Skip to content

v2.18.1
Compare
Choose a tag to compare
@codeql-ci codeql-ci released this 25 Jul 17:00
· 14 commits to main since this release
v2.18.1
d7a1c17

Security Updates

  • Resolves CVE-2023-4759, an arbitrary file overwrite in Eclipse JGit that can be triggered when using untrusted third-party queries from a git repository. See the security advisory for more information.
  • The following dependencies have been updated. These updates include security fixes in the respective libraries that prevent out-of-bounds accesses or denial-of-service in scenarios where untrusted files are processed. These scenarios are not likely to be encountered in most uses of CodeQL and code scanning, and only apply to advanced use cases where precompiled query packs, database ZIP files, or database TRAP files are obtained from untrusted sources and then processed on a trusted machine.
    • airlift/aircompressor is updated to version 0.27.
    • Apache Ant is updated to version 1.10.11.
    • Apache Commons Compress is updated to version 1.26.0.
    • Apache Commons IO is updated to version 2.15.1.
    • Apache Commons Lang3 is updated to version 3.14.0.
    • jsoup is updated to version 1.15.3.
    • Logback is updated to version 1.2.13.
    • Snappy is updated to version 0.5.

New features

  • The experimental type QlBuiltins::BigInt of arbitrary-precision integers has been introduced. To opt in to this API, compile your queries with --allow-experimental=bigint. Big integers can be constructed using the .toBigInt() methods of int and string.
  • codeql test run now supports postprocessing of test results. When .qlref files specify a path to a postprocess query, then this is evaluated after the test query to transform the test outputs prior to concatenating them into the actual results.

Improvements

  • The 30% QL query compilation slowdown noted in 2.18.0 has been fixed.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.18.1.

Assets 9
Loading