github · oscarsj · Dec 1, 2025 · Dec 1, 2025
@@ -1,3 +1,7 @@
+## 0.4.22
+
+No user-facing changes.
+
 ## 0.4.21
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.4.22
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.21
+lastReleaseVersion: 0.4.22
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.22-dev
+version: 0.4.22
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,7 @@
+## 0.6.14
+
+No user-facing changes.
+
 ## 0.6.13
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 0.6.14
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.13
+lastReleaseVersion: 0.6.14
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.14-dev
+version: 0.6.14
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,9 @@
+## 6.1.1
+
+### Minor Analysis Improvements
+
+* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.
+
 ## 6.1.0
 
 ### New Features

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.
+## 6.1.1
+
+### Minor Analysis Improvements
+
+* The class `DataFlow::FieldContent` now covers both `union` and `struct`/`class` types. A new predicate `FieldContent.getAField` has been added to access the union members associated with the `FieldContent`. The old `FieldContent` has been renamed to `NonUnionFieldContent`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.1.0
+lastReleaseVersion: 6.1.1
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 6.1.1-dev
+version: 6.1.1
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,7 @@
+## 1.5.5
+
+No user-facing changes.
+
 ## 1.5.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.5.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.4
+lastReleaseVersion: 1.5.5
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.5-dev
+version: 1.5.5
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.53
+
+No user-facing changes.
+
 ## 1.7.52
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.53
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.52
+lastReleaseVersion: 1.7.53
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.53-dev
+version: 1.7.53
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.53
+
+No user-facing changes.
+
 ## 1.7.52
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.53
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.52
+lastReleaseVersion: 1.7.53
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.53-dev
+version: 1.7.53
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,11 @@
+## 5.4.1
+
+### Minor Analysis Improvements
+
+* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.
+* Compilation errors are now included in the debug log when using build-mode none.
+* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.
+
 ## 5.4.0
 
 ### Deprecated APIs

@@ -0,0 +1,7 @@
+## 5.4.1
+
+### Minor Analysis Improvements
+
+* Improved stability when downloading .NET versions by setting appropriate environment variables for `dotnet` commands. The correct architecture-specific version of .NET is now downloaded on ARM runners.
+* Compilation errors are now included in the debug log when using build-mode none.
+* Added a new extractor option to specify a custom directory for dependency downloads in buildless mode. Use `-O buildless_dependency_dir=<path>` to configure the target directory.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.4.0
+lastReleaseVersion: 5.4.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.4.1-dev
+version: 5.4.1
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,7 @@
+## 1.5.1
+
+No user-facing changes.
+
 ## 1.5.0
 
 ### New Queries
@@ -180,7 +184,7 @@ No user-facing changes.
 
 ### Minor Analysis Improvements
 
-* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query. 
+* C#: The method `string.ReplaceLineEndings(string)` is now considered a sanitizer for the `cs/log-forging` query.
 
 ## 1.0.10
 

@@ -0,0 +1,3 @@
+## 1.5.1
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.0
+lastReleaseVersion: 1.5.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.5.1-dev
+version: 1.5.1
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.36
+
+No user-facing changes.
+
 ## 1.0.35
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.36
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.35
+lastReleaseVersion: 1.0.36
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.36-dev
+version: 1.0.36
 groups:
   - go
   - queries

@@ -1,3 +1,7 @@
+## 5.0.3
+
+No user-facing changes.
+
 ## 5.0.2
 
 ### Bug Fixes

@@ -0,0 +1,3 @@
+## 5.0.3
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.2
+lastReleaseVersion: 5.0.3
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 5.0.3-dev
+version: 5.0.3
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,12 @@
+## 1.5.0
+
+### New Queries
+
+* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
+* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.
+* Added a new query, `go/weak-crypto-algorithm`, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an [experimental query by @dilanbhalla](https://github.com/github/codeql-go/pull/284).
+* Added a new query, `go/weak-sensitive-data-hashing`, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.
+
 ## 1.4.9
 
 No user-facing changes.

@@ -1,5 +1,8 @@
----
-category: newQuery
----
+## 1.5.0
+
+### New Queries
+
+* The `go/cookie-http-only-not-set` query has been promoted from the experimental query pack. This query was originally contributed to the experimental query pack by @edvraa.
+* A new query `go/cookie-secure-not-set` has been added to detect cookies without the `Secure` flag set.
 * Added a new query, `go/weak-crypto-algorithm`, to detect the use of a broken or weak cryptographic algorithm. A very simple version of this query was originally contributed as an [experimental query by @dilanbhalla](https://github.com/github/codeql-go/pull/284).
 * Added a new query, `go/weak-sensitive-data-hashing`, to detect the use of a broken or weak cryptographic hash algorithm on sensitive data.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.9
+lastReleaseVersion: 1.5.0
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.4.10-dev
+version: 1.5.0
 groups:
   - go
   - queries

@@ -1,3 +1,9 @@
+## 7.8.0
+
+### Deprecated APIs
+
+* The SSA interface has been updated and all classes and several predicates have been renamed. See the qldoc for more specific migration information.
+
 ## 7.7.4
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: deprecated
----
+## 7.8.0
+
+### Deprecated APIs
+
 * The SSA interface has been updated and all classes and several predicates have been renamed. See the qldoc for more specific migration information.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.7.4
+lastReleaseVersion: 7.8.0
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.7.5-dev
+version: 7.8.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,9 @@
+## 1.10.1
+
+### Minor Analysis Improvements
+
+* Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  
+
 ## 1.10.0
 
 ### Query Metadata Changes

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  
+## 1.10.1
+
+### Minor Analysis Improvements
+
+* Operations that extract only a fixed-length prefix or suffix of a string (for example, `substring` in Java or `take` in Kotlin), when limited to a length of at most 7 characters, are now treated as sanitizers for the `java/sensitive-log` query.  
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.10.0
+lastReleaseVersion: 1.10.1
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.10.1-dev
+version: 1.10.1
 groups:
   - java
   - queries

@@ -1,3 +1,9 @@
+## 2.6.16
+
+### Minor Analysis Improvements
+
+- JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`.
+
 ## 2.6.15
 
 No user-facing changes.

@@ -1,5 +1,5 @@
----
-category: minorAnalysis
----
+## 2.6.16
+
+### Minor Analysis Improvements
 
 - JavaScript `DataFlow::globalVarRef` now recognizes `document.defaultView` as an alias of `window`, allowing flows such as `document.defaultView.history.pushState(...)` to be modeled and found by queries relying on `globalVarRef("history")`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.15
+lastReleaseVersion: 2.6.16