github · MathiasVP · Jul 7, 2023 · Jul 7, 2023 · Jul 7, 2023 · Jul 7, 2023
@@ -1,3 +1,13 @@
+## 0.8.0
+
+### New Features
+
+* The `ProductFlow::StateConfigSig` signature now includes default predicates for `isBarrier1`, `isBarrier2`, `isAdditionalFlowStep1`, and `isAdditionalFlowStep1`. Hence, it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `getURL` predicate from the `Container`, `Folder`, and `File` classes. Use the `getLocation` predicate instead.
+
 ## 0.7.4
 
 No user-facing changes.

@@ -1,4 +1,9 @@
----
-category: feature
----
+## 0.8.0
+
+### New Features
+
 * The `ProductFlow::StateConfigSig` signature now includes default predicates for `isBarrier1`, `isBarrier2`, `isAdditionalFlowStep1`, and `isAdditionalFlowStep1`. Hence, it is no longer needed to provide `none()` implementations of these predicates if they are not needed.
+
+### Minor Analysis Improvements
+
+* Deleted the deprecated `getURL` predicate from the `Container`, `Folder`, and `File` classes. Use the `getLocation` predicate instead.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.7.4
+lastReleaseVersion: 0.8.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.8.0-dev
+version: 0.8.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,9 @@
+## 0.7.0
+
+### Minor Analysis Improvements
+
+* The `cpp/comparison-with-wider-type` query now correctly handles relational operations on signed operators. As a result the query may find more results.
+
 ## 0.6.4
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* The `cpp/comparison-with-wider-type` query now correctly handles relational operations on signed operators. As a result the query may find more results.
+## 0.7.0
+
+### Minor Analysis Improvements
+
+* The `cpp/comparison-with-wider-type` query now correctly handles relational operations on signed operators. As a result the query may find more results.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.4
+lastReleaseVersion: 0.7.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.7.0-dev
+version: 0.7.0
 groups: 
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.6.0
+
+No user-facing changes.
+
 ## 1.5.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.6.0
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.4
+lastReleaseVersion: 1.6.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.6.0-dev
+version: 1.6.0
 groups:
     - csharp
     - solorigate

@@ -1,3 +1,7 @@
+## 1.6.0
+
+No user-facing changes.
+
 ## 1.5.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.6.0
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.4
+lastReleaseVersion: 1.6.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.6.0-dev
+version: 1.6.0
 groups:
     - csharp
     - solorigate

@@ -1,3 +1,13 @@
+## 0.7.0
+
+### Major Analysis Improvements
+
+* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.
+
+### Minor Analysis Improvements
+
+* Additional support for `command-injection`, `ldap-injection`, `log-injection`, and `url-redirection` sink kinds for Models as Data.
+
 ## 0.6.4
 
 No user-facing changes.

@@ -0,0 +1,9 @@
+## 0.7.0
+
+### Major Analysis Improvements
+
+* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.
+
+### Minor Analysis Improvements
+
+* Additional support for `command-injection`, `ldap-injection`, `log-injection`, and `url-redirection` sink kinds for Models as Data.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.4
+lastReleaseVersion: 0.7.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.7.0-dev
+version: 0.7.0
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,13 @@
+## 0.7.0
+
+### New Queries
+
+* Added a new query, `cs/web/missing-function-level-access-control`, to find instances of missing authorization checks.
+
+### Bug Fixes
+
+* The query "Arbitrary file write during zip extraction ("Zip Slip")" (`cs/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
+
 ## 0.6.4
 
 No user-facing changes.

@@ -1,4 +1,9 @@
----
-category: fix
----
+## 0.7.0
+
+### New Queries
+
+* Added a new query, `cs/web/missing-function-level-access-control`, to find instances of missing authorization checks.
+
+### Bug Fixes
+
 * The query "Arbitrary file write during zip extraction ("Zip Slip")" (`cs/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.4
+lastReleaseVersion: 0.7.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.7.0-dev
+version: 0.7.0
 groups: 
   - csharp
   - queries

@@ -1,3 +1,13 @@
+## 0.6.0
+
+### Deprecated APIs
+
+* The `LogInjection::Configuration` taint flow configuration class has been deprecated. Use the `LogInjection::Flow` module instead.
+
+### Minor Analysis Improvements
+
+* When a result of path query flows through a function modeled using `DataFlow::FunctionModel` or `TaintTracking::FunctionModel`, the path now includes nodes corresponding to the input and output to the function. This brings it in line with functions modeled using Models-as-Data.
+
 ## 0.5.4
 
 No user-facing changes.

@@ -1,4 +1,9 @@
----
-category: minorAnalysis
----
+## 0.6.0
+
+### Deprecated APIs
+
+* The `LogInjection::Configuration` taint flow configuration class has been deprecated. Use the `LogInjection::Flow` module instead.
+
+### Minor Analysis Improvements
+
 * When a result of path query flows through a function modeled using `DataFlow::FunctionModel` or `TaintTracking::FunctionModel`, the path now includes nodes corresponding to the input and output to the function. This brings it in line with functions modeled using Models-as-Data.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.4
+lastReleaseVersion: 0.6.0
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 0.6.0-dev
+version: 0.6.0
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,9 @@
+## 0.6.0
+
+### Bug Fixes
+
+* The query "Arbitrary file write during zip extraction ("zip slip")" (`go/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
+
 ## 0.5.4
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: fix
----
+## 0.6.0
+
+### Bug Fixes
+
 * The query "Arbitrary file write during zip extraction ("zip slip")" (`go/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.5.4
+lastReleaseVersion: 0.6.0
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 0.6.0-dev
+version: 0.6.0
 groups:
   - go
   - queries

@@ -1,3 +1,25 @@
+## 0.7.0
+
+### Deprecated APIs
+
+* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated.
+
+### Major Analysis Improvements
+
+* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.
+
+### Minor Analysis Improvements
+
+* Added automatically-generated dataflow models for `javax.portlet`.
+* Added a missing summary model for the method `java.net.URL.toString`.
+* Added automatically-generated dataflow models for the following frameworks and libraries:
+  * `hudson`
+  * `jenkins`
+  * `net.sf.json`
+  * `stapler`
+* Added more models for the Hudson framework.
+* Added more models for the Stapler framework.
+
 ## 0.6.4
 
 No user-facing changes.

@@ -0,0 +1,21 @@
+## 0.7.0
+
+### Deprecated APIs
+
+* The `ExecCallable` class in `ExternalProcess.qll` has been deprecated.
+
+### Major Analysis Improvements
+
+* The data flow library now performs type strengthening. This increases precision for all data flow queries by excluding paths that can be inferred to be impossible due to incompatible types.
+
+### Minor Analysis Improvements
+
+* Added automatically-generated dataflow models for `javax.portlet`.
+* Added a missing summary model for the method `java.net.URL.toString`.
+* Added automatically-generated dataflow models for the following frameworks and libraries:
+  * `hudson`
+  * `jenkins`
+  * `net.sf.json`
+  * `stapler`
+* Added more models for the Hudson framework.
+* Added more models for the Stapler framework.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.4
+lastReleaseVersion: 0.7.0
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.7.0-dev
+version: 0.7.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,14 @@
+## 0.7.0
+
+### Minor Analysis Improvements
+
+* New models have been added for `org.apache.commons.lang`.
+* The query `java/unsafe-deserialization` has been updated to take into account `SerialKiller`, a library used to prevent deserialization of arbitrary classes.
+
+### Bug Fixes
+
+* The query "Arbitrary file write during archive extraction ("Zip Slip")" (`java/zipslip`) has been renamed to "Arbitrary file access during archive extraction ("Zip Slip")."
+
 ## 0.6.4
 
 No user-facing changes.