Skip to content

v2.18.0
Compare
Choose a tag to compare
@codeql-ci codeql-ci released this 11 Jul 09:26
· 23 commits to main since this release
v2.18.0
5c3e369
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Breaking changes

  • A number of breaking changes have been made to the C and C++ CodeQL
    test environment as used by codeql test run:

    • The test environment no longer defines any GNU-specific builtin
      macros. If these macros are still needed by a test, please define
      them via semmle-extractor-options.

    • The --force-recompute option is no longer directly supported by
      semmle-extractor-options. Instead, --edg --force-recompute
      should be specified.

    • The --gnu_version and --microsoft_version options that can be
      specified via semmle-extractor-options are now synonyms, and only
      one should be specified as part of semmle-extractor-options.
      Furthermore, is also no longer possible to specify these options
      via the following syntax.

      • --edg --gnu_version --edg <version number>, and
      • --edg --microsoft_version --edg <version number>

      The shorter --gnu_version <version number> and
      --microsoft_version <version number> should be used.

  • The --build_error_dir and --predefined_macros command line options
    have been removed from the C/C++ extractor. It has never been possible
    to pass these options through the CLI, but some customers with advanced
    setups may have been passing them through internal undocumented interfaces.
    Passing the option --build_error_dir did not have any effect, and it
    is safe to remove the option. The --predefined_macros option should
    have been unnecessary, as long as the extractor was invoked with the
    --mimic option.

Regressions

  • Compilation of QL queries is about 30% slower than in previous releases. This
    only affects users who write custom queries, and only at compilation time, not
    at run time. This regression will be fixed in the upcoming 2.18.1 release.

Improvements

  • Introduced the --include-logs option to the codeql database bundle
    command. This new feature allows users to include logs in the generated
    database bundle, allowing for a more complete treatment of the bundle, and
    bringing the tool capabilities up-to-speed with the documentation.
  • Extract .xsaccess, *.xsjs and *.xsjslib files for SAP HANA XS as
    Javascript.

Bugs fixed

  • Where a MacOS unsigned binary cannot be signed, CodeQL will now continue
    trying to trace compiler invocations created by that process and its
    children. In particular this means that Bazel builds on MacOS are now
    traceable.
  • Fixed a bug where test discovery would fail if there is a syntax error in a
    qlpack file. Now, a warning message will be printed and discovery will
    continue.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.18.0.

Assets 9
Loading