github · igfoo · Sep 17, 2025 · Sep 16, 2025
@@ -1,3 +1,7 @@
+## 0.4.17
+
+No user-facing changes.
+
 ## 0.4.16
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.4.17
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.16
+lastReleaseVersion: 0.4.17
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.17-dev
+version: 0.4.17
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,9 @@
+## 0.6.9
+
+### Minor Analysis Improvements
+
+* Actions analysis now reports file coverage information on the CodeQL status page.
+
 ## 0.6.8
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 0.6.9
+
+### Minor Analysis Improvements
+
 * Actions analysis now reports file coverage information on the CodeQL status page.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.8
+lastReleaseVersion: 0.6.9
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.9-dev
+version: 0.6.9
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,13 @@
+## 5.6.0
+
+### Deprecated APIs
+
+* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
+
+### New Features
+
+* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.
+
 ## 5.5.0
 
 ### New Features

@@ -1,4 +1,9 @@
----
-category: feature
----
+## 5.6.0
+
+### Deprecated APIs
+
+* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
+
+### New Features
+
 * Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.5.0
+lastReleaseVersion: 5.6.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 5.5.1-dev
+version: 5.6.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,15 @@
+## 1.5.0
+
+### Major Analysis Improvements
+
+* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
+* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
+
+### Bug Fixes
+
+* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
+* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
+
 ## 1.4.7
 
 ### Bug Fixes

@@ -1,5 +1,11 @@
----
-category: majorAnalysis
----
+## 1.5.0
+
+### Major Analysis Improvements
+
 * The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
 * The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
+
+### Bug Fixes
+
+* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
+* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.7
+lastReleaseVersion: 1.5.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.4.8-dev
+version: 1.5.0
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.48
+
+No user-facing changes.
+
 ## 1.7.47
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.48
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.47
+lastReleaseVersion: 1.7.48
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.48-dev
+version: 1.7.48
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.48
+
+No user-facing changes.
+
 ## 1.7.47
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.48
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.47
+lastReleaseVersion: 1.7.48
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.48-dev
+version: 1.7.48
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 5.2.4
+
+No user-facing changes.
+
 ## 5.2.3
 
 ### Minor Analysis Improvements

@@ -0,0 +1,3 @@
+## 5.2.4
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.2.3
+lastReleaseVersion: 5.2.4
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.2.4-dev
+version: 5.2.4
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,17 @@
+## 1.4.0
+
+### Deprecated Queries
+
+* The query `cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.
+
+### Minor Analysis Improvements
+
+* The query `cs/call-to-object-tostring` has been improved to remove false positives for enum types.
+
+### Bug Fixes
+
+* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
+
 ## 1.3.4
 
 No user-facing changes.

@@ -0,0 +1,13 @@
+## 1.4.0
+
+### Deprecated Queries
+
+* The query `cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.
+
+### Minor Analysis Improvements
+
+* The query `cs/call-to-object-tostring` has been improved to remove false positives for enum types.
+
+### Bug Fixes
+
+* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.4
+lastReleaseVersion: 1.4.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.3.5-dev
+version: 1.4.0
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.31
+
+No user-facing changes.
+
 ## 1.0.30
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.31
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.30
+lastReleaseVersion: 1.0.31
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.31-dev
+version: 1.0.31
 groups:
   - go
   - queries

@@ -1,3 +1,10 @@
+## 4.3.4
+
+### Minor Analysis Improvements
+
+* The second argument of the `CreateTemp` function, from the `os` package, is no longer a path-injection sink due to proper sanitization by Go.
+* The query "Uncontrolled data used in path expression" (`go/path-injection`) now detects sanitizing a path by adding `os.PathSeparator` or `\` to the beginning.
+
 ## 4.3.3
 
 No user-facing changes.

@@ -1,5 +1,6 @@
----
-category: minorAnalysis
----
+## 4.3.4
+
+### Minor Analysis Improvements
+
 * The second argument of the `CreateTemp` function, from the `os` package, is no longer a path-injection sink due to proper sanitization by Go.
-* The query "Uncontrolled data used in path expression" (`go/path-injection`) now detects sanitizing a path by adding `os.PathSeparator` or `\` to the beginning.
+* The query "Uncontrolled data used in path expression" (`go/path-injection`) now detects sanitizing a path by adding `os.PathSeparator` or `\` to the beginning.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.3.3
+lastReleaseVersion: 4.3.4
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 4.3.4-dev
+version: 4.3.4
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,7 @@
+## 1.4.5
+
+No user-facing changes.
+
 ## 1.4.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.4.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.4
+lastReleaseVersion: 1.4.5
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.4.5-dev
+version: 1.4.5
 groups:
   - go
   - queries

@@ -1,3 +1,18 @@
+## 7.7.0
+
+### New Features
+
+* The Java extractor and QL libraries now support Java 25.
+* Added support for Java 25 compact source files (JEP 512). The new predicate `Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate `CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.
+* Added support for Java 25 module import declarations.
+* Add `ModuleImportDeclaration` class.
+
+### Minor Analysis Improvements
+
+* Improved support for various assertion libraries, in particular JUnit. This affects the control-flow graph slightly, and in turn affects several queries (mainly quality queries). Most queries should see improved precision (new true positives and fewer false positives), in particular `java/constant-comparison`, `java/index-out-of-bounds`, `java/dereferenced-value-may-be-null`, and `java/useless-null-check`. Some medium precision queries like `java/toctou-race-condition` and `java/unreleased-lock` may see mixed result changes (both slight improvements and slight regressions).
+* Added taint flow model for `java.crypto.KDF`.
+* Added taint flow model for `java.lang.ScopedValue`.
+
 ## 7.6.1
 
 No user-facing changes.