Breaking changes

• The --permissive command line option has been removed from the C/C++ extractor, and passing the option will make the extractor fail. When calling the extractor directly, --permissive should no longer be passed.

Bugs fixed

• Fixed a bug that made many codeql subcommands fail with the message not in while, until, select, or repeat loop on Linux or macOS systems where /bin/sh is zsh.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.3.

New features

• CodeQL Go analysis now supports the "Git Source" type for private package registries. This is in addition to the existing support for the "GOPROXY server" type.

Fixes

• The codeql generate query-help command now prepends the query's name (taken from the .ql file) as a level-one heading when processing markdown query help, for consistency with help generated from a .qhelp file.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.2.

Release 2.23.1 (2025-09-23)

New features

• CodeQL now adds the sources and sinks of path alerts to the relatedLocations
  property of SARIF results if they are not included as the primary location or
  within the alert message. This means that path alerts will show on PRs if a
  source or sink is added or modified, even for queries that don't follow the
  common convention of selecting the sink as the primary location and mentioning
  the source in the alert message.

• CodeQL now populates file coverage information for GitHub Actions on
  the tool status page for code scanning.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.1.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is used to run the CodeQL
  CLI has been updated to version 21.0.8.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.0.

There are no user-facing CLI changes in this release.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.22.4.

New features

• The codeql database cleanup command now takes the --cache-cleanup=overlay option, which trims the cache to just the data that will be useful when evaluating against an overlay.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.22.3.

Bug fix

• Fixes a bug in query suites where the version property of an import instruction was ignored.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.22.2.

New features

• Rust language support is now in public preview.

Miscellaneous

• The version of jgit used by the CodeQL CLI has been updated to 6.10.1.202505221210-r.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.22.1.

Breaking changes

• A number of breaking changes have been made to the C and C++ CodeQL test environment as used by codeql test run.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.22.0.

Deprecations

• The clang_vector_types, clang_attributes, and flax-vector-conversions command
  line options have been removed from the C/C++ extractor. These options were introduced
  as workarounds to frontend limitations in earlier versions of the extractor and are
  no longer needed when calling the extractor directly.

Miscellaneous

• The build of Eclipse Temurin OpenJDK that is used to run the CodeQL
  CLI has been updated to version 21.0.7.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.21.4.