Skip to content

v2.20.3

Latest
Compare
Choose a tag to compare
@codeql-ci codeql-ci released this 24 Jan 15:51

Security Updates

  • Resolves a security vulnerability where CodeQL databases or logs produced by the CodeQL CLI may contain the environment variables from the time of
    database creation. This includes any secrets stored in an environment variables. For more information, see the
    CodeQL CLI security advisory.

    All users of CodeQL should follow the advice in the CodeQL advisory mentioned above or upgrade to this version or a later version of CodeQL.

    If you are using the CodeQL Action, also see the related CodeQL Action security advisory.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.20.3.