrel`. diff --git a/go/ql/src/change-notes/2024-03-14-hardcoded-credentials-more-sources.md b/go/ql/src/change-notes/2024-03-14-hardcoded-credentials-more-sources.md deleted file mode 100644 index ad6f712958e6..000000000000 --- a/go/ql/src/change-notes/2024-03-14-hardcoded-credentials-more-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `go/hardcoded-credentials` no longer discards string literals based on "weak password" heuristics. diff --git a/go/ql/src/change-notes/2024-03-07-uncontrolled-allocation-size.md b/go/ql/src/change-notes/released/0.7.13.md similarity index 53% rename from go/ql/src/change-notes/2024-03-07-uncontrolled-allocation-size.md rename to go/ql/src/change-notes/released/0.7.13.md index 663932005eb1..e11b39869790 100644 --- a/go/ql/src/change-notes/2024-03-07-uncontrolled-allocation-size.md +++ b/go/ql/src/change-notes/released/0.7.13.md @@ -1,4 +1,10 @@ ---- -category: newQuery ---- +## 0.7.13 + +### New Queries + * The query "Slice memory allocation with excessive size value" (`go/uncontrolled-allocation-size`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @Malayke](https://github.com/github/codeql/pull/15130). + +### Minor Analysis Improvements + +* The query `go/hardcoded-credentials` no longer discards string literals based on "weak password" heuristics. +* The query `go/sql-injection` now recognizes more sinks in the package `github.com/Masterminds/squirrel`. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 8afa417865a1..8a077216acc0 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.12 +lastReleaseVersion: 0.7.13 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 080d257b8d02..2ab9616891b2 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.13-dev +version: 0.7.13 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 0205da54adf8..af83bbb07001 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.20 + +No user-facing changes. + ## 0.0.19 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.20.md b/java/ql/automodel/src/change-notes/released/0.0.20.md new file mode 100644 index 000000000000..98daf20a59a1 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.20.md @@ -0,0 +1,3 @@ +## 0.0.20 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index f406319f372e..d2e86745bcaa 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.19 +lastReleaseVersion: 0.0.20 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index 1c22e00eb0e2..c4b5940f928b 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.20-dev +version: 0.0.20 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 5f8d993294ad..36c5ca2a6a6a 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.9.0 + +### Breaking Changes + +* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable. + +### Minor Analysis Improvements + +* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL. +* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns. +* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`. +* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class. + ## 0.8.12 No user-facing changes. diff --git a/java/ql/lib/change-notes/2024-03-11-add-parcelfiledescriptor-open-model.md b/java/ql/lib/change-notes/2024-03-11-add-parcelfiledescriptor-open-model.md deleted file mode 100644 index 31f76712828e..000000000000 --- a/java/ql/lib/change-notes/2024-03-11-add-parcelfiledescriptor-open-model.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class. diff --git a/java/ql/lib/change-notes/2024-03-21-env-vars.md b/java/ql/lib/change-notes/2024-03-21-env-vars.md deleted file mode 100644 index 9306a814a7c9..000000000000 --- a/java/ql/lib/change-notes/2024-03-21-env-vars.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable. diff --git a/java/ql/lib/change-notes/2024-03-22-anonymous-variables.md b/java/ql/lib/change-notes/2024-03-22-anonymous-variables.md deleted file mode 100644 index 029d3dfbff42..000000000000 --- a/java/ql/lib/change-notes/2024-03-22-anonymous-variables.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns. -* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`. diff --git a/java/ql/lib/change-notes/2024-03-26-url-models-precision.md b/java/ql/lib/change-notes/2024-03-26-url-models-precision.md deleted file mode 100644 index d6fb561e725f..000000000000 --- a/java/ql/lib/change-notes/2024-03-26-url-models-precision.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL. diff --git a/java/ql/lib/change-notes/released/0.9.0.md b/java/ql/lib/change-notes/released/0.9.0.md new file mode 100644 index 000000000000..ad20fb98cbfb --- /dev/null +++ b/java/ql/lib/change-notes/released/0.9.0.md @@ -0,0 +1,12 @@ +## 0.9.0 + +### Breaking Changes + +* The Java extractor no longer supports the `ODASA_SNAPSHOT` legacy environment variable. + +### Minor Analysis Improvements + +* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL. +* The Java extractor and QL libraries now support Java 22, including support for anonymous variables, lambda parameters and patterns. +* Pattern cases with multiple patterns and that fall through to or from other pattern cases are now supported. The `PatternCase` class gains the new `getPatternAtIndex` and `getAPattern` predicates, and deprecates `getPattern`. +* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index af4e83c549e4..8b9fc185202d 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.9.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index c3a0a9476bb8..768e57ad9c68 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.13-dev +version: 0.9.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 73ab2688c982..4b758396b916 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,18 @@ +## 0.8.13 + +### New Queries + +* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286). + +### Major Analysis Improvements + +* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing. + +### Minor Analysis Improvements + +* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts. +* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries. + ## 0.8.12 No user-facing changes. diff --git a/java/ql/src/change-notes/2024-03-06-url-forward-query.md b/java/ql/src/change-notes/2024-03-06-url-forward-query.md deleted file mode 100644 index 46028bda4f21..000000000000 --- a/java/ql/src/change-notes/2024-03-06-url-forward-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286). diff --git a/java/ql/src/change-notes/2024-03-12-request-sanitizers.md b/java/ql/src/change-notes/2024-03-12-request-sanitizers.md deleted file mode 100644 index 08229d6d7d0d..000000000000 --- a/java/ql/src/change-notes/2024-03-12-request-sanitizers.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries. \ No newline at end of file diff --git a/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md b/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md deleted file mode 100644 index 017e5abd7eee..000000000000 --- a/java/ql/src/change-notes/2024-03-24-sensitive-log-whitelist-tokenimage.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts. diff --git a/java/ql/src/change-notes/2024-03-27-MissingEnumInSwitch.md b/java/ql/src/change-notes/2024-03-27-MissingEnumInSwitch.md deleted file mode 100644 index b1531dab6558..000000000000 --- a/java/ql/src/change-notes/2024-03-27-MissingEnumInSwitch.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing. diff --git a/java/ql/src/change-notes/released/0.8.13.md b/java/ql/src/change-notes/released/0.8.13.md new file mode 100644 index 000000000000..22dba4fa4fa6 --- /dev/null +++ b/java/ql/src/change-notes/released/0.8.13.md @@ -0,0 +1,14 @@ +## 0.8.13 + +### New Queries + +* The query `java/unsafe-url-forward-dispatch-load` has been promoted from experimental to the main query pack as `java/unvalidated-url-forward`. Its results will now appear by default. This query was originally submitted as an experimental query [by @haby0](https://github.com/github/codeql/pull/6240) and [by @luchua-bc](https://github.com/github/codeql/pull/7286). + +### Major Analysis Improvements + +* The `java/missing-case-in-switch` query now gives only a single alert for each switch statement, giving some examples of the missing cases as well as a count of how many are missing. + +### Minor Analysis Improvements + +* Variables named `tokenImage` are no longer sources for the `java/sensitive-log` query. This is because this variable name is used in parsing code generated by JavaCC, so it causes a large number of false positive alerts. +* Added sanitizers for relative URLs, `List.contains()`, and checking the host of a URI to the `java/ssrf` and `java/unvalidated-url-redirection` queries. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index af4e83c549e4..0fb6f3d786cb 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.8.13 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index ab853297ba95..d67193843bea 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.13-dev +version: 0.8.13 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 2bdc2e4152a0..4d66cfc9f6c5 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.13 + +### Major Analysis Improvements + +* Added support for TypeScript 5.4. + ## 0.8.12 No user-facing changes. diff --git a/javascript/ql/lib/change-notes/2024-02-02-typescript-5-4.md b/javascript/ql/lib/change-notes/2024-02-02-typescript-5-4.md deleted file mode 100644 index 836719b5d6bf..000000000000 --- a/javascript/ql/lib/change-notes/2024-02-02-typescript-5-4.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* Added support for TypeScript 5.4. \ No newline at end of file diff --git a/javascript/ql/lib/change-notes/released/0.8.13.md b/javascript/ql/lib/change-notes/released/0.8.13.md new file mode 100644 index 000000000000..bfa4a62d5ae5 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.8.13.md @@ -0,0 +1,5 @@ +## 0.8.13 + +### Major Analysis Improvements + +* Added support for TypeScript 5.4. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index af4e83c549e4..0fb6f3d786cb 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.8.13 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index fd7d54764024..1ed74009ef0c 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.13-dev +version: 0.8.13 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 43cbc8facf85..2ae12bca4841 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.8.13 + +### Query Metadata Changes + +* The `@precision` of the `js/unsafe-external-link` has been reduced to `low` to reflect the fact that modern browsers do not expose the opening window for such links. This mitigates the potential security risk of having a link with `target="_blank"`. + +### Minor Analysis Improvements + +* The call graph has been improved, leading to more alerts for data flow based queries. + ## 0.8.12 No user-facing changes. diff --git a/javascript/ql/src/change-notes/2024-03-07-lift-cg-restriction.md b/javascript/ql/src/change-notes/2024-03-07-lift-cg-restriction.md deleted file mode 100644 index 4d591aaf9a27..000000000000 --- a/javascript/ql/src/change-notes/2024-03-07-lift-cg-restriction.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The call graph has been improved, leading to more alerts for data flow based queries. diff --git a/javascript/ql/src/change-notes/2024-03-21-target-blank-precision.md b/javascript/ql/src/change-notes/2024-03-21-target-blank-precision.md deleted file mode 100644 index 5bcb0ba74635..000000000000 --- a/javascript/ql/src/change-notes/2024-03-21-target-blank-precision.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The `@precision` of the `js/unsafe-external-link` has been reduced to `low` to reflect the fact that modern browsers do not expose the opening window for such links. This mitigates the potential security risk of having a link with `target="_blank"`. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/released/0.8.13.md b/javascript/ql/src/change-notes/released/0.8.13.md new file mode 100644 index 000000000000..282e759a49e4 --- /dev/null +++ b/javascript/ql/src/change-notes/released/0.8.13.md @@ -0,0 +1,9 @@ +## 0.8.13 + +### Query Metadata Changes + +* The `@precision` of the `js/unsafe-external-link` has been reduced to `low` to reflect the fact that modern browsers do not expose the opening window for such links. This mitigates the potential security risk of having a link with `target="_blank"`. + +### Minor Analysis Improvements + +* The call graph has been improved, leading to more alerts for data flow based queries. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index af4e83c549e4..0fb6f3d786cb 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.8.13 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 6967bcbff044..49576a207cd5 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.13-dev +version: 0.8.13 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index c61f0b26d002..3b1863cfbf15 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.13 + +No user-facing changes. + ## 0.7.12 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.13.md b/misc/suite-helpers/change-notes/released/0.7.13.md new file mode 100644 index 000000000000..fac5f02103fa --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.13.md @@ -0,0 +1,3 @@ +## 0.7.13 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 8afa417865a1..8a077216acc0 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.12 +lastReleaseVersion: 0.7.13 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index c366cba2c912..94ac367a7557 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.13-dev +version: 0.7.13 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 966356feed28..645b686ac8c1 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.11.13 + +No user-facing changes. + ## 0.11.12 No user-facing changes. diff --git a/python/ql/lib/change-notes/released/0.11.13.md b/python/ql/lib/change-notes/released/0.11.13.md new file mode 100644 index 000000000000..e8bde4caf9fd --- /dev/null +++ b/python/ql/lib/change-notes/released/0.11.13.md @@ -0,0 +1,3 @@ +## 0.11.13 + +No user-facing changes. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 28f7725cf851..387883efdfb3 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.12 +lastReleaseVersion: 0.11.13 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index f2357da6c2c9..c150a37790c2 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.13-dev +version: 0.11.13 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index d8737a310b3b..53ed161fecbf 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.13 + +No user-facing changes. + ## 0.9.12 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.9.13.md b/python/ql/src/change-notes/released/0.9.13.md new file mode 100644 index 000000000000..e188021618c3 --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.13.md @@ -0,0 +1,3 @@ +## 0.9.13 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 12f1a311ecad..74bee36d150c 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.12 +lastReleaseVersion: 0.9.13 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index c6d2ef63f29f..b24b25bd8211 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.13-dev +version: 0.9.13 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 9b2503120f90..a33055760537 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.8.13 + +### Minor Analysis Improvements + +* Data flow is now tracked through `ActiveRecord` scopes. +* Modeled instances of `ActionDispatch::Http::UploadedFile` that can be obtained from element reads of `ActionController::Parameters`, with calls to `original_filename`, `content_type`, and `read` now propagating taint from their receiver. +* The second argument, `subquery_name`, of the `ActiveRecord::QueryMethods::from` method, is now recognized as an sql injection sink. +* Calls to `Typhoeus::Request.new` are now considered as instances of the `Http::Client::Request` concept, with the response body being treated as a remote flow source. +* New command injection sinks have been added, including `Process.spawn`, `Process.exec`, `Terrapin::CommandLine` and the `open4` gem. + ## 0.8.12 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2024-02-27-process-spawn.md b/ruby/ql/lib/change-notes/2024-02-27-process-spawn.md deleted file mode 100644 index 9c20f05d8659..000000000000 --- a/ruby/ql/lib/change-notes/2024-02-27-process-spawn.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* New command injection sinks have been added, including `Process.spawn`, `Process.exec`, `Terrapin::CommandLine` and the `open4` gem. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-03-01-typhoeus-request.md b/ruby/ql/lib/change-notes/2024-03-01-typhoeus-request.md deleted file mode 100644 index f008869fbcd5..000000000000 --- a/ruby/ql/lib/change-notes/2024-03-01-typhoeus-request.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Calls to `Typhoeus::Request.new` are now considered as instances of the `Http::Client::Request` concept, with the response body being treated as a remote flow source. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-03-08-activerecord-from.md b/ruby/ql/lib/change-notes/2024-03-08-activerecord-from.md deleted file mode 100644 index 704a4f27a619..000000000000 --- a/ruby/ql/lib/change-notes/2024-03-08-activerecord-from.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The second argument, `subquery_name`, of the `ActiveRecord::QueryMethods::from` method, is now recognized as an sql injection sink. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-03-14-actiondispatch-uploadedfile.md b/ruby/ql/lib/change-notes/2024-03-14-actiondispatch-uploadedfile.md deleted file mode 100644 index a02ca0d00a2a..000000000000 --- a/ruby/ql/lib/change-notes/2024-03-14-actiondispatch-uploadedfile.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Modeled instances of `ActionDispatch::Http::UploadedFile` that can be obtained from element reads of `ActionController::Parameters`, with calls to `original_filename`, `content_type`, and `read` now propagating taint from their receiver. \ No newline at end of file diff --git a/ruby/ql/lib/change-notes/2024-03-19-activerecord-scopes.md b/ruby/ql/lib/change-notes/2024-03-19-activerecord-scopes.md deleted file mode 100644 index 963479568a0b..000000000000 --- a/ruby/ql/lib/change-notes/2024-03-19-activerecord-scopes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Data flow is now tracked through `ActiveRecord` scopes. diff --git a/ruby/ql/lib/change-notes/released/0.8.13.md b/ruby/ql/lib/change-notes/released/0.8.13.md new file mode 100644 index 000000000000..cc844ffc764e --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.8.13.md @@ -0,0 +1,9 @@ +## 0.8.13 + +### Minor Analysis Improvements + +* Data flow is now tracked through `ActiveRecord` scopes. +* Modeled instances of `ActionDispatch::Http::UploadedFile` that can be obtained from element reads of `ActionController::Parameters`, with calls to `original_filename`, `content_type`, and `read` now propagating taint from their receiver. +* The second argument, `subquery_name`, of the `ActiveRecord::QueryMethods::from` method, is now recognized as an sql injection sink. +* Calls to `Typhoeus::Request.new` are now considered as instances of the `Http::Client::Request` concept, with the response body being treated as a remote flow source. +* New command injection sinks have been added, including `Process.spawn`, `Process.exec`, `Terrapin::CommandLine` and the `open4` gem. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index af4e83c549e4..0fb6f3d786cb 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.8.13 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index bc8a4aa28135..1d8218b6fa0e 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.13-dev +version: 0.8.13 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 3810951acb52..508fa71de4ad 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.13 + +No user-facing changes. + ## 0.8.12 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/0.8.13.md b/ruby/ql/src/change-notes/released/0.8.13.md new file mode 100644 index 000000000000..4f7ef70cec56 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.13.md @@ -0,0 +1,3 @@ +## 0.8.13 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index af4e83c549e4..0fb6f3d786cb 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.12 +lastReleaseVersion: 0.8.13 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index b18213909586..029e052108f4 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.13-dev +version: 0.8.13 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index fc8378ff3b92..aaebbbb43183 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.13 + +No user-facing changes. + ## 0.1.12 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.13.md b/shared/controlflow/change-notes/released/0.1.13.md new file mode 100644 index 000000000000..827f5e3ec44e --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.13.md @@ -0,0 +1,3 @@ +## 0.1.13 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index bfd6e9036419..f43379f81961 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.12 +lastReleaseVersion: 0.1.13 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 3a6d1131f86d..cb04f661c85a 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.13-dev +version: 0.1.13 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 458cde63603f..b5267b6d9b0c 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.4 + +### Minor Analysis Improvements + +* Path explanations now include flow that goes through callbacks passed into library functions. For example, if `map` is a library function, then in `result = map(xs, x => x + 1)` we will now include the step from `x` to `x + 1` in the path explanation, instead of going directly from `xs` to `result`. Note that this change does not affect actual query results, but only how path explanations are computed. + ## 0.2.3 No user-facing changes. diff --git a/shared/dataflow/change-notes/2024-02-28-hidden-subpaths.md b/shared/dataflow/change-notes/released/0.2.4.md similarity index 90% rename from shared/dataflow/change-notes/2024-02-28-hidden-subpaths.md rename to shared/dataflow/change-notes/released/0.2.4.md index 05a48eb80508..075802f2b5da 100644 --- a/shared/dataflow/change-notes/2024-02-28-hidden-subpaths.md +++ b/shared/dataflow/change-notes/released/0.2.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.2.4 + +### Minor Analysis Improvements + * Path explanations now include flow that goes through callbacks passed into library functions. For example, if `map` is a library function, then in `result = map(xs, x => x + 1)` we will now include the step from `x` to `x + 1` in the path explanation, instead of going directly from `xs` to `result`. Note that this change does not affect actual query results, but only how path explanations are computed. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 0b605901b424..7f1e3841dcd6 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.3 +lastReleaseVersion: 0.2.4 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 386290bde293..9c0976ca1094 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.2.4-dev +version: 0.2.4 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index df97cb97717d..afeee7894871 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.13.md b/shared/mad/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/mad/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index a5ea1168b923..77a69168fe9b 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 7f284f0bfb88..465ab789d4a1 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.12 + +No user-facing changes. + ## 0.0.11 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/0.0.12.md b/shared/rangeanalysis/change-notes/released/0.0.12.md new file mode 100644 index 000000000000..0e206033bc47 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.12.md @@ -0,0 +1,3 @@ +## 0.0.12 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index e679dc420925..997fb8da83cd 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.11 +lastReleaseVersion: 0.0.12 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 4d8f0196bec3..df8fbd5e8374 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.12-dev +version: 0.0.12 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 2b955eaf376e..6b0950887f99 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.13.md b/shared/regex/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/regex/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 607c548a2a36..e47715dd3227 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 7e74b25e47ee..7b073dbfe7bf 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.13.md b/shared/ssa/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 5c773a56a668..3877a1a98f94 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index d9dd6b6f2e25..83a42fb05515 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.12 + +No user-facing changes. + ## 0.0.11 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.12.md b/shared/threat-models/change-notes/released/0.0.12.md new file mode 100644 index 000000000000..0e206033bc47 --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.12.md @@ -0,0 +1,3 @@ +## 0.0.12 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index e679dc420925..997fb8da83cd 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.11 +lastReleaseVersion: 0.0.12 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 08e2ae0c3306..1d8b017f7984 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.12-dev +version: 0.0.12 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 01fdf65587ab..32d42cbeb393 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.13.md b/shared/tutorial/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index cf4f16583a3d..ee00cd14490d 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 242657d19d8e..18024e289810 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.13.md b/shared/typetracking/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 166a7c170cdb..7f1ce51b4df5 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 26e1c3ae5469..dbf4204fcadc 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.13.md b/shared/typos/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/typos/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 47bc18e8902e..36250357dae5 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index b8ae5cf523d8..1c0c715c928e 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/util/change-notes/released/0.2.13.md b/shared/util/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/util/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 7862cb35d816..e4c8f9b21665 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 9a5910ec3740..67d1e732a0f3 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.13 + +No user-facing changes. + ## 0.2.12 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.13.md b/shared/yaml/change-notes/released/0.2.13.md new file mode 100644 index 000000000000..42f11678bd3d --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.13.md @@ -0,0 +1,3 @@ +## 0.2.13 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index da1cea933934..979eb20092e9 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.12 +lastReleaseVersion: 0.2.13 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 9813c6fb57c4..f12c77ef671c 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.13-dev +version: 0.2.13 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 5a35f47aa898..4bc92a92c822 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.3.13 + +### Major Analysis Improvements + +* Upgraded to Swift 5.10 +* New AST node is extracted: `ThenStmt` + ## 0.3.12 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2024-03-28-swift-5.10.md b/swift/ql/lib/change-notes/released/0.3.13.md similarity index 59% rename from swift/ql/lib/change-notes/2024-03-28-swift-5.10.md rename to swift/ql/lib/change-notes/released/0.3.13.md index bfc371a89e95..c1639172fd4a 100644 --- a/swift/ql/lib/change-notes/2024-03-28-swift-5.10.md +++ b/swift/ql/lib/change-notes/released/0.3.13.md @@ -1,5 +1,6 @@ ---- -category: majorAnalysis ---- +## 0.3.13 + +### Major Analysis Improvements + * Upgraded to Swift 5.10 * New AST node is extracted: `ThenStmt` diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 3e6664ee4b69..8791b4867d13 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.12 +lastReleaseVersion: 0.3.13 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index d06a216db89b..f4143f293406 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.13-dev +version: 0.3.13 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 4ae49cfbfea4..2b745bd7bb15 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.13 + +No user-facing changes. + ## 0.3.12 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/0.3.13.md b/swift/ql/src/change-notes/released/0.3.13.md new file mode 100644 index 000000000000..890ab1e3e3f3 --- /dev/null +++ b/swift/ql/src/change-notes/released/0.3.13.md @@ -0,0 +1,3 @@ +## 0.3.13 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 3e6664ee4b69..8791b4867d13 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.12 +lastReleaseVersion: 0.3.13 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 1dace3146de9..21fae0156ea3 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.13-dev +version: 0.3.13 groups: - swift - queries