- Added a new query,
rb/stack-trace-exposure, to detect exposure of stack-traces to users via HTTP responses.
- The
AlertSuppression.qlquery has been updated to support the new# codeql[query-id]supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy# lgtmand# lgtm[query-id]comments can now also be placed on the line before an alert. - Extended the
rb/kernel-openquery with following sinks:IO.write,IO.binread,IO.binwrite,IO.foreach,IO.readlines, andURI.open.