CodeQL 2.16.1 is now available to users of GitHub code scanning on github.com, and all new functionality will also be included in GHES 3.13. Users of GHES 3.12 or older can upgrade their CodeQL version.
Important changes in this release include:
5.9.2 is now supported.
We added a new query for Swift,
swift/weak-password-hashing, to detect the use of inappropriate hashing algorithms for password hashing and a new query for Java,
java/exec-tainted-environment, to detect the injection of environment variables names or values from remote input.
We improved the tracking of flows from handler methods of a
PageModel class to the corresponding Razor Page (
.cshtml) file, which may result in additional alerts from some queries.
In the previous version,
For a full list of changes, please refer to the complete changelog for version 2.16.1.