Security Updates
-
Resolves a security vulnerability where CodeQL databases or logs produced by the CodeQL CLI may contain the environment variables from the time of
database creation. This includes any secrets stored in an environment variables. For more information, see the
CodeQL CLI security advisory.All users of CodeQL should follow the advice in the CodeQL advisory mentioned above or upgrade to this version or a later version of CodeQL.
If you are using the CodeQL Action, also see the related CodeQL Action security advisory.
For more information about the changes included in this release, see the CodeQL CLI changelog.
You can download either the codeql-PLATFORM.zip
for your platform, or the generic codeql.zip
which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip
artifacts.
This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.20.3
.