github · smowton · Feb 20, 2024 · Feb 20, 2024 · Feb 20, 2024 · Feb 20, 2024
@@ -1,3 +1,9 @@
+## 0.12.6
+
+### New Features
+
+* A `getInitialization` predicate was added to the `RangeBasedForStmt` class that yields the C++20-style initializer of the range-based `for` statement when it exists.
+
 ## 0.12.5
 
 ### New Features

@@ -1,4 +1,5 @@
----
-category: feature
----
+## 0.12.6
+
+### New Features
+
 * A `getInitialization` predicate was added to the `RangeBasedForStmt` class that yields the C++20-style initializer of the range-based `for` statement when it exists.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.12.5
+lastReleaseVersion: 0.12.6
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.12.6-dev
+version: 0.12.7-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,10 @@
+## 0.9.5
+
+### Minor Analysis Improvements
+
+* The "non-constant format string" query (`cpp/non-constant-format`) has been updated to produce fewer false positives.
+* Added dataflow models for the `gettext` function variants. 
+
 ## 0.9.4
 
 ### Minor Analysis Improvements

@@ -1,4 +1,6 @@
----
-category: minorAnalysis
----
+## 0.9.5
+
+### Minor Analysis Improvements
+
 * The "non-constant format string" query (`cpp/non-constant-format`) has been updated to produce fewer false positives.
+* Added dataflow models for the `gettext` function variants. 
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.9.4
+lastReleaseVersion: 0.9.5
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.9.5-dev
+version: 0.9.6-dev
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.9
+
+No user-facing changes.
+
 ## 1.7.8
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.9
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.8
+lastReleaseVersion: 1.7.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.9-dev
+version: 1.7.10-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.9
+
+No user-facing changes.
+
 ## 1.7.8
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.9
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.8
+lastReleaseVersion: 1.7.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.9-dev
+version: 1.7.10-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,11 @@
+## 0.8.9
+
+### Minor Analysis Improvements
+
+* C# 12: The QL and data flow library now support primary constructors.
+* Added a new database relation to store key-value pairs corresponding to compilations. The new relation is used in
+buildless mode to surface information related to dependency fetching.
+
 ## 0.8.8
 
 ### Minor Analysis Improvements

@@ -1,6 +1,7 @@
----
-category: minorAnalysis
----
+## 0.8.9
+
+### Minor Analysis Improvements
+
+* C# 12: The QL and data flow library now support primary constructors.
 * Added a new database relation to store key-value pairs corresponding to compilations. The new relation is used in
 buildless mode to surface information related to dependency fetching.
-
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.8
+lastReleaseVersion: 0.8.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.8.9-dev
+version: 0.8.10-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,9 @@
+## 0.8.9
+
+### Minor Analysis Improvements
+
+* Added sanitizers for relative URLs, `List.Contains()`, and checking the `.Host` property on an URI to the `cs/web/unvalidated-url-redirection` query.
+
 ## 0.8.8
 
 ### Minor Analysis Improvements

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* Added sanitizers for relative URLs, `List.Contains()`, and checking the `.Host` property on an URI to the `cs/web/unvalidated-url-redirection` query.
+## 0.8.9
+
+### Minor Analysis Improvements
+
+* Added sanitizers for relative URLs, `List.Contains()`, and checking the `.Host` property on an URI to the `cs/web/unvalidated-url-redirection` query.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.8
+lastReleaseVersion: 0.8.9
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.8.9-dev
+version: 0.8.10-dev
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 0.0.8
+
+No user-facing changes.
+
 ## 0.0.7
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.0.8
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.7
+lastReleaseVersion: 0.0.8
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 0.0.8-dev
+version: 0.0.9-dev
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 0.7.9
+
+No user-facing changes.
+
 ## 0.7.8
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.7.9
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.8
+lastReleaseVersion: 0.7.9
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.7.9-dev
+version: 0.7.10-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,13 @@
+## 0.7.9
+
+### New Queries
+
+* The query "Missing JWT signature check" (`go/missing-jwt-signature-check`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @am0o0](https://github.com/github/codeql/pull/14075).
+
+### Major Analysis Improvements
+
+* The query "Use of a hardcoded key for signing JWT" (`go/hardcoded-key`) has been promoted from experimental to the main query pack. Its results will now appear by default as part of `go/hardcoded-credentials`. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/9378).
+
 ## 0.7.8
 
 No user-facing changes.

@@ -0,0 +1,9 @@
+## 0.7.9
+
+### New Queries
+
+* The query "Missing JWT signature check" (`go/missing-jwt-signature-check`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @am0o0](https://github.com/github/codeql/pull/14075).
+
+### Major Analysis Improvements
+
+* The query "Use of a hardcoded key for signing JWT" (`go/hardcoded-key`) has been promoted from experimental to the main query pack. Its results will now appear by default as part of `go/hardcoded-credentials`. This query was originally [submitted as an experimental query by @porcupineyhairs](https://github.com/github/codeql/pull/9378).
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.8
+lastReleaseVersion: 0.7.9
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.7.9-dev
+version: 0.7.10-dev
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 0.0.16
+
+No user-facing changes.
+
 ## 0.0.15
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.0.16
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.0.15
+lastReleaseVersion: 0.0.16
@@ -1,5 +1,5 @@
 name: codeql/java-automodel-queries
-version: 0.0.16-dev
+version: 0.0.17-dev
 groups:
     - java
     - automodel

@@ -1,3 +1,27 @@
+## 0.8.9
+
+### Deprecated APIs
+
+* The `PathCreation` class in `PathCreation.qll` has been deprecated.
+
+### Minor Analysis Improvements
+
+* An extension point for sanitizers of the query `java/unvalidated-url-redirection` has been added.
+* Added models for the following packages:
+
+  * java.io
+  * java.lang
+  * java.net
+  * java.net.http
+  * java.nio.file
+  * java.util.zip
+  * javax.servlet
+  * org.apache.commons.io
+  * org.apache.hadoop.fs
+  * org.apache.hadoop.fs.s3a
+  * org.eclipse.jetty.client
+  * org.gradle.api.file
+
 ## 0.8.8
 
 ### Minor Analysis Improvements

@@ -1,6 +1,12 @@
----
-category: minorAnalysis
----
+## 0.8.9
+
+### Deprecated APIs
+
+* The `PathCreation` class in `PathCreation.qll` has been deprecated.
+
+### Minor Analysis Improvements
+
+* An extension point for sanitizers of the query `java/unvalidated-url-redirection` has been added.
 * Added models for the following packages:
 
   * java.io

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.8.8
+lastReleaseVersion: 0.8.9
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.8.9-dev
+version: 0.8.10-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,22 @@
+## 0.8.9
+
+### New Queries
+
+* Added a new query `java/android/insecure-local-authentication` for finding uses of biometric authentication APIs that do not make use of a `KeyStore`-backed key and thus may be bypassed.
+
+### Query Metadata Changes
+
+* The `security-severity` score of the query `java/relative-path-command` has been reduced to better adjust it to the specific conditions needed for exploitation.
+
+### Major Analysis Improvements
+
+* The sinks of the queries `java/path-injection` and `java/path-injection-local` have been reworked. Path creation sinks have been converted to summaries instead, while sinks now are actual file read/write operations only. This has reduced the false positive ratio of both queries.
+
+### Minor Analysis Improvements
+
+* The sanitizer for the path injection queries has been improved to handle more cases where `equals` is used to check an exact path match.
+* The query `java/unvalidated-url-redirection` now sanitizes results following the same logic as the query `java/ssrf`. URLs the destination of which cannot be externally controlled will not be reported anymore.
+
 ## 0.8.8
 
 ### New Queries