diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 5dec13e72b52..c458d28ec7dc 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,18 @@ +## 0.11.0 + +### Breaking Changes + +* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead. + +### New Features + +* Added a new class `AdditionalCallTarget` for specifying additional call targets. + +### Minor Analysis Improvements + +* More field accesses are identified as `ImplicitThisFieldAccess`. +* Added support for new floating-point types in C23 and C++23. + ## 0.10.1 ### Minor Analysis Improvements diff --git a/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md b/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md deleted file mode 100644 index 9c30d6eddd85..000000000000 --- a/cpp/ql/lib/change-notes/2023-09-04-more-floating-point-types.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for new floating-point types in C23 and C++23. diff --git a/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md b/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md deleted file mode 100644 index f87fba1f1720..000000000000 --- a/cpp/ql/lib/change-notes/2023-10-12-additional-call-targets.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added a new class `AdditionalCallTarget` for specifying additional call targets. diff --git a/cpp/ql/lib/change-notes/2023-10-20-implicit-this.md b/cpp/ql/lib/change-notes/2023-10-20-implicit-this.md deleted file mode 100644 index 7d915e158491..000000000000 --- a/cpp/ql/lib/change-notes/2023-10-20-implicit-this.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* More field accesses are identified as `ImplicitThisFieldAccess`. diff --git a/cpp/ql/lib/change-notes/2023-10-24-remove-getlocation-from-folder.md b/cpp/ql/lib/change-notes/2023-10-24-remove-getlocation-from-folder.md deleted file mode 100644 index f2b168949a6a..000000000000 --- a/cpp/ql/lib/change-notes/2023-10-24-remove-getlocation-from-folder.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: breaking ---- -* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead. diff --git a/cpp/ql/lib/change-notes/released/0.11.0.md b/cpp/ql/lib/change-notes/released/0.11.0.md new file mode 100644 index 000000000000..1e8ddaff0403 --- /dev/null +++ b/cpp/ql/lib/change-notes/released/0.11.0.md @@ -0,0 +1,14 @@ +## 0.11.0 + +### Breaking Changes + +* The `Container` and `Folder` classes now derive from `ElementBase` instead of `Locatable`, and no longer expose the `getLocation` predicate. Use `getURL` instead. + +### New Features + +* Added a new class `AdditionalCallTarget` for specifying additional call targets. + +### Minor Analysis Improvements + +* More field accesses are identified as `ImplicitThisFieldAccess`. +* Added support for new floating-point types in C23 and C++23. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index af7510b3cd65..fce68697d682 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.10.1 +lastReleaseVersion: 0.11.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 06ce6589b7b6..90a71eb72afd 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 0.10.2-dev +version: 0.11.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index b5fba0867aca..487feb533c4f 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### New Queries diff --git a/cpp/ql/src/change-notes/released/0.8.2.md b/cpp/ql/src/change-notes/released/0.8.2.md new file mode 100644 index 000000000000..11c1f6119a57 --- /dev/null +++ b/cpp/ql/src/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index ae91e0bd858d..70d2ef73c8cf 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 0.8.2-dev +version: 0.8.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 6d013d8ce69a..8e37908e0fc1 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.2 + +No user-facing changes. + ## 1.7.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.2.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.2.md new file mode 100644 index 000000000000..b950385c16d7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.2.md @@ -0,0 +1,3 @@ +## 1.7.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 7bdec0d85c73..39bbba86c198 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.1 +lastReleaseVersion: 1.7.2 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index ab51dd176298..139a71e8b7b8 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.2-dev +version: 1.7.2 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 6d013d8ce69a..8e37908e0fc1 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.2 + +No user-facing changes. + ## 1.7.1 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.2.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.2.md new file mode 100644 index 000000000000..b950385c16d7 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.2.md @@ -0,0 +1,3 @@ +## 1.7.2 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 7bdec0d85c73..39bbba86c198 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.1 +lastReleaseVersion: 1.7.2 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index a7e94bb3774a..434e3037ac6b 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.2-dev +version: 1.7.2 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 8c7b2cd062cc..71fbec9d4fef 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/released/0.8.2.md b/csharp/ql/lib/change-notes/released/0.8.2.md new file mode 100644 index 000000000000..11c1f6119a57 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2ac975f10037..10cdf042be02 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 0.8.2-dev +version: 0.8.2 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index e1d837bb40b3..7246cba39cbb 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/released/0.8.2.md b/csharp/ql/src/change-notes/released/0.8.2.md new file mode 100644 index 000000000000..11c1f6119a57 --- /dev/null +++ b/csharp/ql/src/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 54fe066d0963..6e6e3d3c6ec7 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 0.8.2-dev +version: 0.8.2 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md new file mode 100644 index 000000000000..59b60bad0f37 --- /dev/null +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/0.0.1.md b/go/ql/consistency-queries/change-notes/released/0.0.1.md new file mode 100644 index 000000000000..59b60bad0f37 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/0.0.1.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml new file mode 100644 index 000000000000..c6933410b71c --- /dev/null +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.1 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 01232241fc14..6b5870aa4063 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 0.0.0 +version: 0.0.1 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 20567a56d406..62d802b584a1 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.7.2 + +### Minor Analysis Improvements + +* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers. + +### Bug Fixes + +* Fixed a bug where data flow nodes in files that are not in the project being analyzed (such as libraries) and are not contained within a function were not given an enclosing `Callable`. Note that for nodes that are not contained within a function, the enclosing callable is considered to be the file itself. This may cause some minor changes to results. + ## 0.7.1 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2023-10-25-reflectedxss-cookie-sanitizer.md b/go/ql/lib/change-notes/2023-10-25-reflectedxss-cookie-sanitizer.md deleted file mode 100644 index efb8faee097a..000000000000 --- a/go/ql/lib/change-notes/2023-10-25-reflectedxss-cookie-sanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers. \ No newline at end of file diff --git a/go/ql/lib/change-notes/2023-10-20-enclosing-callable-for-external-files.md b/go/ql/lib/change-notes/released/0.7.2.md similarity index 69% rename from go/ql/lib/change-notes/2023-10-20-enclosing-callable-for-external-files.md rename to go/ql/lib/change-notes/released/0.7.2.md index 59a646c2c8cb..1124a5c1ecde 100644 --- a/go/ql/lib/change-notes/2023-10-20-enclosing-callable-for-external-files.md +++ b/go/ql/lib/change-notes/released/0.7.2.md @@ -1,4 +1,9 @@ ---- -category: fix ---- +## 0.7.2 + +### Minor Analysis Improvements + +* Added [Request.Cookie](https://pkg.go.dev/net/http#Request.Cookie) to reflected XSS sanitizers. + +### Bug Fixes + * Fixed a bug where data flow nodes in files that are not in the project being analyzed (such as libraries) and are not contained within a function were not given an enclosing `Callable`. Note that for nodes that are not contained within a function, the enclosing callable is considered to be the file itself. This may cause some minor changes to results. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index e007a9aec3e9..fee171e96850 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index ddc9956180c8..5ad8bf980c9d 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 0.7.2-dev +version: 0.7.2 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 7ceadcda7452..9770cc59b489 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.7.2 + +### Minor Analysis Improvements + +* The query `go/incorrect-integer-conversion` now correctly recognizes more guards of the form `if val <= x` to protect a conversion `uintX(val)`. + ## 0.7.1 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/2023-10-27-incorrect-integer-conversion-guards.md b/go/ql/src/change-notes/released/0.7.2.md similarity index 77% rename from go/ql/src/change-notes/2023-10-27-incorrect-integer-conversion-guards.md rename to go/ql/src/change-notes/released/0.7.2.md index 2c5f163879f9..e80b0ffa52a5 100644 --- a/go/ql/src/change-notes/2023-10-27-incorrect-integer-conversion-guards.md +++ b/go/ql/src/change-notes/released/0.7.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.7.2 + +### Minor Analysis Improvements + * The query `go/incorrect-integer-conversion` now correctly recognizes more guards of the form `if val <= x` to protect a conversion `uintX(val)`. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index e007a9aec3e9..fee171e96850 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 99573ffaa5d6..9309b1db4edf 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 0.7.2-dev +version: 0.7.2 groups: - go - queries diff --git a/java/ql/automodel/src/CHANGELOG.md b/java/ql/automodel/src/CHANGELOG.md index 89d062a2a24e..88b3b77ee451 100644 --- a/java/ql/automodel/src/CHANGELOG.md +++ b/java/ql/automodel/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.7 + +No user-facing changes. + ## 0.0.6 No user-facing changes. diff --git a/java/ql/automodel/src/change-notes/released/0.0.7.md b/java/ql/automodel/src/change-notes/released/0.0.7.md new file mode 100644 index 000000000000..84da6f18c42e --- /dev/null +++ b/java/ql/automodel/src/change-notes/released/0.0.7.md @@ -0,0 +1,3 @@ +## 0.0.7 + +No user-facing changes. diff --git a/java/ql/automodel/src/codeql-pack.release.yml b/java/ql/automodel/src/codeql-pack.release.yml index cf398ce02aa4..a2a5484910bc 100644 --- a/java/ql/automodel/src/codeql-pack.release.yml +++ b/java/ql/automodel/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.6 +lastReleaseVersion: 0.0.7 diff --git a/java/ql/automodel/src/qlpack.yml b/java/ql/automodel/src/qlpack.yml index a157feb9ebea..6bf7e6eed82c 100644 --- a/java/ql/automodel/src/qlpack.yml +++ b/java/ql/automodel/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-automodel-queries -version: 0.0.7-dev +version: 0.0.7 groups: - java - automodel diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index aad04cf36ded..0bfe85bbcf64 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,16 @@ +## 0.8.2 + +### Minor Analysis Improvements + +* Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced. +* New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference. +* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`. +* Added models for the following packages: + + * com.alibaba.fastjson2 + * javax.management + * org.apache.http.client.utils + ## 0.8.1 ### New Features diff --git a/java/ql/lib/change-notes/2023-10-17-new-models.md b/java/ql/lib/change-notes/2023-10-17-new-models.md deleted file mode 100644 index 2b1c5ae42471..000000000000 --- a/java/ql/lib/change-notes/2023-10-17-new-models.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -category: minorAnalysis ---- -* Added models for the following packages: - - * com.alibaba.fastjson2 - * javax.management - * org.apache.http.client.utils diff --git a/java/ql/lib/change-notes/2023-10-23-spring-6-models.md b/java/ql/lib/change-notes/2023-10-23-spring-6-models.md deleted file mode 100644 index 8c4f9f938f24..000000000000 --- a/java/ql/lib/change-notes/2023-10-23-spring-6-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`. diff --git a/java/ql/lib/change-notes/2023-10-24-java-renames.md b/java/ql/lib/change-notes/released/0.8.2.md similarity index 66% rename from java/ql/lib/change-notes/2023-10-24-java-renames.md rename to java/ql/lib/change-notes/released/0.8.2.md index e6aebad211cc..15436016ac20 100644 --- a/java/ql/lib/change-notes/2023-10-24-java-renames.md +++ b/java/ql/lib/change-notes/released/0.8.2.md @@ -1,5 +1,12 @@ ---- -category: minorAnalysis ---- +## 0.8.2 + +### Minor Analysis Improvements + * Java classes `MethodAccess`, `LValue` and `RValue` were renamed to `MethodCall`, `VarWrite` and `VarRead` respectively, along with related predicates and class names. The old names remain usable for the time being but are deprecated and should be replaced. * New class `NewClassExpr` was added to represent specifically an explicit `new ClassName(...)` invocation, in contrast to `ClassInstanceExpr` which also includes expressions that implicitly instantiate classes, such as defining a lambda or taking a method reference. +* Added up to date models related to Spring Framework 6's `org.springframework.http.ResponseEntity`. +* Added models for the following packages: + + * com.alibaba.fastjson2 + * javax.management + * org.apache.http.client.utils diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 2261427469eb..d53723702ac0 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 0.8.2-dev +version: 0.8.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index c0a6261d914c..264532fc787e 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.8.2 + +### Minor Analysis Improvements + +* java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts. +* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md b/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md deleted file mode 100644 index 94462f0f8c38..000000000000 --- a/java/ql/src/change-notes/2023-10-16-spring-disabled-csrf-protection-improved.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring. diff --git a/java/ql/src/change-notes/2023-10-20-lines-of-code.md b/java/ql/src/change-notes/released/0.8.2.md similarity index 59% rename from java/ql/src/change-notes/2023-10-20-lines-of-code.md rename to java/ql/src/change-notes/released/0.8.2.md index b6b49aba7f95..eca4e923e25e 100644 --- a/java/ql/src/change-notes/2023-10-20-lines-of-code.md +++ b/java/ql/src/change-notes/released/0.8.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.8.2 + +### Minor Analysis Improvements + * java/summary/lines-of-code now gives the total number of lines of Java and Kotlin code, and is the only query tagged `lines-of-code`. java/summary/lines-of-code-java and java/summary/lines-of-code-kotlin give the per-language counts. +* The query `java/spring-disabled-csrf-protection` has been improved to detect more ways of disabling CSRF in Spring. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index 1491aeaf8a51..bc71d4bb0541 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 0.8.2-dev +version: 0.8.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 53155773c3df..b72e86cd41dd 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/javascript/ql/lib/change-notes/released/0.8.2.md b/javascript/ql/lib/change-notes/released/0.8.2.md new file mode 100644 index 000000000000..11c1f6119a57 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index ebd48dfeffa1..8180fb4d4404 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 0.8.2-dev +version: 0.8.2 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 1effcdfa16df..922190dac290 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.8.2 + +### Minor Analysis Improvements + +* Added modeling for importing `express-rate-limit` using a named import. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/javascript/ql/src/change-notes/2023-10-26-express-rate-limit.md b/javascript/ql/src/change-notes/released/0.8.2.md similarity index 63% rename from javascript/ql/src/change-notes/2023-10-26-express-rate-limit.md rename to javascript/ql/src/change-notes/released/0.8.2.md index 28804e979083..a3d132b9000e 100644 --- a/javascript/ql/src/change-notes/2023-10-26-express-rate-limit.md +++ b/javascript/ql/src/change-notes/released/0.8.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.8.2 + +### Minor Analysis Improvements + * Added modeling for importing `express-rate-limit` using a named import. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 3cba824d8f76..72b45ca13d81 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 0.8.2-dev +version: 0.8.2 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index a3fe08e3d496..f81fff6a15df 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.7.2 + +No user-facing changes. + ## 0.7.1 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/0.7.2.md b/misc/suite-helpers/change-notes/released/0.7.2.md new file mode 100644 index 000000000000..8693d609ec73 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/0.7.2.md @@ -0,0 +1,3 @@ +## 0.7.2 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index e007a9aec3e9..fee171e96850 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.7.1 +lastReleaseVersion: 0.7.2 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index e8285dc5fcc4..6de31f4d4217 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 0.7.2-dev +version: 0.7.2 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index e3d2d5574a02..c3739b0bfc12 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 0.11.2 + +### Minor Analysis Improvements + +* Added support for functions decorated with `contextlib.contextmanager`. +* Namespace packages in the form of regular packages with missing `__init__.py`-files are now allowed. This enables the analysis to resolve modules and functions inside such packages. + ## 0.11.1 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2023-10-17-contextmanager.md b/python/ql/lib/change-notes/2023-10-17-contextmanager.md deleted file mode 100644 index dabd03a7257e..000000000000 --- a/python/ql/lib/change-notes/2023-10-17-contextmanager.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for functions decorated with `contextlib.contextmanager`. diff --git a/python/ql/lib/change-notes/2023-09-29-allow-namespace-packages.md b/python/ql/lib/change-notes/released/0.11.2.md similarity index 60% rename from python/ql/lib/change-notes/2023-09-29-allow-namespace-packages.md rename to python/ql/lib/change-notes/released/0.11.2.md index 6c064920b51a..b9742da3fe01 100644 --- a/python/ql/lib/change-notes/2023-09-29-allow-namespace-packages.md +++ b/python/ql/lib/change-notes/released/0.11.2.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 0.11.2 + +### Minor Analysis Improvements + +* Added support for functions decorated with `contextlib.contextmanager`. * Namespace packages in the form of regular packages with missing `__init__.py`-files are now allowed. This enables the analysis to resolve modules and functions inside such packages. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 924f56c785a0..965b515cf93c 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.11.1 +lastReleaseVersion: 0.11.2 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 5f7b50cc851d..f264b8da2ebd 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 0.11.2-dev +version: 0.11.2 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 2d64d52f78b1..0360df4c4c52 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.9.2 + +No user-facing changes. + ## 0.9.1 No user-facing changes. diff --git a/python/ql/src/change-notes/released/0.9.2.md b/python/ql/src/change-notes/released/0.9.2.md new file mode 100644 index 000000000000..50442967c67b --- /dev/null +++ b/python/ql/src/change-notes/released/0.9.2.md @@ -0,0 +1,3 @@ +## 0.9.2 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 6789dcd18b70..e1eda5194355 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.9.1 +lastReleaseVersion: 0.9.2 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 69ece304b761..faae2e2c3d33 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 0.9.2-dev +version: 0.9.2 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index b531f75ca945..69474dff6bff 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### Minor Analysis Improvements diff --git a/ruby/ql/lib/change-notes/released/0.8.2.md b/ruby/ql/lib/change-notes/released/0.8.2.md new file mode 100644 index 000000000000..11c1f6119a57 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index f1cdda21fe7a..272e3a5ba348 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 0.8.2-dev +version: 0.8.2 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 947a4b45d51b..fa5327383b06 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.8.2 + +No user-facing changes. + ## 0.8.1 ### New Queries diff --git a/ruby/ql/src/change-notes/released/0.8.2.md b/ruby/ql/src/change-notes/released/0.8.2.md new file mode 100644 index 000000000000..11c1f6119a57 --- /dev/null +++ b/ruby/ql/src/change-notes/released/0.8.2.md @@ -0,0 +1,3 @@ +## 0.8.2 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 2f693f95ba69..404110129dc4 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.8.1 +lastReleaseVersion: 0.8.2 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index 5c39f44f0a77..74905491a998 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 0.8.2-dev +version: 0.8.2 groups: - ruby - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index ea5685637600..4b3494739186 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.2 + +No user-facing changes. + ## 0.1.1 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/0.1.2.md b/shared/controlflow/change-notes/released/0.1.2.md new file mode 100644 index 000000000000..9b0e2e7d7173 --- /dev/null +++ b/shared/controlflow/change-notes/released/0.1.2.md @@ -0,0 +1,3 @@ +## 0.1.2 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 92d1505475f3..6abd14b1ef83 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.1 +lastReleaseVersion: 0.1.2 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 11b94aac7fbd..f52e2be7607e 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 0.1.2-dev +version: 0.1.2 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 0a46c80290f2..b09685bca276 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.2 + +### Bug Fixes + +* The API for debugging flow using partial flow has changed slightly. Instead of using `module Partial = FlowExploration` and choosing between `Partial::partialFlow` and `Partial::partialFlowRev`, you now choose between `module Partial = FlowExplorationFwd` and `module Partial = FlowExplorationRev`, and then always use `Partial::partialFlow`. + ## 0.1.1 No user-facing changes. diff --git a/shared/dataflow/change-notes/2023-10-27-partialflow-api.md b/shared/dataflow/change-notes/released/0.1.2.md similarity index 93% rename from shared/dataflow/change-notes/2023-10-27-partialflow-api.md rename to shared/dataflow/change-notes/released/0.1.2.md index 267e29802524..b53a47e34b26 100644 --- a/shared/dataflow/change-notes/2023-10-27-partialflow-api.md +++ b/shared/dataflow/change-notes/released/0.1.2.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 0.1.2 + +### Bug Fixes + * The API for debugging flow using partial flow has changed slightly. Instead of using `module Partial = FlowExploration` and choosing between `Partial::partialFlow` and `Partial::partialFlowRev`, you now choose between `module Partial = FlowExplorationFwd` and `module Partial = FlowExplorationRev`, and then always use `Partial::partialFlow`. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 92d1505475f3..6abd14b1ef83 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.1 +lastReleaseVersion: 0.1.2 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index b5f082df4071..7527fd76d9e3 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 0.1.2-dev +version: 0.1.2 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 8b83d14599d8..21731cd39e33 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/mad/change-notes/released/0.2.2.md b/shared/mad/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..98e69fd07723 --- /dev/null +++ b/shared/mad/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 84e0167aa073..1c3ab80e508c 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: null diff --git a/shared/rangeanalysis/change-notes/2023-10-05-initial.md b/shared/rangeanalysis/CHANGELOG.md similarity index 62% rename from shared/rangeanalysis/change-notes/2023-10-05-initial.md rename to shared/rangeanalysis/CHANGELOG.md index 910b6962a932..c2ca7d0664f7 100644 --- a/shared/rangeanalysis/change-notes/2023-10-05-initial.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 0.0.1 + +### Minor Analysis Improvements + * Initial release. Moves the range analysis library into its own qlpack. diff --git a/shared/rangeanalysis/change-notes/released/0.0.1.md b/shared/rangeanalysis/change-notes/released/0.0.1.md new file mode 100644 index 000000000000..c2ca7d0664f7 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/0.0.1.md @@ -0,0 +1,5 @@ +## 0.0.1 + +### Minor Analysis Improvements + +* Initial release. Moves the range analysis library into its own qlpack. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml new file mode 100644 index 000000000000..c6933410b71c --- /dev/null +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.1 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index fbe05924c5a6..4f0abfe5f258 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 0.0.1-dev +version: 0.0.1 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index e9e382e822ff..de288a996f4b 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/regex/change-notes/released/0.2.2.md b/shared/regex/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..98e69fd07723 --- /dev/null +++ b/shared/regex/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 7f71bac0795f..a107c4e04f5f 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 14f5315d9431..d5da42bc097f 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/ssa/change-notes/released/0.2.2.md b/shared/ssa/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..98e69fd07723 --- /dev/null +++ b/shared/ssa/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 2b7f36f8a0b7..5a562f22a451 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md new file mode 100644 index 000000000000..59b60bad0f37 --- /dev/null +++ b/shared/threat-models/CHANGELOG.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/shared/threat-models/change-notes/released/0.0.1.md b/shared/threat-models/change-notes/released/0.0.1.md new file mode 100644 index 000000000000..59b60bad0f37 --- /dev/null +++ b/shared/threat-models/change-notes/released/0.0.1.md @@ -0,0 +1,3 @@ +## 0.0.1 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml new file mode 100644 index 000000000000..c6933410b71c --- /dev/null +++ b/shared/threat-models/codeql-pack.release.yml @@ -0,0 +1,2 @@ +--- +lastReleaseVersion: 0.0.1 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 71be8835aa76..d0a098b44f5e 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 0.0.0-dev +version: 0.0.1 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 00fd8e38eb70..8f74494a95a0 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/0.2.2.md b/shared/tutorial/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..98e69fd07723 --- /dev/null +++ b/shared/tutorial/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index e946d9ff8d2c..2202de7903be 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index d38fa8cd134a..573bebe63512 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/0.2.2.md b/shared/typetracking/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..98e69fd07723 --- /dev/null +++ b/shared/typetracking/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 57ceec740c13..d129cb1c023a 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 86271e826fcc..69aa575c51f8 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/typos/change-notes/released/0.2.2.md b/shared/typos/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..98e69fd07723 --- /dev/null +++ b/shared/typos/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index adf718c55f34..0ae042ad2bb2 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 389870529d13..47848666e354 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.2.2 + +### New Features + +* Added `FilePath` API for normalizing filepaths. + ## 0.2.1 No user-facing changes. diff --git a/shared/util/change-notes/2023-10-13-filepath-normalization.md b/shared/util/change-notes/2023-10-13-filepath-normalization.md deleted file mode 100644 index 3ffdadc85b39..000000000000 --- a/shared/util/change-notes/2023-10-13-filepath-normalization.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Added `FilePath` API for normalizing filepaths. \ No newline at end of file diff --git a/shared/util/change-notes/released/0.2.2.md b/shared/util/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..1a9e2b9e6a19 --- /dev/null +++ b/shared/util/change-notes/released/0.2.2.md @@ -0,0 +1,5 @@ +## 0.2.2 + +### New Features + +* Added `FilePath` API for normalizing filepaths. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 0e4352a879b2..98af9491fd87 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true dependencies: null diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index f7309a0c5e81..fe6a5127bce3 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.2.2 + +No user-facing changes. + ## 0.2.1 No user-facing changes. diff --git a/shared/yaml/change-notes/released/0.2.2.md b/shared/yaml/change-notes/released/0.2.2.md new file mode 100644 index 000000000000..98e69fd07723 --- /dev/null +++ b/shared/yaml/change-notes/released/0.2.2.md @@ -0,0 +1,3 @@ +## 0.2.2 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index df29a726bccc..16a06790aa83 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.2.1 +lastReleaseVersion: 0.2.2 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 4ecff12de0ef..da2ef273d9c0 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 0.2.2-dev +version: 0.2.2 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index c6e233b82b69..a73f4d6a778b 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 0.3.2 + +### Minor Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. +* Added children of `UnspecifiedElement`, which will be present only in certain downgraded databases. +* Collection content is now automatically read at taint flow sinks. This removes the need to define an `allowImplicitRead` predicate on data flow configurations where the sink might be an array, set or similar type with tainted contents. Where that step had not been defined, taint may find additional results now. +* Added taint models for `StringProtocol.appendingFormat` and `String.decodeCString`. +* Added taint flow models for members of `Substring`. +* Added taint flow models for `RawRepresentable`. +* The contents of autoclosure function parameters are now included in the control flow graph and data flow libraries. +* Added models of `StringProtocol` and `NSString` methods that evaluate regular expressions. +* Flow through 'open existential expressions', implicit expressions created by the compiler when a method is called on a protocol. This may apply, for example, when the method is a modelled taint source. + ## 0.3.1 ### Minor Analysis Improvements diff --git a/swift/ql/lib/change-notes/2023-08-31-open-existential-expr.md b/swift/ql/lib/change-notes/2023-08-31-open-existential-expr.md deleted file mode 100644 index 5d2a67ea7118..000000000000 --- a/swift/ql/lib/change-notes/2023-08-31-open-existential-expr.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Flow through 'open existential expressions', implicit expressions created by the compiler when a method is called on a protocol. This may apply, for example, when the method is a modelled taint source. diff --git a/swift/ql/lib/change-notes/2023-10-05-regex-models.md b/swift/ql/lib/change-notes/2023-10-05-regex-models.md deleted file mode 100644 index 5e20981492cb..000000000000 --- a/swift/ql/lib/change-notes/2023-10-05-regex-models.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added models of `StringProtocol` and `NSString` methods that evaluate regular expressions. diff --git a/swift/ql/lib/change-notes/2023-10-06-autoclosure-cfg.md b/swift/ql/lib/change-notes/2023-10-06-autoclosure-cfg.md deleted file mode 100644 index a8d118b59847..000000000000 --- a/swift/ql/lib/change-notes/2023-10-06-autoclosure-cfg.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* The contents of autoclosure function parameters are now included in the control flow graph and data flow libraries. diff --git a/swift/ql/lib/change-notes/2023-10-13-rawrepresentable.md b/swift/ql/lib/change-notes/2023-10-13-rawrepresentable.md deleted file mode 100644 index 114afd58ab82..000000000000 --- a/swift/ql/lib/change-notes/2023-10-13-rawrepresentable.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint flow models for `RawRepresentable`. diff --git a/swift/ql/lib/change-notes/2023-10-16-collection-content.md b/swift/ql/lib/change-notes/2023-10-16-collection-content.md deleted file mode 100644 index c2e50f53dcfc..000000000000 --- a/swift/ql/lib/change-notes/2023-10-16-collection-content.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Collection content is now automatically read at taint flow sinks. This removes the need to define an `allowImplicitRead` predicate on data flow configurations where the sink might be an array, set or similar type with tainted contents. Where that step had not been defined, taint may find additional results now. diff --git a/swift/ql/lib/change-notes/2023-10-16-string.md b/swift/ql/lib/change-notes/2023-10-16-string.md deleted file mode 100644 index 9cb138f8c5e3..000000000000 --- a/swift/ql/lib/change-notes/2023-10-16-string.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint models for `StringProtocol.appendingFormat` and `String.decodeCString`. diff --git a/swift/ql/lib/change-notes/2023-10-16-substring.md b/swift/ql/lib/change-notes/2023-10-16-substring.md deleted file mode 100644 index be494a121844..000000000000 --- a/swift/ql/lib/change-notes/2023-10-16-substring.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added taint flow models for members of `Substring`. diff --git a/swift/ql/lib/change-notes/2023-10-18-unspecified-element-children.md b/swift/ql/lib/change-notes/2023-10-18-unspecified-element-children.md deleted file mode 100644 index 917dba315511..000000000000 --- a/swift/ql/lib/change-notes/2023-10-18-unspecified-element-children.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- - -* Added children of `UnspecifiedElement`, which will be present only in certain downgraded databases. diff --git a/swift/ql/lib/change-notes/2023-10-27-variable-capture.md b/swift/ql/lib/change-notes/2023-10-27-variable-capture.md deleted file mode 100644 index 94c7201c30ba..000000000000 --- a/swift/ql/lib/change-notes/2023-10-27-variable-capture.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. \ No newline at end of file diff --git a/swift/ql/lib/change-notes/released/0.3.2.md b/swift/ql/lib/change-notes/released/0.3.2.md new file mode 100644 index 000000000000..82c7fa904034 --- /dev/null +++ b/swift/ql/lib/change-notes/released/0.3.2.md @@ -0,0 +1,13 @@ +## 0.3.2 + +### Minor Analysis Improvements + +* Improved support for flow through captured variables that properly adheres to inter-procedural control flow. +* Added children of `UnspecifiedElement`, which will be present only in certain downgraded databases. +* Collection content is now automatically read at taint flow sinks. This removes the need to define an `allowImplicitRead` predicate on data flow configurations where the sink might be an array, set or similar type with tainted contents. Where that step had not been defined, taint may find additional results now. +* Added taint models for `StringProtocol.appendingFormat` and `String.decodeCString`. +* Added taint flow models for members of `Substring`. +* Added taint flow models for `RawRepresentable`. +* The contents of autoclosure function parameters are now included in the control flow graph and data flow libraries. +* Added models of `StringProtocol` and `NSString` methods that evaluate regular expressions. +* Flow through 'open existential expressions', implicit expressions created by the compiler when a method is called on a protocol. This may apply, for example, when the method is a modelled taint source. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index bb106b1cb634..18c64250f424 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.1 +lastReleaseVersion: 0.3.2 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 1f1bf6861b22..c3ec3196fb35 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 0.3.2-dev +version: 0.3.2 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index 03ca56f798e8..19e0e84c665c 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.3.2 + +No user-facing changes. + ## 0.3.1 ### Minor Analysis Improvements diff --git a/swift/ql/src/change-notes/released/0.3.2.md b/swift/ql/src/change-notes/released/0.3.2.md new file mode 100644 index 000000000000..b4dc17f03ecf --- /dev/null +++ b/swift/ql/src/change-notes/released/0.3.2.md @@ -0,0 +1,3 @@ +## 0.3.2 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index bb106b1cb634..18c64250f424 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.3.1 +lastReleaseVersion: 0.3.2 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 8803b4d6084a..faa56e6c5bc7 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 0.3.2-dev +version: 0.3.2 groups: - swift - queries