Skip to content

v2.16.3
Compare
Choose a tag to compare
@codeql-ci codeql-ci released this 22 Feb 11:48
· 11 commits to main since this release
v2.16.3
f07c9ca
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Security patches

  • Fixes CVE-2024-25129, a limited data exfiltration vulnerability that could be triggered by untrusted databases or QL packs. See the security advisory for more information.

New Features

  • A new extractor option has been added to the Python extractor. Pass one of --extractor-option python_executable_name=py or --extractor-option python_executable_name=python or --extractor-option python_executable_name=python3 to codeql database create (or codeql database trace-command or, for indirect tracing, codeql database init) to override the default Python executable search and selection behavior of the Python extractor. For example, on Windows machines, the Python extractor will expect to find py.exe on the system PATH by default. Setting this extractor option or environment variable allows overriding this behavior to look for a different name.

    More detail can be found in the extractor option documentation.

Bugs fixed

  • Fixed a bug where CodeQL may produce an invalid database when it exhausts all available ID numbers. Now it detects the condition and reports an error instead.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.16.3.

Assets 9