github · nickrolfe · Jul 22, 2025 · Jul 21, 2025 · Jul 22, 2025
@@ -1,3 +1,9 @@
+## 0.4.13
+
+### Bug Fixes
+
+* The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries  now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
+
 ## 0.4.12
 
 ### Minor Analysis Improvements

@@ -1,4 +1,5 @@
----
-category: fix
----
+## 0.4.13
+
+### Bug Fixes
+
 * The `actions/artifact-poisoning/critical` and `actions/artifact-poisoning/medium` queries  now exclude artifacts downloaded to `$[{ runner.temp }}` in addition to `/tmp`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.12
+lastReleaseVersion: 0.4.13
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.13-dev
+version: 0.4.13
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,7 @@
+## 0.6.5
+
+No user-facing changes.
+
 ## 0.6.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.6.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.4
+lastReleaseVersion: 0.6.5
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.5-dev
+version: 0.6.5
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,20 @@
+## 5.3.0
+
+### Deprecated APIs
+
+* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
+
+### New Features
+
+* Added a `isFinalValueOfParameter` predicate to DataFlow::Node which holds when a dataflow node represents the final value of an output parameter of a function.
+
+### Minor Analysis Improvements
+
+* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
+* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
+* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
+* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
+
 ## 5.2.0
 
 ### Deprecated APIs

@@ -0,0 +1,16 @@
+## 5.3.0
+
+### Deprecated APIs
+
+* The `UnknownDefaultLocation`, `UnknownExprLocation`, and `UnknownStmtLocation` classes have been deprecated. Use `UnknownLocation` instead.
+
+### New Features
+
+* Added a `isFinalValueOfParameter` predicate to DataFlow::Node which holds when a dataflow node represents the final value of an output parameter of a function.
+
+### Minor Analysis Improvements
+
+* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
+* The analysis of C/C++ code targeting 64-bit Arm platforms has been improved. This includes support for the Arm-specific builtin functions, support for the `arm_neon.h` header and Neon vector types, and support for the `fp8` scalar type. The `arm_sve.h` header and scalable vectors are only partially supported at this point.
+* Added support for `__fp16 _Complex` and `__bf16 _Complex` types
+* Added `sql-injection` sink models for the Oracle Call Interface (OCI) database library functions `OCIStmtPrepare` and `OCIStmtPrepare2`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.2.0
+lastReleaseVersion: 5.3.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 5.2.1-dev
+version: 5.3.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,16 @@
+## 1.4.4
+
+### Minor Analysis Improvements
+
+* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
+* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
+* Improved support for dataflow through function objects and lambda expressions.
+* Added flow models for `pthread_create` and `std::thread`.
+* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
+* Added flow models for the GNU C Library.
+* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
+* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
+
 ## 1.4.3
 
 ### Minor Analysis Improvements

@@ -0,0 +1,12 @@
+## 1.4.4
+
+### Minor Analysis Improvements
+
+* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
+* Added flow models for the Win32 API functions `CreateThread`, `CreateRemoteThread`, and `CreateRemoteThreadEx`.
+* Improved support for dataflow through function objects and lambda expressions.
+* Added flow models for `pthread_create` and `std::thread`.
+* The `cpp/incorrect-string-type-conversion` query no longer alerts on incorrect type conversions that occur in unreachable code.
+* Added flow models for the GNU C Library.
+* Fixed a number of false positives and false negatives in `cpp/global-use-before-init`. Note that this query is not part of any of the default query suites.
+* The query `cpp/sql-injection` now can be extended using the `sql-injection` Models as Data (MaD) sink kind.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.3
+lastReleaseVersion: 1.4.4
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.4-dev
+version: 1.4.4
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.44
+
+No user-facing changes.
+
 ## 1.7.43
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.44
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.43
+lastReleaseVersion: 1.7.44
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.44-dev
+version: 1.7.44
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.44
+
+No user-facing changes.
+
 ## 1.7.43
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.44
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.43
+lastReleaseVersion: 1.7.44
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.44-dev
+version: 1.7.44
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,9 @@
+## 5.2.0
+
+### New Features
+
+* Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
+
 ## 5.1.9
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: feature
----
+## 5.2.0
+
+### New Features
+
 * Added a new predicate, `getASuperType()`, to get a direct supertype of this type.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.1.9
+lastReleaseVersion: 5.2.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.1.10-dev
+version: 5.2.0
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,14 @@
+## 1.3.1
+
+### Minor Analysis Improvements
+
+* Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
+* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
+
+### Bug Fixes
+
+* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
+
 ## 1.3.0
 
 ### Query Metadata Changes

@@ -1,4 +1,10 @@
----
-category: minorAnalysis
----
+## 1.3.1
+
+### Minor Analysis Improvements
+
 * Explicitly added summary models for all overloads of `System.Xml.XmlDictionaryReader.CreateBinaryReader`. Added models for some of the methods and properties in `System.Runtime.Serialization.SerializationInfo` and `System.Runtime.Serialization.SerializationInfoEnumerator`. Updated models for `System.Text.Encoding.GetBytes`, `System.Text.Encoding.GetChars` and the constructor for `System.IO.MemoryStream`. This generally improves the library modelling and thus reduces the number of false negatives.
+* Added explicit SQL injection Models as Data models for `Microsoft.Data.SqlClient.SqlCommand` and `Microsoft.Data.SqlClient.SqlDataAdapter`. This reduces false negatives for the query `cs/sql-injection`.
+
+### Bug Fixes
+
+* `web.config` and `web.release.config` files are now recognised regardless of case. This means queries `cs/web/debug-binary` and `cs/web/missing-x-frame-options` may produce more results than before.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.0
+lastReleaseVersion: 1.3.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.3.1-dev
+version: 1.3.1
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.27
+
+No user-facing changes.
+
 ## 1.0.26
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.27
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.26
+lastReleaseVersion: 1.0.27
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.27-dev
+version: 1.0.27
 groups:
   - go
   - queries

@@ -1,3 +1,15 @@
+## 4.3.0
+
+### Deprecated APIs
+
+* The class `BuiltinType` is now deprecated. Use the new replacement `BuiltinTypeEntity` instead.
+* The class `DeclaredType` is now deprecated. Use the new replacement `DeclaredTypeEntity` instead.
+
+### Minor Analysis Improvements
+
+* Added models for the `Head` function and the `Client.Head` method, from the `net/http` package, to the `Http::ClientRequest` class. This means that they will be recognized as sinks for the query `go/request-forgery` and the experimental query `go/ssrf`.
+* Previously, `DefinedType.getBaseType` gave the underlying type. It now gives the right hand side of the type declaration, as the documentation indicated that it should.
+
 ## 4.2.8
 
 No user-facing changes.