CodeQL 2.7.2 (2021-11-22)¶
This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the code scanning section on the GitHub blog, relevant GitHub Changelog updates, changes in the CodeQL extension for Visual Studio Code, and the CodeQL Action changelog.
Security Coverage¶
CodeQL 2.7.2 runs a total of 278 security queries when configured with the Default suite (covering 124 CWE). The Extended suite enables an additional 85 queries (covering 31 more CWE). 5 security queries have been added with this release.
CodeQL CLI¶
Potentially Breaking Changes¶
- The Java extractor now defaults to extracting all XML documents under 10MB in size, a change from the previous default of only extracting documents with particular well-known names (e.g.
pom.xml). However, if the source tree contains more than 50MB of XML in total, it prints a warning and falls back to the old default behaviour. Set the environment variableLGTM_INDEX_XML_MODEtobynameto get the old default behaviour, orallto extract all documents under 10MB regardless of total size. - The experimental command-line option
--native-library-paththat was introduced to support internal experiments has been removed. - The beta
codeql pack publishcommand will now prevent accidental publishing of packages with pre-release version qualifiers. Prerelease versions are those that include a-after the major, minor, and patch versions such as1.2.3-dev. To avoid this change, use the--allow-prereleaseoption.
Bug Fixes¶
- Fixed an issue when using the
--evaluator-logoption where aNullPointerExceptioncould sometimes occur non-deterministically. - Fixed bugs observed when using indirect build tracing using a CodeQL distribution unpacked to a path containing spaces or on Arch Linux.
New Features¶
- CodeQL databases now contain metadata about how and when they were created. This can be found in the
creationMetadatafield of thecodeql-database.ymlfile within the CodeQL database directory. More information may be added to this field in future releases.