diff --git a/CHANGELOG.md b/CHANGELOG.md index a636b80..0e93e38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,51 @@ you know what to do). --> +## Release 2.25.2 (2026-04-15) + +### Miscellaneous + +- The build of Eclipse Temurin OpenJDK that is used to run the CodeQL + CLI has been updated to version 21.0.10. + +## Release 2.25.1 (2026-03-27) + +### Bug Fixes + +- Fixed a bug where extraction could fail on YAML files containing emoji. + +### Miscellaneous + +- Upgraded snakeyaml (which is a dependency of jackson-dataformat-yaml) from 2.3 to 2.6. + +## Release 2.25.0 (2026-03-19) + +### Breaking Changes + +- `codeql database interpret-results` and `codeql database analyze` no longer attempt to reconstruct file baseline information from databases created with CLI versions before 2.11.2. + +### Bug Fixes + +- Upgraded Jackson library from 2.16.1 to 2.18.6 to address a high-severity denial of service vulnerability (GHSA-72hv-8253-57qq) in jackson-core's async JSON parser. +- Upgraded snakeyaml (which is a dependency of jackson-dataformat-yaml) from 2.2 to 2.3. + +## Release 2.24.4 (2026-03-16) + +This release was skipped. + +## Release 2.24.3 (2026-03-05) + +### Bug Fixes + +- Fixed a race condition that could cause flaky failures in overlay CodeQL tests. Test extraction now skips `*.testproj` directories by name, preventing interference from concurrently cleaned-up test databases. +- Fixed spurious "OOPS" warnings that could appear in help output for commands using mutually exclusive option groups, such as `codeql query run`. + +## Release 2.24.2 (2026-02-20) + +### Bug Fixes + +- Fixed SARIF output to generate RFC 1738 compatible file URIs. File URIs now always use the `file:///` format instead of `file:/` for better interoperability with SARIF consumers. + ## Release 2.24.1 (2026-02-05) ### Miscellaneous @@ -82,7 +127,7 @@ This release was skipped. } ``` - The `--permissive` option was removed, as under some circumstances it would break the extractor's ability to parse valid C++ code. When calling the extractor directly, + The `--permissive` option was removed, as under some circumstances it would break the extractor's ability to parse valid C++ code. When calling the extractor directly, `--permissive` should no longer be passed. The above code will fail to parse, and we recommend the code being made `const`-correct. @@ -231,7 +276,7 @@ This release was skipped. - On macOS the `CODEQL_TRACER_RELOCATION_EXCLUDE` environment variable can now be used to exclude certain paths from the tracer relocation and tracing process. This environment variable accepts newline-separated regex patterns of binaries - to be excluded. + to be excluded. ## Release 2.20.7 (2025-03-18)