Release 2.23.8 (2025-12-10)

This release contains no CLI changes.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.8.

Release 2.23.7 (2025-12-05)

Deprecations

• The--save-cache flag tocodeql database run-queries and other commands that execute queries has been deprecated. This flag previously instructed the evaluator to aggressively write intermediate results to the disk cache, but now has no effect.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.7.

Breaking changes

• The LGTM results format for uploading to LGTM has been removed.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.6.

Breaking changes

• In order to make a@kind path-problem query diff-informed, thegetASelectedSourceLocation andgetASelectedSinkLocation predicates in the dataflow configuration now need to be overridden to always return the location of the source/sinkin addition to any other locations that are selected by the query. See theQLdoc for more details.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.5.

Breaking changes

• The--permissive command line option has been removed from the C/C++ extractor, and passing the option will make the extractor fail. When calling the extractor directly,--permissive should no longer be passed.

Bugs fixed

• Fixed a bug that made manycodeql subcommands fail with the messagenot in while, until, select, or repeat loop on Linux or macOS systems where/bin/sh iszsh.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.3.

New features

• CodeQL Go analysis now supports the "Git Source" type forprivate package registries. This is in addition to the existing support for the "GOPROXY server" type.

Fixes

• Thecodeql generate query-help command now prepends the query's name (taken from the.ql file) as a level-one heading when processing markdown query help, for consistency with help generated from a.qhelp file.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.2.

Release 2.23.1 (2025-09-23)

New features

• CodeQL now adds the sources and sinks of path alerts to therelatedLocations
  property of SARIF results if they are not included as the primary location or
  within the alert message. This means that path alerts will show on PRs if a
  source or sink is added or modified, even for queries that don't follow the
  common convention of selecting the sink as the primary location and mentioning
  the source in the alert message.

• CodeQL now populates file coverage information for GitHub Actions on
  the tool status page for code scanning.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.1.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is used to run the CodeQL
  CLI has been updated to version 21.0.8.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.23.0.

There are no user-facing CLI changes in this release.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.22.4.

New features

• Thecodeql database cleanup command now takes the--cache-cleanup=overlay option, which trims the cache to just the data that will be useful when evaluating against an overlay.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.22.3.