CodeQL version 2.19.0 has been released and has now been rolled out to code scanning users on GitHub.com. CodeQL is the static analysis engine that powers GitHub code scanning.
Important changes by version include:
- CodeQL 2.18.2
- Support for scanning Java codebases without needing a build is generally available.
- The Python
py/cookie-injection
query, which finds instances of cookies being constructed from user input, is now part of the main query pack. - One new query for Ruby
rb/weak-sensitive-data-hashing
, to detect cases where sensitive data is hashed using a weak cryptographic hashing algorithm.
- CodeQL 2.18.3
- New C# models for local sources from
System.IO.Path.GetTempPath
andSystem.Environment.GetFolderPath
.
- New C# models for local sources from
- CodeQL 2.18.4
- Support for scanning C# codebases without needing a build is generally available.
- Support for Go 1.23.
- CodeQL 2.19.0
- Support for TypeScript 5.6.
- One new query for JavaScript
js/actions/actions-artifact-leak
to detect GitHub Actions artifacts that may leak theGITHUB_TOKEN
token. - A 13.7% evaluator speed improvement over CodeQL
2.17.0
release.
For a full list of changes, please refer to the complete changelog for versions 2.18.2, 2.18.3, 2.18.4 and 2.19.0.
All new functionality from 2.18.Z
releases will be included in GHES 3.15, while functionality from 2.19.0
will be included in GHES 3.16. If you use GHES 3.14 or older, you can upgrade your CodeQL version.