Skip to content

Releases: github/codeql-action

v3.35.4

Choose a tag to compare

@codeql-action-automation codeql-action-automation released this 08 May 06:21
Immutable release. Only release title and notes can be modified.
7fd177f
  • Update default CodeQL bundle version to 2.25.4. #3881

v4.35.4

Choose a tag to compare

@codeql-action-automation codeql-action-automation released this 07 May 15:54
Immutable release. Only release title and notes can be modified.
68bde55
  • Update default CodeQL bundle version to 2.25.4. #3881

CodeQL Bundle v2.25.4

Choose a tag to compare

@codeql-ci codeql-ci released this 07 May 12:47
Immutable release. Only release title and notes can be modified.
bc0b696

Bundles CodeQL CLI v2.25.4

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.25.4:

v4.35.3

Choose a tag to compare

@codeql-action-automation codeql-action-automation released this 01 May 14:06
Immutable release. Only release title and notes can be modified.
e46ed2c
  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865

v3.35.3

Choose a tag to compare

@codeql-action-automation codeql-action-automation released this 01 May 14:44
Immutable release. Only release title and notes can be modified.
0daab03
  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865

CodeQL Bundle v2.25.3

Choose a tag to compare

@codeql-ci codeql-ci released this 30 Apr 15:29
Immutable release. Only release title and notes can be modified.
7851e55

Bundles CodeQL CLI v2.25.3

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.25.3:

v4.35.2

Choose a tag to compare

@codeql-action-automation codeql-action-automation released this 15 Apr 11:24
Immutable release. Only release title and notes can be modified.
95e58e9
  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

v3.35.2

Choose a tag to compare

@codeql-action-automation codeql-action-automation released this 15 Apr 11:53
Immutable release. Only release title and notes can be modified.
ce64ddc
  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

CodeQL Bundle v2.25.2

Choose a tag to compare

@codeql-ci codeql-ci released this 15 Apr 09:37
Immutable release. Only release title and notes can be modified.
6521697

Bundles CodeQL CLI v2.25.2

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.25.2:

v4.35.1

Choose a tag to compare

@codeql-action-automation codeql-action-automation released this 27 Mar 16:10
Immutable release. Only release title and notes can be modified.
c10b806