Skip to content

Update changelog for CodeQL CLI 2.23.1 #20532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
coadaflorin merged 2 commits into from
Sep 26, 2025
Merged

Update changelog for CodeQL CLI 2.23.1 #20532

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a4f5e9a
Update changelog for CodeQL CLI 2.23.1
coadaflorin Sep 26, 2025
5a0bae2
Update changelog for CodeQL CLI 2.23.1
coadaflorin Sep 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ JavaScript/TypeScript
* Data flow is now tracked through the :code:`Promise.try` and :code:`Array.prototype.with` functions.
* Query :code:`js/index-out-of-bounds` no longer produces a false-positive when a strictly-less-than check overrides a previous less-than-or-equal test.
* The query :code:`js/remote-property-injection` now detects property injection vulnerabilities through object enumeration patterns such as :code:`Object.keys()`.
* The query "Permissive CORS configuration" (:code:`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite.
* The query "Permissive CORS configuration" (:code:`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)!
Copy link

Copilot AI Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Markdown-style link syntax [text](url) is not valid RST. Use RST link syntax instead: submitted the original experimental query <https://github.com/github/codeql/pull/14342>_ or define a separate link reference.

Suggested change
* The query "Permissive CORS configuration" (:code:`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who [submitted the original experimental query](https://github.com/github/codeql/pull/14342)!
* The query "Permissive CORS configuration" (:code:`js/cors-permissive-configuration`) has been promoted from experimental and is now part of the default security suite. Thank you to @maikypedia who submitted the original experimental query <https://github.com/github/codeql/pull/14342>__!

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Contributor Author

@coadaflorin coadaflorin Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost good, nice catch robot dude!


Python
""""""
Expand Down Expand Up @@ -126,7 +126,7 @@ Golang
""""""

* The second argument of the :code:`CreateTemp` function, from the :code:`os` package, is no longer a path-injection sink due to proper sanitization by Go.
* The query "Uncontrolled data used in path expression" (:code:`go/path-injection`) now detects sanitizing a path by adding :code:`os.PathSeparator` or :code:``\`` to the beginning.
* The query "Uncontrolled data used in path expression" (:code:`go/path-injection`) now detects sanitizing a path by adding :code:`os.PathSeparator` or ``\`` to the beginning.

Java/Kotlin
"""""""""""
Expand Down