tag:github.com,2008:https://github.com/github/codeql-cli-binaries/releases 2026-06-04T11:03:17Z tag:github.com,2008:Repository/215263010/v2.25.6 2026-06-04T11:04:24Z <h3>Improvements</h3> <ul> <li>When the <code>git</code> executable is available, CodeQL can now obtain configuration and queries from SHA-256 Git repositories, and infer Git metadata about them.</li> </ul> <h3>Miscellaneous</h3> <ul> <li>The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version 21.0.11.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.25.6"><code>github/codeql@codeql-cli/v2.25.6</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.25.5 2026-05-22T10:33:40Z <h2>Release 2.25.5 (2026-05-21)</h2> <ul> <li>There are no user-facing changes in this release.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.25.5"><code>github/codeql@codeql-cli/v2.25.5</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.25.4 2026-05-07T14:05:46Z <ul> <li>There are no user-facing changes in this release.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.25.4"><code>github/codeql@codeql-cli/v2.25.4</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.25.3 2026-05-01T12:07:16Z <h3>Improvements</h3> <ul> <li>The <code>codeql database finalize</code> command now accepts the <code>--working-dir</code><br> flag. When specified, any extractor pre-finalize scripts will be run in<br> that directory. If the flag is not used, the scripts will run in the source<br> root directory (maintaining existing behavior). The flag will also be<br> automatically passed through when running the higher-level<br> <code>codeql database create</code> command.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.25.3"><code>github/codeql@codeql-cli/v2.25.3</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.25.2 2026-04-15T10:45:34Z <h3>Miscellaneous</h3> <ul> <li>The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version 21.0.10.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.25.2"><code>github/codeql@codeql-cli/v2.25.2</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.25.1 2026-03-27T09:48:38Z <h2>Release 2.25.1 (2026-03-27)</h2> <h3>Bug Fixes</h3> <ul> <li>Fixed a bug where extraction could fail on YAML files containing emoji.</li> </ul> <h3>Miscellaneous</h3> <ul> <li>Upgraded snakeyaml (which is a dependency of jackson-dataformat-yaml) from 2.3 to 2.6.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.25.1"><code>github/codeql@codeql-cli/v2.25.1</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.25.0 2026-03-19T12:16:17Z <h2>Release 2.25.0 (2026-03-19)</h2> <h3>Breaking Changes</h3> <ul> <li><code>codeql database interpret-results</code> and <code>codeql database analyze</code> no longer attempt to reconstruct file baseline information from databases created with CLI versions before 2.11.2.</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Upgraded Jackson library from 2.16.1 to 2.18.6 to address a high-severity denial of service vulnerability (<a title="GHSA-72hv-8253-57qq" data-hovercard-type="advisory" data-hovercard-url="/advisories/GHSA-72hv-8253-57qq/hovercard" href="https://github.com/advisories/GHSA-72hv-8253-57qq">GHSA-72hv-8253-57qq</a>) in jackson-core's async JSON parser.</li> <li>Upgraded snakeyaml (which is a dependency of jackson-dataformat-yaml) from 2.2 to 2.3.</li> </ul> <h2>Release 2.24.4 (2026-03-16)</h2> <p>This release was skipped.</p> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.25.0"><code>github/codeql@codeql-cli/v2.25.0</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.24.3 2026-03-05T16:13:02Z <h2>Release 2.24.3 (2026-03-05)</h2> <h3>Bug Fixes</h3> <ul> <li>Fixed a race condition that could cause flaky failures in overlay CodeQL tests. Test extraction now skips <code>*.testproj</code> directories by name, preventing interference from concurrently cleaned-up test databases.</li> <li>Fixed spurious "OOPS" warnings that could appear in help output for commands using mutually exclusive option groups, such as <code>codeql query run</code>.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.24.3"><code>github/codeql@codeql-cli/v2.24.3</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.24.2 2026-02-20T11:23:39Z <h3>Bug Fixes</h3> <ul> <li>Fixed SARIF output to generate RFC 1738 compatible file URIs. File URIs now always use the <code>file:///</code> format instead of <code>file:/</code> for better interoperability with SARIF consumers.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.24.2"><code>github/codeql@codeql-cli/v2.24.2</code></a>.</p> codeql-ci tag:github.com,2008:Repository/215263010/v2.24.1 2026-02-05T15:58:04Z <h3>Miscellaneous</h3> <ul> <li>The vulnerable xwork-core 2.3.37 test dependency (<a title="CVE-2025-68493" data-hovercard-type="advisory" data-hovercard-url="/advisories/GHSA-qcfc-hmrc-59x7/hovercard" href="https://github.com/advisories/GHSA-qcfc-hmrc-59x7">CVE-2025-68493</a>) has been removed. The CodeQL Java library has been updated to support both legacy Struts 2.x-6.x package names and Struts 7.x package names for analyzing user code.</li> </ul> <p>For more information about the changes included in this release, see the <a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">CodeQL CLI changelog</a>.</p> <p>You can download <em>either</em> the <code>codeql-PLATFORM.zip</code> for your platform, <em>or</em> the generic <code>codeql.zip</code> which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the <code>.zip</code> artifacts.</p> <p>This release is compatible with the CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.24.1"><code>github/codeql@codeql-cli/v2.24.1</code></a>.</p> codeql-ci