v2.19.2

Release 2.19.2 (2024-10-21)

Potentially breaking changes

• The Python extractor will no longer extract the standard library by default, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. It will for a while be possible to force extraction of the standard library by setting the environment variable CODEQL_EXTRACTOR_PYTHON_EXTRACT_STDLIB to 1.

Bugs fixed

• The 2.19.1 release contained a bug in the query evaluator that under rare conditions could lead to wrong alerts or resource exhaustion. Although we have never seen the problem outside of internal testing, we encourage users on 2.19.1 to upgrade to 2.19.2.

Miscellaneous

• The database relation sourceLocationPrefix is changed for databases created with
  codeql test run. Instead of containing the path of the enclosing qlpack, it now
  contains the actual path of the test, similar to if one had run codeql database create
  on the test folder. For example, for a test such as
  <checkout>/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.qlref we now populate
  sourceLocationPrefix with <checkout>/cpp/ql/test/query-tests/Security/CWE/CWE-611/
  instead of <checkout>/cpp/ql/test/. This change typically impacts calls to
  File.getRelativePath(), and may as a result change the expected test output.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.19.2.