2.0.0

Breaking Changes

• The Java extractor no longer supports the SEMMLE_DIST legacy environment variable.

Deprecated APIs

• The predicate isAndroid from the module semmle.code.java.security.AndroidCertificatePinningQuery has been deprecated. Use semmle.code.java.frameworks.android.Android::inAndroidApplication(File) instead.

New Features

• Kotlin support is now out of beta, and generally available
• Kotlin versions up to 2.0.2x are now supported.

Minor Analysis Improvements

• Added a path-injection sink for hudson.FilePath.exists().
• Added summary models for org.apache.commons.io.IOUtils.toByteArray.
• Java build-mode none analyses now only report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.