diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 61cbcd1318ac..9f01040830c1 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,11 @@ +## 1.3.0 + +### New Features + +* Models-as-data alert provenance information has been extended to the C/C++ language. Any qltests that include the edges relation in their output (for example, `.qlref`s that reference path-problem queries) will need to be have their expected output updated accordingly. +* Added subclasses of `BuiltInOperations` for `__builtin_has_attribute`, `__builtin_is_corresponding_member`, `__builtin_is_pointer_interconvertible_with_class`, `__is_assignable_no_precondition_check`, `__is_bounded_array`, `__is_convertible`, `__is_corresponding_member`, `__is_nothrow_convertible`, `__is_pointer_interconvertible_with_class`, `__is_referenceable`, `__is_same_as`, `__is_trivially_copy_assignable`, `__is_unbounded_array`, `__is_valid_winrt_type`, `_is_win_class`, `__is_win_interface`, `__reference_binds_to_temporary`, `__reference_constructs_from_temporary`, and `__reference_converts_from_temporary`. +* The class `NewArrayExpr` adds a predicate `getArraySize()` to allow a more convenient way to access the static size of the array when the extent is missing. + ## 1.2.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2024-07-10-newarrayexpr-arraysize.md b/cpp/ql/lib/change-notes/2024-07-10-newarrayexpr-arraysize.md deleted file mode 100644 index 0a806c932432..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-10-newarrayexpr-arraysize.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The class `NewArrayExpr` adds a predicate `getArraySize()` to allow a more convenient way to access the static size of the array when the extent is missing. diff --git a/cpp/ql/lib/change-notes/2024-07-16-alert-provenance.md b/cpp/ql/lib/change-notes/2024-07-16-alert-provenance.md deleted file mode 100644 index 3f773028073b..000000000000 --- a/cpp/ql/lib/change-notes/2024-07-16-alert-provenance.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Models-as-data alert provenance information has been extended to the C/C++ language. Any qltests that include the edges relation in their output (for example, `.qlref`s that reference path-problem queries) will need to be have their expected output updated accordingly. diff --git a/cpp/ql/lib/change-notes/2024-07-11-additional-builtin-support.md b/cpp/ql/lib/change-notes/released/1.3.0.md similarity index 57% rename from cpp/ql/lib/change-notes/2024-07-11-additional-builtin-support.md rename to cpp/ql/lib/change-notes/released/1.3.0.md index f389283ad1e1..3c3010da96d3 100644 --- a/cpp/ql/lib/change-notes/2024-07-11-additional-builtin-support.md +++ b/cpp/ql/lib/change-notes/released/1.3.0.md @@ -1,4 +1,7 @@ ---- -category: feature ---- +## 1.3.0 + +### New Features + +* Models-as-data alert provenance information has been extended to the C/C++ language. Any qltests that include the edges relation in their output (for example, `.qlref`s that reference path-problem queries) will need to be have their expected output updated accordingly. * Added subclasses of `BuiltInOperations` for `__builtin_has_attribute`, `__builtin_is_corresponding_member`, `__builtin_is_pointer_interconvertible_with_class`, `__is_assignable_no_precondition_check`, `__is_bounded_array`, `__is_convertible`, `__is_corresponding_member`, `__is_nothrow_convertible`, `__is_pointer_interconvertible_with_class`, `__is_referenceable`, `__is_same_as`, `__is_trivially_copy_assignable`, `__is_unbounded_array`, `__is_valid_winrt_type`, `_is_win_class`, `__is_win_interface`, `__reference_binds_to_temporary`, `__reference_constructs_from_temporary`, and `__reference_converts_from_temporary`. +* The class `NewArrayExpr` adds a predicate `getArraySize()` to allow a more convenient way to access the static size of the array when the extent is missing. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 75430e73d1c4..ec16350ed6fd 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.0 +lastReleaseVersion: 1.3.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 6b3f05d5f7c1..aee0698f32a7 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 1.2.1-dev +version: 1.3.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index badaa459be17..9f10be7db909 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 1.1.0 + +### Query Metadata Changes + +* The precision of `cpp/iterator-to-expired-container` ("Iterator to expired container") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. +* The precision of `cpp/unsafe-strncat` ("Potentially unsafe call to strncat") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* The `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") query now produces fewer false positives. + ## 1.0.3 No user-facing changes. diff --git a/cpp/ql/src/change-notes/2024-07-08-unsafe-strncat-query.md b/cpp/ql/src/change-notes/2024-07-08-unsafe-strncat-query.md deleted file mode 100644 index a85958bc6ba8..000000000000 --- a/cpp/ql/src/change-notes/2024-07-08-unsafe-strncat-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The precision of `cpp/unsafe-strncat` ("Potentially unsafe call to strncat") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. diff --git a/cpp/ql/src/change-notes/2024-07-11-iterator-to-expired-container-query.md b/cpp/ql/src/change-notes/2024-07-11-iterator-to-expired-container-query.md deleted file mode 100644 index 37d1f9eda4a9..000000000000 --- a/cpp/ql/src/change-notes/2024-07-11-iterator-to-expired-container-query.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The precision of `cpp/iterator-to-expired-container` ("Iterator to expired container") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. diff --git a/cpp/ql/src/change-notes/2024-07-16-unsigned-difference-expression-compared-zero-.md b/cpp/ql/src/change-notes/2024-07-16-unsigned-difference-expression-compared-zero-.md deleted file mode 100644 index a4fb27acc413..000000000000 --- a/cpp/ql/src/change-notes/2024-07-16-unsigned-difference-expression-compared-zero-.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") query now produces fewer false positives. diff --git a/cpp/ql/src/change-notes/released/1.1.0.md b/cpp/ql/src/change-notes/released/1.1.0.md new file mode 100644 index 000000000000..50e703a5814a --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.1.0.md @@ -0,0 +1,10 @@ +## 1.1.0 + +### Query Metadata Changes + +* The precision of `cpp/iterator-to-expired-container` ("Iterator to expired container") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. +* The precision of `cpp/unsafe-strncat` ("Potentially unsafe call to strncat") has been increased to `high`. As a result, it will be run by default as part of the Code Scanning suite. + +### Minor Analysis Improvements + +* The `cpp/unsigned-difference-expression-compared-zero` ("Unsigned difference expression compared to zero") query now produces fewer false positives. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 06fa75b96cbc..2ac15439f561 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.1.0 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index ec7e9e095edf..179bbafe4ac8 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.0.4-dev +version: 1.1.0 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 4f04af923035..503822fbd684 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.21 + +No user-facing changes. + ## 1.7.20 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.21.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.21.md new file mode 100644 index 000000000000..bdd54f47083c --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.21.md @@ -0,0 +1,3 @@ +## 1.7.21 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 747131a0b2b8..87eff681b88a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.20 +lastReleaseVersion: 1.7.21 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 30856be18e23..593ee8b9125b 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.21-dev +version: 1.7.21 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 4f04af923035..503822fbd684 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.21 + +No user-facing changes. + ## 1.7.20 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.21.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.21.md new file mode 100644 index 000000000000..bdd54f47083c --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.21.md @@ -0,0 +1,3 @@ +## 1.7.21 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 747131a0b2b8..87eff681b88a 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.20 +lastReleaseVersion: 1.7.21 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 434601dad84d..3182e69d6725 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.21-dev +version: 1.7.21 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 6abef1b2c046..e8db03319514 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/released/1.0.4.md b/csharp/ql/lib/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 28319e6dc996..97d1ed9a8921 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 1.0.4-dev +version: 1.0.4 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 5edbf9229620..0b2583745f1e 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/csharp/ql/src/change-notes/released/1.0.4.md b/csharp/ql/src/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 1805c054d6b8..73aed8329dec 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.0.4-dev +version: 1.0.4 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 86a6976ddc7c..bdc66d513224 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.4.md b/go/ql/consistency-queries/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 66c00f275bd7..e3561decdf01 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.4-dev +version: 1.0.4 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 875c2809beb3..ed4e9b3750f8 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.3 + +### Minor Analysis Improvements + +* There was a bug which meant that the built-in function `clear` was considered as a sanitizer in some cases when it shouldn't have been. This has now been fixed, which may lead to more alerts. + ## 1.1.2 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2024-07-08-fix-clear-sanitizer.md b/go/ql/lib/change-notes/released/1.1.3.md similarity index 81% rename from go/ql/lib/change-notes/2024-07-08-fix-clear-sanitizer.md rename to go/ql/lib/change-notes/released/1.1.3.md index 711287f6a89a..d97cd24d93ca 100644 --- a/go/ql/lib/change-notes/2024-07-08-fix-clear-sanitizer.md +++ b/go/ql/lib/change-notes/released/1.1.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.1.3 + +### Minor Analysis Improvements + * There was a bug which meant that the built-in function `clear` was considered as a sanitizer in some cases when it shouldn't have been. This has now been fixed, which may lead to more alerts. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 53ab127707fc..35e710ab1bf0 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.2 +lastReleaseVersion: 1.1.3 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 34fec580e8c0..7e0622a6f07c 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 1.1.3-dev +version: 1.1.3 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index f02101176a92..7248057e4089 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.0.4.md b/go/ql/src/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/go/ql/src/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 27c6eaf86a9b..8438e3c589c7 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.0.4-dev +version: 1.0.4 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 6e2e78d0a637..7ef174ca56a5 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/1.0.4.md b/java/ql/automodel/src/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index ad247f25bf1b..096cba6156aa 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 1.0.4-dev +version: 1.0.4 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index d4ceec95093c..07b324f259c5 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,24 @@ +## 2.0.0 + +### Breaking Changes + +* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable. + +### Deprecated APIs + +* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead. + +### New Features + +* Kotlin support is now out of beta, and generally available +* Kotlin versions up to 2.0.2*x* are now supported. + +### Minor Analysis Improvements + +* Added a path-injection sink for `hudson.FilePath.exists()`. +* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`. +* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review. + ## 1.1.2 ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md b/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md deleted file mode 100644 index 3c1ab0de8e25..000000000000 --- a/java/ql/lib/change-notes/2024-06-12-isandroid-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead. diff --git a/java/ql/lib/change-notes/2024-06-19-kotlin-2.0.20.md b/java/ql/lib/change-notes/2024-06-19-kotlin-2.0.20.md deleted file mode 100644 index f9023051191b..000000000000 --- a/java/ql/lib/change-notes/2024-06-19-kotlin-2.0.20.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin versions up to 2.0.2\ *x* are now supported. diff --git a/java/ql/lib/change-notes/2024-06-25-java-tools-status.md b/java/ql/lib/change-notes/2024-06-25-java-tools-status.md deleted file mode 100644 index 67a72a12bb73..000000000000 --- a/java/ql/lib/change-notes/2024-06-25-java-tools-status.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review. diff --git a/java/ql/lib/change-notes/2024-07-03-env-var-semmle-dist.md b/java/ql/lib/change-notes/2024-07-03-env-var-semmle-dist.md deleted file mode 100644 index 372bed1eb662..000000000000 --- a/java/ql/lib/change-notes/2024-07-03-env-var-semmle-dist.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable. diff --git a/java/ql/lib/change-notes/2024-07-11-FilePath-exists-sink.md b/java/ql/lib/change-notes/2024-07-11-FilePath-exists-sink.md deleted file mode 100644 index 0c8f80cb7155..000000000000 --- a/java/ql/lib/change-notes/2024-07-11-FilePath-exists-sink.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added a path-injection sink for `hudson.FilePath.exists()`. diff --git a/java/ql/lib/change-notes/2024-07-11-kotlin-ga.md b/java/ql/lib/change-notes/2024-07-11-kotlin-ga.md deleted file mode 100644 index 24d6c5d7d76c..000000000000 --- a/java/ql/lib/change-notes/2024-07-11-kotlin-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Kotlin support is now out of beta, and generally available diff --git a/java/ql/lib/change-notes/2024-07-11-toByteArray-summary.md b/java/ql/lib/change-notes/2024-07-11-toByteArray-summary.md deleted file mode 100644 index b24905cb9e73..000000000000 --- a/java/ql/lib/change-notes/2024-07-11-toByteArray-summary.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`. diff --git a/java/ql/lib/change-notes/released/2.0.0.md b/java/ql/lib/change-notes/released/2.0.0.md new file mode 100644 index 000000000000..3f451d0e5bba --- /dev/null +++ b/java/ql/lib/change-notes/released/2.0.0.md @@ -0,0 +1,20 @@ +## 2.0.0 + +### Breaking Changes + +* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable. + +### Deprecated APIs + +* The predicate `isAndroid` from the module `semmle.code.java.security.AndroidCertificatePinningQuery` has been deprecated. Use `semmle.code.java.frameworks.android.Android::inAndroidApplication(File)` instead. + +### New Features + +* Kotlin support is now out of beta, and generally available +* Kotlin versions up to 2.0.2*x* are now supported. + +### Minor Analysis Improvements + +* Added a path-injection sink for `hudson.FilePath.exists()`. +* Added summary models for `org.apache.commons.io.IOUtils.toByteArray`. +* Java build-mode `none` analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 53ab127707fc..0abe6ccede0f 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.2 +lastReleaseVersion: 2.0.0 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 9d64327d6d8f..cf98ca82d81a 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 1.1.3-dev +version: 2.0.0 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 30ac37246bbd..687e54f3d9b5 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* The heuristic to enable certain Android queries has been improved. Now it ignores Android Manifests which don't define an activity, content provider or service. We also only consider files which are under a folder containing such an Android Manifest for these queries. This should remove some false positive alerts. + ## 1.1.0 ### Major Analysis Improvements diff --git a/java/ql/src/change-notes/2024-07-07-android-application-heuristic-updated.md b/java/ql/src/change-notes/released/1.1.1.md similarity index 88% rename from java/ql/src/change-notes/2024-07-07-android-application-heuristic-updated.md rename to java/ql/src/change-notes/released/1.1.1.md index fbf24383c192..e8403c4e15af 100644 --- a/java/ql/src/change-notes/2024-07-07-android-application-heuristic-updated.md +++ b/java/ql/src/change-notes/released/1.1.1.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.1.1 + +### Minor Analysis Improvements + * The heuristic to enable certain Android queries has been improved. Now it ignores Android Manifests which don't define an activity, content provider or service. We also only consider files which are under a folder containing such an Android Manifest for these queries. This should remove some false positive alerts. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 65236db5e552..66b53f469396 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.1.1-dev +version: 1.1.1 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index c5df4d5fa276..182f9a9685c5 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.1 + +No user-facing changes. + ## 1.1.0 ### Major Analysis Improvements diff --git a/javascript/ql/lib/change-notes/released/1.1.1.md b/javascript/ql/lib/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..7fb56d366105 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/1.1.1.md @@ -0,0 +1,3 @@ +## 1.1.1 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 23b7ec9240a6..651f453bcede 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 1.1.1-dev +version: 1.1.1 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index a3d09c1e02ba..0f30798ecd18 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,17 @@ +## 1.1.0 + +### New Queries + +* Added a new query, `js/insecure-helmet-configuration`, to detect instances where Helmet middleware is configured with important security features disabled. + +### Minor Analysis Improvements + +* Added a new query, `js/functionality-from-untrusted-domain`, which detects uses in HTML and JavaScript scripts from untrusted domains, including the `polyfill.io` content delivery network + * it can be extended to detect other compromised scripts using user-provided data extensions of the `untrustedDomain` predicate, which takes one string argument with the domain to warn on (and will warn on any subdomains too). +* Modified existing query, `js/functionality-from-untrusted-source`, to allow adding this new query, but reusing the same logic + * Added the ability to use data extensions to require SRI on CDN hostnames using the `isCdnDomainWithCheckingRequired` predicate, which takes one string argument of the full hostname to require SRI for. +* Created a new library, `semmle.javascript.security.FunctionalityFromUntrustedSource`, to support both queries. + ## 1.0.3 ### Minor Analysis Improvements diff --git a/javascript/ql/src/change-notes/2024-06-19-insecure-helmet-config.md b/javascript/ql/src/change-notes/2024-06-19-insecure-helmet-config.md deleted file mode 100644 index bee7ccb8fb94..000000000000 --- a/javascript/ql/src/change-notes/2024-06-19-insecure-helmet-config.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: newQuery ---- -* Added a new query, `js/insecure-helmet-configuration`, to detect instances where Helmet middleware is configured with important security features disabled. diff --git a/javascript/ql/src/change-notes/2024-07-08-functionality-from-untrusted-domain.md b/javascript/ql/src/change-notes/released/1.1.0.md similarity index 79% rename from javascript/ql/src/change-notes/2024-07-08-functionality-from-untrusted-domain.md rename to javascript/ql/src/change-notes/released/1.1.0.md index 48a524c0d98f..81883a0d44f0 100644 --- a/javascript/ql/src/change-notes/2024-07-08-functionality-from-untrusted-domain.md +++ b/javascript/ql/src/change-notes/released/1.1.0.md @@ -1,6 +1,11 @@ ---- -category: minorAnalysis ---- +## 1.1.0 + +### New Queries + +* Added a new query, `js/insecure-helmet-configuration`, to detect instances where Helmet middleware is configured with important security features disabled. + +### Minor Analysis Improvements + * Added a new query, `js/functionality-from-untrusted-domain`, which detects uses in HTML and JavaScript scripts from untrusted domains, including the `polyfill.io` content delivery network * it can be extended to detect other compromised scripts using user-provided data extensions of the `untrustedDomain` predicate, which takes one string argument with the domain to warn on (and will warn on any subdomains too). * Modified existing query, `js/functionality-from-untrusted-source`, to allow adding this new query, but reusing the same logic diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 06fa75b96cbc..2ac15439f561 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.1.0 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 96db5feb0c84..113e769b9fc0 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.0.4-dev +version: 1.1.0 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index d38834ba2efa..9f92ac20b255 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.4.md b/misc/suite-helpers/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index a8a38a7cbd3a..14e15f3b9a99 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.4-dev +version: 1.0.4 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 65d784e6456f..382efff551c6 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.0.4 + +### Minor Analysis Improvements + +* Additional modelling to detect direct writes to the `Set-Cookie` header has been added for several web frameworks. + ## 1.0.3 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2024-06-24-cookie-header-writes.md b/python/ql/lib/change-notes/2024-06-24-cookie-header-writes.md deleted file mode 100644 index 583e0f44c059..000000000000 --- a/python/ql/lib/change-notes/2024-06-24-cookie-header-writes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Additional modelling has been added to detect cookie writes from direct writes to the `Set-Cookie` header have been added for several web frameworks. \ No newline at end of file diff --git a/python/ql/lib/change-notes/released/1.0.4.md b/python/ql/lib/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..9da90a6cc331 --- /dev/null +++ b/python/ql/lib/change-notes/released/1.0.4.md @@ -0,0 +1,5 @@ +## 1.0.4 + +### Minor Analysis Improvements + +* Additional modelling to detect direct writes to the `Set-Cookie` header has been added for several web frameworks. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index f72b0c14f5b6..fdb646bad178 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 1.0.4-dev +version: 1.0.4 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 1015dd241444..b386509bd979 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 ### Minor Analysis Improvements diff --git a/python/ql/src/change-notes/released/1.0.4.md b/python/ql/src/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/python/ql/src/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index e12dd9874956..698c52f9e8f6 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.0.4-dev +version: 1.0.4 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 140cdd2cdba6..865dc997f3a6 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/released/1.0.4.md b/ruby/ql/lib/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index caf4ecc62ec4..bf914c07196d 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 1.0.4-dev +version: 1.0.4 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 766deb435824..ac5d0c7525c0 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.0.4.md b/ruby/ql/src/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index c6503d479c3e..3ef18acf2317 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.0.4-dev +version: 1.0.4 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index dab49cbe6077..047afa97e510 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/1.0.4.md b/shared/controlflow/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/controlflow/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 72d92972d099..0b055d4c623d 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index ae88f0beac81..ca6c7165b9bf 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/1.0.4.md b/shared/dataflow/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/dataflow/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 16e7e9af0d2c..283e277909d3 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 1b49bf2fb068..8680f86e786b 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.4.md b/shared/mad/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 3f35765b5d4b..8167a79b21bc 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 5093ac17ebd2..a33a857c9057 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.4.md b/shared/rangeanalysis/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 27fc3198a4d4..9490c61761c9 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index bc4c3b902b9a..d78925faba07 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.4.md b/shared/regex/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 37f373538117..b12651a80358 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 397322fcfd8a..1a64a39471c8 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/ssa/change-notes/released/1.0.4.md b/shared/ssa/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/ssa/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index ed7467eebf46..efdee4d845a1 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 86a6976ddc7c..bdc66d513224 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.4.md b/shared/threat-models/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 1f80ebd49831..fc944afcd9c5 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.4-dev +version: 1.0.4 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 6212f4cebc70..ad8f62a4e9d5 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.4.md b/shared/tutorial/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 86c983bb0809..eb3fbc4b6f68 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 4cf16f9cb1e6..b9366dadb5c1 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.4.md b/shared/typeflow/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index a7590994015b..4f43727f40da 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 7a288c03bd9b..d17f150b27b2 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/1.0.4.md b/shared/typetracking/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/typetracking/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index b83dc5590577..14b58f18a559 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 27be8dccdaad..d323c0974fe2 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.4.md b/shared/typos/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 459e9b92621b..353c40e472ed 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index b098bee611b1..6042620d77cb 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/util/change-notes/released/1.0.4.md b/shared/util/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/util/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 4df8f4c4e46c..a4fcfad3f4b0 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 36b6e75f8033..1323436e6b2f 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.4.md b/shared/xml/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 832ce27a19c1..f23031247414 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 49b8a5aeb8c8..cd2c2e92ddfd 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.4.md b/shared/yaml/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 57b7890f9bbc..6135b64ec830 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.4-dev +version: 1.0.4 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index 0630a303d73d..21e8b74bb023 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 1.1.0 + +### New Features + +* Swift support is now out of beta, and generally available. + +### Minor Analysis Improvements + +* Additional heuristics for sensitive private information have been added to the `SensitiveExprs.qll` library, improving coverage for credit card and social security numbers. This may result in additional results for queries that use sensitive data such as `swift/cleartext-transmission`. + ## 1.0.3 No user-facing changes. diff --git a/swift/ql/lib/change-notes/2024-07-11-swift-ga.md b/swift/ql/lib/change-notes/2024-07-11-swift-ga.md deleted file mode 100644 index e50a30741574..000000000000 --- a/swift/ql/lib/change-notes/2024-07-11-swift-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Swift support is now out of beta, and generally available. diff --git a/swift/ql/lib/change-notes/2024-05-23-sensitive-data.md b/swift/ql/lib/change-notes/released/1.1.0.md similarity index 70% rename from swift/ql/lib/change-notes/2024-05-23-sensitive-data.md rename to swift/ql/lib/change-notes/released/1.1.0.md index f42901c45895..fd8955658fc5 100644 --- a/swift/ql/lib/change-notes/2024-05-23-sensitive-data.md +++ b/swift/ql/lib/change-notes/released/1.1.0.md @@ -1,4 +1,9 @@ ---- -category: minorAnalysis ---- +## 1.1.0 + +### New Features + +* Swift support is now out of beta, and generally available. + +### Minor Analysis Improvements + * Additional heuristics for sensitive private information have been added to the `SensitiveExprs.qll` library, improving coverage for credit card and social security numbers. This may result in additional results for queries that use sensitive data such as `swift/cleartext-transmission`. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index 06fa75b96cbc..2ac15439f561 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.1.0 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index c6bd37e62152..cbb2fa19bf56 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 1.0.4-dev +version: 1.1.0 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index f08ae688531c..ca26ff94f225 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.4 + +No user-facing changes. + ## 1.0.3 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.0.4.md b/swift/ql/src/change-notes/released/1.0.4.md new file mode 100644 index 000000000000..d0255e750ff9 --- /dev/null +++ b/swift/ql/src/change-notes/released/1.0.4.md @@ -0,0 +1,3 @@ +## 1.0.4 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 06fa75b96cbc..03f7ea71b58e 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.3 +lastReleaseVersion: 1.0.4 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 62409f64983c..bcd1861583a9 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.0.4-dev +version: 1.0.4 groups: - swift - queries