CodeQL adds support for Java 24 and other improvements in version 2.20.6

CodeQL is the static analysis engine behind GitHub code scanning, which finds and remediates security issues in your code. We’ve recently released CodeQL 2.20.6, which brings support for a new version of Java and a variety of other improvements that improve the accuracy of your code scanning results:

Java

  • CodeQL now supports Java version 24
  • We’ve improved the accuracy of the (java/xss) query when javax.servlet.http.HttpServletResponse is used without an exploitable content type

JavaScript / TypeScript

  • We’ve added support for the response threat model, which can be enabled with advanced setup. When enabled, the response data coming back from an outgoing HTTP request is considered a tainted source.
  • We’ve improved the precision of data flow through arrays and call resolution logic, both resulting in improved analysis results

C/C++

  • We’ve improved the accuracy of the cpp/static-buffer-overflow query, resulting in improved results

C#

  • We’ve improved the precision of the cs/call-to-object-tostring query, resulting in improved analysis results

GitHub Actions (Public Preview)

  • We’ve removed the query actions/unversioned-immutable-action from the public suite of queries, which will close any alerts triggered from it

For a full list of changes, please refer to the complete changelog for version 2.20.6. Every new version of CodeQL is automatically deployed to users of GitHub code scanning on GitHub.com. The new functionality in CodeQL 2.20.6 will also be included in GitHub Enterprise Server (GHES) version 3.17. If you use an older version of GHES, you can manually upgrade your CodeQL version.

GitHub Enterprise Server 3.16 is now generally available

GitHub Enterprise Server 3.16 enhances deployment efficiency, monitoring capabilities, code security, and policy management. Here are a few highlights in the 3.16 release:

  • The reliability, observability, and efficiency of ghe-config-apply have been improved. As a result, you may experience reduced downtime when ghe-config-apply is run.

  • The monitor dashboard has been optimized with concise, actionable metrics, providing a quick overview of the appliance’s operational health. For more details, see the monitor dashboard.

  • When reviewing code security configurations, you can now filter repositories more easily with new options that sort by the status of specific GHAS features. For more details, see new advanced filters for code security configurations.

  • You can now apply code security configurations to archived repositories, simplifying rollouts and ensuring features like Dependabot, code scanning, and secret scanning are automatically reapplied if a repository is unarchived. Additionally, you can now create and manage code security settings at the enterprise level, reducing repetitive setup at the organization level. For more details, see enterprise-level code security configurations.

  • Monitor prevention metrics alongside detection and remediation metrics for Dependabot and GitHub Advanced Security features, including secret scanning and code scanning. This expanded visibility is now available in the enhanced security overview dashboard at both the organization and enterprise levels. For more information, see enhanced security overview dashboard.

  • Organization owners can now allow their users to set custom properties during repository creation. This ensures appropriate rules are enforced from the moment of creation and improves discoverability of new repositories. For more information, see custom properties.

  • Organization owners can now configure policies to restrict the usage of deploy keys across all the repositories of your organizations, giving you more control and greater security over your deploy keys. For more information, see enforcing a policy for deploy keys.

To learn more about GHES 3.16, check out the release notes or download it now. If you have any issues upgrading to version 3.16 or experience any issues using these new features, please contact our support team.

Join the community discussion to share your feedback and ask questions.

See more

Quick Action Tasks is now generally available in the GitHub Models playground

You can now use Quick Action Tasks in the GitHub Models playground . This is a new feature that streamlines your experimentation process by helping you choose faster or more cost-effective models, and even includes sources in your responses. This allows you to find the model that best fits your goals, whether you prioritize speed, cost-efficiency, or clarity of information.

Try it out today and take your experimentation to the next level!

GitHub Models makes it easy for every developer to build AI features and products on GitHub.

To learn more about GitHub Models, check out the docs. You can also join our community discussions.

See more
View all changes