v2.14.4

Known Issue

• The Javascript extractor may, in specific cases, fail with StringIndexOutOfBoundsException. Users affected by this bug should temporarily downgrade to 2.14.3 until a new 2.14.5 release becomes available.

Potentially breaking changes

• The CodeQL CLI no longer supports the SEMMLE_JAVA_ARGS environment variable. All previous versions of the CodeQL CLI perform command substitution on the SEMMLE_JAVA_ARGS value (for example, replacing '$(echo foo)' with 'foo') when starting a new Java virtual machine, which, depending on the execution environment, may have security implications. Users are advised to check their environments for possible SEMMLE_JAVA_ARGS misuse.

New Features

• The Java extractor now supports files that use Lombok.

Bugs fixed

• codeql database init (and github/codeql-action/init@v2 on GitHub Actions) should no longer hang or crash for traced languages on 64-bit Windows machines when certain antivirus software is installed.
• During codeql pack create and codeql pack publish, a source version of a pack coming from --additional-packs can explicitly be used to override a requested pack version even if this source version is incompatible with the requested version in the pack file. Previously, this would fail with a confusing error message.
• Fixed a bug where codeql database interpret-results hangs when a path query produces a result that has no paths from source to sink.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is bundled with the CodeQL
  CLI has been updated to version 17.0.8.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.14.4.