Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 0 additions & 7 deletions actions/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,3 @@
## 0.4.38

### Bug Fixes

* GitHub Actions queries now better account for permission checks on jobs that call reusable workflows.
* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.

## 0.4.37

### Minor Analysis Improvements
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: fix
---
* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.
4 changes: 4 additions & 0 deletions actions/ql/lib/change-notes/2026-06-15-permission_check.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: fix
---
* GitHub Actions queries now better account for permission checks on jobs that call reusable workflows.
6 changes: 0 additions & 6 deletions actions/ql/lib/change-notes/released/0.4.38.md

This file was deleted.

2 changes: 1 addition & 1 deletion actions/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.38
lastReleaseVersion: 0.4.37
2 changes: 1 addition & 1 deletion actions/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.38
version: 0.4.38-dev
library: true
warnOnImplicitThis: true
dependencies:
Expand Down
6 changes: 0 additions & 6 deletions actions/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
## 0.6.30

### Query Metadata Changes

* The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.

## 0.6.29

### Query Metadata Changes
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
## 0.6.30

### Query Metadata Changes

---
category: queryMetadata
---
* The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.
2 changes: 1 addition & 1 deletion actions/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.30
lastReleaseVersion: 0.6.29
2 changes: 1 addition & 1 deletion actions/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.30
version: 0.6.30-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]
Expand Down
17 changes: 0 additions & 17 deletions cpp/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,3 @@
## 11.0.0

### Breaking Changes

* Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
* Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
* Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.
* Removed the deprecated `exprExits` predicate from `Options.qll`. Use `CustomOptions.exprExits` instead.
* Removed the deprecated `alwaysCheckReturnValue` predicate from `Options.qll`. Use `CustomOptions.alwaysCheckReturnValue` instead.
* Removed the deprecated `okToIgnoreReturnValue` predicate from `Options.qll`. Use `CustomOptions.okToIgnoreReturnValue` instead.
* Removed the deprecated `semmle.code.cpp.Member`. Import `semmle.code.cpp.Element` and/or `semmle.code.cpp.Type` directly.
* Removed the deprecated `UnknownDefaultLocation` class. Use `UnknownLocation` instead.
* Removed the deprecated `UnknownExprLocation` class. Use `UnknownLocation` instead.
* Removed the deprecated `UnknownStmtLocation` class. Use `UnknownLocation` instead.
* Removed the deprecated `TemplateParameter` class. Use `TypeTemplateParameter` instead.
* Support for class resolution across link targets has been removed for databases which were created with CodeQL versions before 1.23.0.

## 10.2.0

### Deprecated APIs
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
## 11.0.0

### Breaking Changes

---
category: breaking
---
* Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
* Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
* Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.
Expand Down
2 changes: 1 addition & 1 deletion cpp/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 11.0.0
lastReleaseVersion: 10.2.0
2 changes: 1 addition & 1 deletion cpp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 11.0.0
version: 10.2.1-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp
Expand Down
4 changes: 0 additions & 4 deletions cpp/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
## 1.6.5

No user-facing changes.

## 1.6.4

No user-facing changes.
Expand Down
3 changes: 0 additions & 3 deletions cpp/ql/src/change-notes/released/1.6.5.md

This file was deleted.

2 changes: 1 addition & 1 deletion cpp/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.6.5
lastReleaseVersion: 1.6.4
2 changes: 1 addition & 1 deletion cpp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.6.5
version: 1.6.5-dev
groups:
- cpp
- queries
Expand Down
4 changes: 0 additions & 4 deletions csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
## 1.7.69

No user-facing changes.

## 1.7.68

No user-facing changes.
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.69
lastReleaseVersion: 1.7.68
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.69
version: 1.7.69-dev
groups:
- csharp
- solorigate
Expand Down
4 changes: 0 additions & 4 deletions csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
## 1.7.69

No user-facing changes.

## 1.7.68

No user-facing changes.
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.69
lastReleaseVersion: 1.7.68
2 changes: 1 addition & 1 deletion csharp/ql/campaigns/Solorigate/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.69
version: 1.7.69-dev
groups:
- csharp
- solorigate
Expand Down
16 changes: 0 additions & 16 deletions csharp/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,19 +1,3 @@
## 7.0.0

### Breaking Changes

* Renamed types related to *operation* expressions. The QL classes `BinaryArithmeticOperation`, `BinaryBitwiseOperation`, and `BinaryLogicalOperation` now include compound assignments; for example, `BinaryArithmeticOperation` now includes `a += b`.

### Major Analysis Improvements

* Added Razor Page handler method parameters (e.g., `OnGet`, `OnPost`, `OnPostAsync`) as remote flow sources, enabling security queries such as `cs/sql-injection` to detect vulnerabilities in `PageModel` subclasses.

### Minor Analysis Improvements

* Improved property and indexer call target resolution for partially overridden properties and indexers.
* Improved extraction of range-access expressions on spans and strings (for example, `a[0..3]`). These expressions are now extracted as `Slice` (span) or `Substring` (string) calls.
* Improved call target resolution for ref-return properties and indexers.

## 6.0.2

### Minor Analysis Improvements
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Improved call target resolution for ref-return properties and indexers.
4 changes: 4 additions & 0 deletions csharp/ql/lib/change-notes/2026-05-21-spanaccess-range.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Improved extraction of range-access expressions on spans and strings (for example, `a[0..3]`). These expressions are now extracted as `Slice` (span) or `Substring` (string) calls.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Improved property and indexer call target resolution for partially overridden properties and indexers.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* Added Razor Page handler method parameters (e.g., `OnGet`, `OnPost`, `OnPostAsync`) as remote flow sources, enabling security queries such as `cs/sql-injection` to detect vulnerabilities in `PageModel` subclasses.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: breaking
---
* Renamed types related to *operation* expressions. The QL classes `BinaryArithmeticOperation`, `BinaryBitwiseOperation`, and `BinaryLogicalOperation` now include compound assignments; for example, `BinaryArithmeticOperation` now includes `a += b`.
15 changes: 0 additions & 15 deletions csharp/ql/lib/change-notes/released/7.0.0.md

This file was deleted.

2 changes: 1 addition & 1 deletion csharp/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.0.0
lastReleaseVersion: 6.0.2
2 changes: 1 addition & 1 deletion csharp/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 7.0.0
version: 6.0.3-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp
Expand Down
4 changes: 0 additions & 4 deletions csharp/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
## 1.7.5

No user-facing changes.

## 1.7.4

No user-facing changes.
Expand Down
3 changes: 0 additions & 3 deletions csharp/ql/src/change-notes/released/1.7.5.md

This file was deleted.

2 changes: 1 addition & 1 deletion csharp/ql/src/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.7.5
lastReleaseVersion: 1.7.4
2 changes: 1 addition & 1 deletion csharp/ql/src/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.7.5
version: 1.7.5-dev
groups:
- csharp
- queries
Expand Down
4 changes: 0 additions & 4 deletions go/ql/consistency-queries/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
## 1.0.52

No user-facing changes.

## 1.0.51

No user-facing changes.
Expand Down
3 changes: 0 additions & 3 deletions go/ql/consistency-queries/change-notes/released/1.0.52.md

This file was deleted.

2 changes: 1 addition & 1 deletion go/ql/consistency-queries/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.52
lastReleaseVersion: 1.0.51
2 changes: 1 addition & 1 deletion go/ql/consistency-queries/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.52
version: 1.0.52-dev
groups:
- go
- queries
Expand Down
17 changes: 0 additions & 17 deletions go/ql/lib/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,20 +1,3 @@
## 7.2.0

### Deprecated APIs

* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.

### Minor Analysis Improvements

* Added models for the `log/slog` package (Go 1.21+). Its logging functions and
`*slog.Logger` methods (`Debug`/`Info`/`Warn`/`Error`, their `Context`
variants, and `Log`/`LogAttrs`) are now recognized as logging sinks, so the
`go/log-injection` and `go/clear-text-logging` queries cover code that logs
through `slog`.
* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.
* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.
* More logging functions are now recognized as not returning or panicking.

## 7.1.2

No user-facing changes.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* More logging functions are now recognized as not returning or panicking.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: deprecated
---
* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.
4 changes: 4 additions & 0 deletions go/ql/lib/change-notes/2026-06-08-fix-result-nodes.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.
8 changes: 8 additions & 0 deletions go/ql/lib/change-notes/2026-06-17-model-log-slog.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
category: minorAnalysis
---
* Added models for the `log/slog` package (Go 1.21+). Its logging functions and
`*slog.Logger` methods (`Debug`/`Info`/`Warn`/`Error`, their `Context`
variants, and `Log`/`LogAttrs`) are now recognized as logging sinks, so the
`go/log-injection` and `go/clear-text-logging` queries cover code that logs
through `slog`.
16 changes: 0 additions & 16 deletions go/ql/lib/change-notes/released/7.2.0.md

This file was deleted.

2 changes: 1 addition & 1 deletion go/ql/lib/codeql-pack.release.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.2.0
lastReleaseVersion: 7.1.2
2 changes: 1 addition & 1 deletion go/ql/lib/qlpack.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: codeql/go-all
version: 7.2.0
version: 7.1.3-dev
groups: go
dbscheme: go.dbscheme
extractor: go
Expand Down
6 changes: 0 additions & 6 deletions go/ql/src/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,3 @@
## 1.6.5

### Minor Analysis Improvements

* The query `go/unhandled-writable-file-close` ("Writable file handle closed without error handling") now produces fewer false positives. A deferred call to `Close` that is preceded on every execution path by a handled call to `Sync` on the same file handle is no longer flagged.

## 1.6.4

No user-facing changes.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
## 1.6.5

### Minor Analysis Improvements

---
category: minorAnalysis
---
* The query `go/unhandled-writable-file-close` ("Writable file handle closed without error handling") now produces fewer false positives. A deferred call to `Close` that is preceded on every execution path by a handled call to `Sync` on the same file handle is no longer flagged.
Loading
Loading