|
17 | 17 | you know what to do). |
18 | 18 | --> |
19 | 19 |
|
| 20 | +## Release 2.16.3 (2024-02-22) |
| 21 | + |
| 22 | +### Security patches |
| 23 | + |
| 24 | +- Fixes CVE-2024-25129, a limited data exfiltration vulnerability that |
| 25 | + could be triggered by untrusted databases or QL packs. See the |
| 26 | + [security advisory](https://github.com/github/codeql-cli-binaries/security/advisories/GHSA-gf8p-v3g3-3wph) |
| 27 | + for more information. |
| 28 | + |
| 29 | +### New Features |
| 30 | + |
| 31 | +- A new extractor option has been added to the Python extractor. |
| 32 | + Set the new extractor option `python_executable_name` or the environment variable |
| 33 | + `CODEQL_EXTRACTOR_PYTHON_OPTION_PYTHON_EXECUTABLE_NAME` to one of `py`, `python` or `python3` |
| 34 | + to override the default Python executable search and selection behavior of the Python extractor. |
| 35 | + For example, on Windows machines, the Python extractor will expect to find `py.exe` on the |
| 36 | + system `PATH` by default. Setting this extractor option or environment variable allows |
| 37 | + overriding this behavior to look for a different name like `python` or `python3`. |
| 38 | + More detail can be found in [the extractor option documentation](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/extractor-options). |
| 39 | + |
| 40 | +### Bugs fixed |
| 41 | + |
| 42 | +- Fixed a bug where CodeQL may produce an invalid database when it exhausts |
| 43 | + all available ID numbers. Now it detects the condition and reports an |
| 44 | + error instead. |
| 45 | + |
20 | 46 | ## Release 2.16.2 (2024-02-12) |
21 | 47 |
|
22 | 48 | - There are no user-facing changes in this release. |
|
99 | 125 |
|
100 | 126 | - Fixed an issue where CodeQL would sometimes incorrectly report that no files |
101 | 127 | were scanned when running on Windows. |
102 | | - This affected the human-readable summary produced by `codeql database analyze` |
| 128 | + This affected the human-readable summary produced by `codeql database analyze` |
103 | 129 | and `codeql database interpret-results`, but did not impact the file coverage |
104 | 130 | information produced in the SARIF output and displayed on the tool status page. |
105 | 131 | - When analyzing Swift codebases, CodeQL build tracing will now ignore the |
|
0 commit comments