v2.22.0

Breaking changes

• A number of breaking changes have been made to the C and C++ CodeQL test environment as used by codeql test run.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.22.0.

v2.21.4

Deprecations

• The clang_vector_types, clang_attributes, and flax-vector-conversions command
  line options have been removed from the C/C++ extractor. These options were introduced
  as workarounds to frontend limitations in earlier versions of the extractor and are
  no longer needed when calling the extractor directly.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is used to run the CodeQL
  CLI has been updated to version 21.0.7.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.21.4.

v2.21.3

Miscellaneous

• Windows binaries for the CodeQL CLI are now built with /guard:cf, enabling Control Flow Guard.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.21.3.

v2.21.2

Bugs fixed

• codeql generate log-summary now correctly includes dependencies maps in predicate events for COMPUTED_EXTENSIONAL predicates.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.21.2.

v2.21.1

Bugs fixed

• Fixed a bug in CodeQL analysis for GitHub Actions in the presence of a code scanning configuration file containing paths-ignore exclusion patterns but not paths inclusion patterns.
  Previously, such a configuration incorrectly led to all YAML, HTML, JSON, and JS source files being extracted, except for those filtered by paths-ignore. This in turn led to performance issues on large codebases. Now, only workflow and Action metadata YAML files relevant to the GitHub Actions analysis will be extracted, except for those filtered by paths-ignore. This matches the default behavior when no configuration file is provided.
  The handling of paths inclusion patterns is unchanged: if provided, only those paths will be considered, except for those filtered by paths-ignore.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.21.1.

v2.21.0

Miscellaneous

• On macOS the CODEQL_TRACER_RELOCATION_EXCLUDE environment variable can now be used to exclude certain paths from the tracer relocation and tracing process. This environment variable accepts newline-separated regex patterns of binaries to be excluded.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.21.0.

v2.20.7

• There are no user-facing changes in this release.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.20.7.

v2.20.6

Miscellaneous

• The CodeQL XML extractor is now able to parse documents in a wider array of character sets.

• The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version 21.0.6.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.20.6.

v2.20.5

Release 2.20.5 (2025-02-20)

Breaking changes

• Removed support for QlBuiltins::BigInts in the avg() aggregate.

• A number of breaking changes have been made to the C and C++ CodeQL test environment as used by codeql test run.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.20.5.

v2.20.4

New features

• Using the actions language (for analysis of GitHub Actions workflows) no longer requires
  the CODEQL_ENABLE_EXPERIMENTAL_FEATURES environment variable to be set. Support for analysis
  of GitHub Actions workflows remains in public preview.

Bugs fixed

• Fixed a bug where CodeQL for Java would fail with an SSL exception while trying to download maven.

Miscellaneous

• The build of the logback-core library that is used for logging in the CodeQL CLI has been updated to version 1.3.15.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.20.4.