codeql/java/ql/src/change-notes/released/1.7.0.md at codeql-cli/v2.24.0 · github/codeql · GitHub

15 lines (9 loc) · 979 Bytes

1.7.0

New Queries

The query java/insecure-spring-actuator-config has been promoted from experimental to the main query pack as java/spring-boot-exposed-actuators-config. Its results will now appear by default. This query detects exposure of Spring Boot actuators through configuration files. It was originally submitted as an experimental query by @luchua-bc.

Query Metadata Changes

The tag maintainability has been removed from java/run-finalizers-on-exit and the tags quality, correctness, and performance have been added.
The tag maintainability has been removed from java/garbage-collection and the tags quality and correctness have been added.

Minor Analysis Improvements

Fixed a bug that was causing false negatives in rare cases in the query java/dereferenced-value-may-be-null.
Removed the java/empty-statement query that was subsumed by the java/empty-block query.