New features

• Rust language support is now in public preview.

Miscellaneous

• The version ofjgit used by the CodeQL CLI has been updated to6.10.1.202505221210-r.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.22.1.

Breaking changes

• A number of breaking changes have been made to the C and C++ CodeQL test environment as used bycodeql test run.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.22.0.

Deprecations

• Theclang_vector_types,clang_attributes, andflax-vector-conversions command
  line options have been removed from the C/C++ extractor. These options were introduced
  as workarounds to frontend limitations in earlier versions of the extractor and are
  no longer needed when calling the extractor directly.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is used to run the CodeQL
  CLI has been updated to version 21.0.7.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.21.4.

Miscellaneous

• Windows binaries for the CodeQL CLI are now built with/guard:cf, enablingControl Flow Guard.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.21.3.

Bugs fixed

• codeql generate log-summary now correctly includesdependencies maps in predicate events forCOMPUTED_EXTENSIONAL predicates.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.21.2.

Bugs fixed

• Fixed a bug in CodeQL analysis for GitHub Actions in the presence of a code scanning configuration file containingpaths-ignore exclusion patterns but notpaths inclusion patterns.
  Previously, such a configuration incorrectly led to all YAML, HTML, JSON, and JS source files being extracted, except for those filtered bypaths-ignore. This in turn led to performance issues on large codebases. Now, only workflow and Action metadata YAML files relevant to the GitHub Actions analysis will be extracted, except for those filtered bypaths-ignore. This matches the default behavior when no configuration file is provided.
  The handling ofpaths inclusion patterns is unchanged: if provided, only those paths will be considered, except for those filtered bypaths-ignore.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.21.1.

Miscellaneous

• On macOS theCODEQL_TRACER_RELOCATION_EXCLUDE environment variable can now be used to exclude certain paths from the tracer relocation and tracing process. This environment variable accepts newline-separated regex patterns of binaries to be excluded.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.21.0.

• There are no user-facing changes in this release.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.20.7.

Miscellaneous

• The CodeQL XML extractor is now able to parse documents in a wider array of character sets.

• The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version 21.0.6.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.20.6.

Release 2.20.5 (2025-02-20)

Breaking changes

• Removed support forQlBuiltins::BigInts in theavg() aggregate.

• A number of breaking changes have been made to the C and C++ CodeQL test environment as used bycodeql test run.

For more information about the changes included in this release, see theCodeQL CLI changelog.

You can downloadeither thecodeql-PLATFORM.zip for your platform,or the genericcodeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the.zip artifacts.

This release is compatible with the CodeQL language packs fromgithub/codeql@codeql-cli/v2.20.5.