CodeQL 2.16.1 is now available to users of GitHub code scanning on github.com, and all new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older can upgrade their CodeQL version.
Important changes in this release include:
Swift 5.9.2 is now supported.
We added a new query for Swift, swift/weak-password-hashing, to detect the use of inappropriate hashing algorithms for password hashing and a new query for Java, java/exec-tainted-environment, to detect the injection of environment variables names or values from remote input.
We improved the tracking of flows from handler methods of a PageModel class to the corresponding Razor Page (.cshtml) file, which may result in additional alerts from some queries.
JavaScript now supports doT templates and Go added support for AWS Lambda functions and fasthttp framework.
In the previous version, 2.16.0, we announced that we will update the way we measure the number of scanned files in the Code Scanning UI. This change is now live for JavaScript/TypeScript, Python, Ruby, Swift, and C#.
For a full list of changes, please refer to the complete changelog for version 2.16.1.