github · mario-campos · Jun 25, 2026 · Jun 25, 2026 · Jun 25, 2026 · Jun 25, 2026
@@ -1,3 +1,10 @@
+## 0.4.38
+
+### Bug Fixes
+
+* GitHub Actions queries now better account for permission checks on jobs that call reusable workflows.
+* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.
+
 ## 0.4.37
 
 ### Minor Analysis Improvements

@@ -0,0 +1,6 @@
+## 0.4.38
+
+### Bug Fixes
+
+* GitHub Actions queries now better account for permission checks on jobs that call reusable workflows.
+* The query `actions/pr-on-self-hosted-runner` was updated to the latest standard runner labels reducing false positive results.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.37
+lastReleaseVersion: 0.4.38
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.38-dev
+version: 0.4.39-dev
 library: true
 warnOnImplicitThis: true
 dependencies:

@@ -1,3 +1,9 @@
+## 0.6.30
+
+### Query Metadata Changes
+
+* The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.
+
 ## 0.6.29
 
 ### Query Metadata Changes

@@ -1,4 +1,5 @@
----
-category: queryMetadata
----
+## 0.6.30
+
+### Query Metadata Changes
+
 * The name, description, and alert message of `actions/untrusted-checkout/medium` have been corrected to describe a non-privileged context.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.29
+lastReleaseVersion: 0.6.30
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.30-dev
+version: 0.6.31-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]

@@ -1,3 +1,20 @@
+## 11.0.0
+
+### Breaking Changes
+
+* Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
+* Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
+* Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.
+* Removed the deprecated `exprExits` predicate from `Options.qll`. Use `CustomOptions.exprExits` instead.
+* Removed the deprecated `alwaysCheckReturnValue` predicate from `Options.qll`. Use `CustomOptions.alwaysCheckReturnValue` instead.
+* Removed the deprecated `okToIgnoreReturnValue` predicate from `Options.qll`. Use `CustomOptions.okToIgnoreReturnValue` instead.
+* Removed the deprecated `semmle.code.cpp.Member`. Import `semmle.code.cpp.Element` and/or `semmle.code.cpp.Type` directly.
+* Removed the deprecated `UnknownDefaultLocation` class. Use `UnknownLocation` instead.
+* Removed the deprecated `UnknownExprLocation` class. Use `UnknownLocation` instead.
+* Removed the deprecated `UnknownStmtLocation` class. Use `UnknownLocation` instead.
+* Removed the deprecated `TemplateParameter` class. Use `TypeTemplateParameter` instead.
+* Support for class resolution across link targets has been removed for databases which were created with CodeQL versions before 1.23.0.
+
 ## 10.2.0
 
 ### Deprecated APIs

@@ -1,6 +1,7 @@
----
-category: breaking
----
+## 11.0.0
+
+### Breaking Changes
+
 * Removed the deprecated `overrideReturnsNull` predicate from `Options.qll`. Use `CustomOptions.overrideReturnsNull` instead.
 * Removed the deprecated `returnsNull` predicate from `Options.qll`. Use `CustomOptions.returnsNull` instead.
 * Removed the deprecated `exits` predicate from `Options.qll`. Use `CustomOptions.exits` instead.

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 10.2.0
+lastReleaseVersion: 11.0.0
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 10.2.1-dev
+version: 11.0.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

@@ -1,3 +1,7 @@
+## 1.6.5
+
+No user-facing changes.
+
 ## 1.6.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.6.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.6.4
+lastReleaseVersion: 1.6.5
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.6.5-dev
+version: 1.6.6-dev
 groups:
   - cpp
   - queries

@@ -1,3 +1,7 @@
+## 1.7.69
+
+No user-facing changes.
+
 ## 1.7.68
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.69
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.68
+lastReleaseVersion: 1.7.69
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.69-dev
+version: 1.7.70-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,7 @@
+## 1.7.69
+
+No user-facing changes.
+
 ## 1.7.68
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.69
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.68
+lastReleaseVersion: 1.7.69
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.69-dev
+version: 1.7.70-dev
 groups:
   - csharp
   - solorigate

@@ -1,3 +1,19 @@
+## 7.0.0
+
+### Breaking Changes
+
+* Renamed types related to *operation* expressions. The QL classes `BinaryArithmeticOperation`, `BinaryBitwiseOperation`, and `BinaryLogicalOperation` now include compound assignments; for example, `BinaryArithmeticOperation` now includes `a += b`.
+
+### Major Analysis Improvements
+
+* Added Razor Page handler method parameters (e.g., `OnGet`, `OnPost`, `OnPostAsync`) as remote flow sources, enabling security queries such as `cs/sql-injection` to detect vulnerabilities in `PageModel` subclasses.
+
+### Minor Analysis Improvements
+
+* Improved property and indexer call target resolution for partially overridden properties and indexers.
+* Improved extraction of range-access expressions on spans and strings (for example, `a[0..3]`). These expressions are now extracted as `Slice` (span) or `Substring` (string) calls.
+* Improved call target resolution for ref-return properties and indexers.
+
 ## 6.0.2
 
 ### Minor Analysis Improvements

@@ -0,0 +1,15 @@
+## 7.0.0
+
+### Breaking Changes
+
+* Renamed types related to *operation* expressions. The QL classes `BinaryArithmeticOperation`, `BinaryBitwiseOperation`, and `BinaryLogicalOperation` now include compound assignments; for example, `BinaryArithmeticOperation` now includes `a += b`.
+
+### Major Analysis Improvements
+
+* Added Razor Page handler method parameters (e.g., `OnGet`, `OnPost`, `OnPostAsync`) as remote flow sources, enabling security queries such as `cs/sql-injection` to detect vulnerabilities in `PageModel` subclasses.
+
+### Minor Analysis Improvements
+
+* Improved property and indexer call target resolution for partially overridden properties and indexers.
+* Improved extraction of range-access expressions on spans and strings (for example, `a[0..3]`). These expressions are now extracted as `Slice` (span) or `Substring` (string) calls.
+* Improved call target resolution for ref-return properties and indexers.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.0.2
+lastReleaseVersion: 7.0.0
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 6.0.3-dev
+version: 7.0.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

@@ -1,3 +1,7 @@
+## 1.7.5
+
+No user-facing changes.
+
 ## 1.7.4
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.7.5
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.4
+lastReleaseVersion: 1.7.5
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.7.5-dev
+version: 1.7.6-dev
 groups:
   - csharp
   - queries

@@ -1,3 +1,7 @@
+## 1.0.52
+
+No user-facing changes.
+
 ## 1.0.51
 
 No user-facing changes.

@@ -0,0 +1,3 @@
+## 1.0.52
+
+No user-facing changes.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.51
+lastReleaseVersion: 1.0.52
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.52-dev
+version: 1.0.53-dev
 groups:
   - go
   - queries

@@ -1,3 +1,20 @@
+## 7.2.0
+
+### Deprecated APIs
+
+* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.
+
+### Minor Analysis Improvements
+
+* Added models for the `log/slog` package (Go 1.21+). Its logging functions and
+  `*slog.Logger` methods (`Debug`/`Info`/`Warn`/`Error`, their `Context`
+  variants, and `Log`/`LogAttrs`) are now recognized as logging sinks, so the
+  `go/log-injection` and `go/clear-text-logging` queries cover code that logs
+  through `slog`.
+* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.
+* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.
+* More logging functions are now recognized as not returning or panicking.
+
 ## 7.1.2
 
 No user-facing changes.

@@ -0,0 +1,16 @@
+## 7.2.0
+
+### Deprecated APIs
+
+* `FuncTypeExpr.getResultDecl()` has been deprecated. Use `FuncTypeExpr.getResultDecl(int i)` instead.
+
+### Minor Analysis Improvements
+
+* Added models for the `log/slog` package (Go 1.21+). Its logging functions and
+  `*slog.Logger` methods (`Debug`/`Info`/`Warn`/`Error`, their `Context`
+  variants, and `Log`/`LogAttrs`) are now recognized as logging sinks, so the
+  `go/log-injection` and `go/clear-text-logging` queries cover code that logs
+  through `slog`.
+* `DataFlow::ResultNode`s are no longer created for returned expressions in functions with named result parameters. In this case there are already result nodes corresponding to `IR::ReadResultInstruction`s at the end of the function body.
+* `FuncTypeExpr.getNumResult()` now gets the number of result parameters. It previously got the number of result declarations, which is different when one result declaration declares more than one variable, as in `x, y int`. All uses of it expected the number of result parameters. Its QLDoc has been updated.
+* More logging functions are now recognized as not returning or panicking.
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.1.2
+lastReleaseVersion: 7.2.0
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 7.1.3-dev
+version: 7.2.1-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

@@ -1,3 +1,9 @@
+## 1.6.5
+
+### Minor Analysis Improvements
+
+* The query `go/unhandled-writable-file-close` ("Writable file handle closed without error handling") now produces fewer false positives. A deferred call to `Close` that is preceded on every execution path by a handled call to `Sync` on the same file handle is no longer flagged.
+
 ## 1.6.4
 
 No user-facing changes.

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
+## 1.6.5
+
+### Minor Analysis Improvements
+
 * The query `go/unhandled-writable-file-close` ("Writable file handle closed without error handling") now produces fewer false positives. A deferred call to `Close` that is preceded on every execution path by a handled call to `Sync` on the same file handle is no longer flagged.