github · MathiasVP · Apr 28, 2022 · Apr 28, 2022 · Apr 28, 2022 · Apr 28, 2022
@@ -1,3 +1,14 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* More Windows pool allocation functions are now detected as `AllocationFunction`s.
+* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.
+
 ## 0.1.0
 
 ### Breaking Changes

@@ -0,0 +1,10 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* More Windows pool allocation functions are now detected as `AllocationFunction`s.
+* The `semmle.code.cpp.commons.Buffer` library has been enhanced to handle array members of classes that do not specify a size.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 0.1.1-dev
+version: 0.2.0
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,9 @@
+## 0.1.1
+
+### New Queries
+
+* An new query `cpp/external-entity-expansion` has been added. The query detects XML objects that are vulnerable to external entity expansion (XXE) attacks.
+
 ## 0.1.0
 
 ### Minor Analysis Improvements

@@ -1,4 +1,5 @@
----
-category: newQuery
----
+## 0.1.1
+
+### New Queries
+
 * An new query `cpp/external-entity-expansion` has been added. The query detects XML objects that are vulnerable to external entity expansion (XXE) attacks.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 0.1.1-dev
+version: 0.1.1
 groups: 
   - cpp
   - queries

@@ -1,3 +1,5 @@
+## 1.1.1
+
 ## 1.1.0
 
 ## 1.0.7

@@ -0,0 +1 @@
+## 1.1.1
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.1.1-dev
+version: 1.1.1
 groups:
     - csharp
     - solorigate

@@ -1,3 +1,5 @@
+## 1.1.1
+
 ## 1.1.0
 
 ## 1.0.7

@@ -0,0 +1 @@
+## 1.1.1
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.0
+lastReleaseVersion: 1.1.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.1.1-dev
+version: 1.1.1
 groups:
     - csharp
     - solorigate

@@ -1,3 +1,9 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
 ## 0.1.0
 
 ### Breaking Changes

@@ -0,0 +1,5 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 0.1.1-dev
+version: 0.2.0
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,5 @@
+## 0.1.1
+
 ## 0.1.0
 
 ## 0.0.13

@@ -0,0 +1 @@
+## 0.1.1
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 0.1.1-dev
+version: 0.1.1
 groups: 
   - csharp
   - queries

@@ -1,3 +1,21 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
+  * Added flow sources and steps for JMS versions 1 and 2.
+  * Added flow sources and steps for RabbitMQ.
+  * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
+* Added data-flow models for the Spring Framework component `spring-beans`.
+
+### Bug Fixes
+
+* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
+
 ## 0.1.0
 
 ### Breaking Changes

@@ -0,0 +1,17 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
+### Minor Analysis Improvements
+
+* Improved the data flow support for the Android class `SharedPreferences$Editor`. Specifically, the fluent logic of some of its methods is now taken into account when calculating data flow.
+  * Added flow sources and steps for JMS versions 1 and 2.
+  * Added flow sources and steps for RabbitMQ.
+  * Added flow steps for `java.io.DataInput` and `java.io.ObjectInput` implementations.
+* Added data-flow models for the Spring Framework component `spring-beans`.
+
+### Bug Fixes
+
+* The QL class `JumpStmt` has been made the superclass of `BreakStmt`, `ContinueStmt` and `YieldStmt`. This allows directly using its inherited predicates without having to explicitly cast to `JumpStmt` first.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 0.1.1-dev
+version: 0.2.0
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java

@@ -1,3 +1,9 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* Query `java/insecure-cookie` no longer produces a false positive if `cookie.setSecure(...)` is called passing a constant that always equals `true`.
+
 ## 0.1.0
 
 ### Query Metadata Changes

@@ -0,0 +1,5 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* Query `java/insecure-cookie` no longer produces a false positive if `cookie.setSecure(...)` is called passing a constant that always equals `true`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 0.1.1-dev
+version: 0.1.1
 groups: 
   - java
   - queries

@@ -1,3 +1,5 @@
+## 0.1.1
+
 ## 0.1.0
 
 ### Bug Fixes

@@ -0,0 +1 @@
+## 0.1.1
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 0.1.1-dev
+version: 0.1.1
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript

@@ -1,3 +1,11 @@
+## 0.1.1
+
+### Minor Analysis Improvements
+
+* The call graph now deals more precisely with calls to accessors (getters and setters).
+  Previously, calls to static accessors were not resolved, and some method calls were
+  incorrectly seen as calls to an accessor. Both issues have been fixed.
+
 ## 0.1.0
 
 ### New Queries

@@ -1,6 +1,7 @@
----
-category: minorAnalysis
----
+## 0.1.1
+
+### Minor Analysis Improvements
+
 * The call graph now deals more precisely with calls to accessors (getters and setters).
   Previously, calls to static accessors were not resolved, and some method calls were
   incorrectly seen as calls to an accessor. Both issues have been fixed.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
@@ -1,5 +1,5 @@
 name: codeql/javascript-queries
-version: 0.1.1-dev
+version: 0.1.1
 groups: 
   - javascript
   - queries

@@ -1,3 +1,9 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
+
 ## 0.1.0
 
 ### Breaking Changes

@@ -0,0 +1,5 @@
+## 0.2.0
+
+### Breaking Changes
+
+* The signature of `allowImplicitRead` on `DataFlow::Configuration` and `TaintTracking::Configuration` has changed from `allowImplicitRead(DataFlow::Node node, DataFlow::Content c)` to `allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c)`.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.2.0
@@ -1,5 +1,5 @@
 name: codeql/python-all
-version: 0.1.1-dev
+version: 0.2.0
 groups: python
 dbscheme: semmlecode.python.dbscheme
 extractor: python

@@ -1,3 +1,5 @@
+## 0.1.1
+
 ## 0.1.0
 
 ## 0.0.13

@@ -0,0 +1 @@
+## 0.1.1
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.1.0
+lastReleaseVersion: 0.1.1
@@ -1,5 +1,5 @@
 name: codeql/python-queries
-version: 0.1.1-dev
+version: 0.1.1
 groups: 
   - python
   - queries