v2.11.3
Breaking changes
- The
codeql pack ls --format json
deep plumbing command now returns only thename
andversion
properties for each found pack.
Potentially breaking changes
codeql pack download
,codeql pack install
, andcodeql pack add
will ignore CodeQL packs with pre-release versions, unless the--allow-prerelease
option is passed to the command. This brings these commands into alignment withcodeql pack publish
that will avoid publishing CodeQL packs with pre-release versions unless the--allow-prerelease
option is specified.
Deprecations
- The
--[no-]fast-compilation
option tocodeql query compile
is now deprecated.
New features
codeql resolve files
andcodeql database index-files
have a new--find-any
option, which finds at most one match.
Miscellaneous
- The build of Apache Commons Text that is bundled with the CodeQL CLI has been updated to version 1.10.0. While previous releases shipped with version 1.6 of the library, no part of the CodeQL CLI references the
StringSubstitutor
class that the recently disclosed CVE-2022-42889 vulnerability applies to. We therefore do not believe that running previous releases of CodeQL exposes users to this vulnerability. - The build of Eclipse Temurin OpenJDK that is bundled with the CodeQL CLI has been updated to version 17.0.5.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.11.3
.