- The "non-constant format string" query (
cpp/non-constant-format) has been converted to apath-problemquery. - The new C/C++ dataflow and taint-tracking libraries (
semmle.code.cpp.dataflow.new.DataFlowandsemmle.code.cpp.dataflow.new.TaintTracking) now implicitly assume that dataflow and taint modelled viaDataFlowFunctionandTaintFunctionalways fully overwrite their buffers and thus act as flow barriers. As a result, many dataflow and taint-tracking queries now produce fewer false positives. To remove this assumption and go back to the previous behavior for a given model, one can override the newisPartialWritepredicate.