v2.4.5

• The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.26) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.26 instance, you need to create them with release 2.3.4.

• The C/C++ extractor can now parse more Microsoft language extensions when in C++14 and C++17 mode.

• codeql database analyze now reports the name and version of each QL pack used by the analysis in the SARIF output.

• codeql github upload-results is a new command that uploads a SARIF file generated by CodeQL to GitHub's Code Scanning.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

Beware: Some (but not all) unzipper programs on Windows have problems with the zips in this release, and will ask your permission to overwrite codeql/codeql.exe by codeql/codeql. You should answer no to that.

v2.4.4

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.26) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.26 instance, you need to create them with release 2.3.4.

Potentially breaking changes

• The name property in qlpack.yml must now meet the following requirements:
  • Only lowercase ASCII letters, ASCII digits, and hyphens (-) are allowed.
  • A hyphen is not allowed as the first or last character of the name.
  • The name must be at least one character long, and no longer than 128 characters.

New features

• Alert and path queries can now give a score to each alert they produce. You can incorporate alert scores in an alert or path query by first adding the @scored property to the query metadata. You can then introduce a new numeric column at the end of the select statement structure to represent the score of each alert. Alert scores are exposed in the SARIF output of commands like codeql database analyze as the score property in the property bags of result objects.

Bugs fixed

• The default value of the --working-dir options for the index-files and trace-command subcommands of codeql database has been fixed to match the documentation; previously, it would erroneously use the process' current working directory rather than the database source root.
• codeql test run will not crash if database extraction in a test directory fails. Instead only the tests in that directory will be marked as failing, d tests in other directories will continue executing.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.4.3

This release fixes several bugs relating to searching for QL packs on disk which were introduced in release 2.4.2. It is otherwise identical to release 2.4.2.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.4.2

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.26) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.26 instance, you need to create them with release 2.3.4.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.4.1

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.26) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.26 instance, you need to create them with release 2.3.4.

• codeql query format now checks all files rather than stopping after the first failure when the --check-only option is given.

• codeql resolve database will produce a languages key giving the language the database was created for. This can be useful in IDEs to help describe the database and suggest default actions or queries. For databases created by earlier versions, the result will be a best-effort guess.

• codeql database interpret-results can now produce Graphviz .dot files from queries with @kind graph.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.3.4

This release corresponds to release 1.26.x of LGTM Enterprise, and should be used when creating databases that will be uploaded to it. Later releases (numbered 2.4.x and following) may produce databases that are not backwards compatible with this version of LGTM Enterprise.

For all purposes other than creating databases for LGTM Enterprise we recommend that you upgrade to CLI releases numbered 2.4.x or later.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.4.0

• The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.25) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.25 instance, you need to create them with release 2.2.6.

• Much of the work done by codeql database upgrade now happens implicitly (and reversibly) as part of ordinary query evaluation. This should make it much rarer to need to run codeql database upgrade explicitly, though there are still some corner cases that will require it, particularly for very old databases.

• codeql test run with a --threads argument will now compile test queries in parallel even if they belong to the same single test directory. This can speed up localized testing considerably.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.3.3

• The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.25) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.25 instance, you need to create them with release 2.2.6.

• A few minor bugs fixed.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.3.2

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.25) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.25 instance, you need to create them with release 2.2.6.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

v2.3.1

• The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.25) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.25 instance, you need to create them with release 2.2.6.

• codeql database create and codeql database init have several new options that can be used to adapt the database creation process to specialized integration situations.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.