• The GitHub Actions analysis now recognizes more Bash regex checks that restrict a value to alphanumeric characters, include regexes like ^[0-9a-zA-Z]{40}([0-9a-zA-Z]{24})?$ which check for a sha1 or sha256 hash. This may reduce false positive results where command output is validated with grouped or optional alphanumeric patterns before being used.

• Altered 2 patterns in the poisonable_steps modelling. Extra sinks are detected in the following cases: scripts executed via python modules and go run in directories are detected as potential mechanisms of injection. For the go execution pattern, the pattern is updated to now ignore flags that occur between go and the specific command. This change may lead to more results being detected by the following queries: actions/untrusted-checkout/high, actions/untrusted-checkout/critical, actions/untrusted-checkout-toctou/high, actions/untrusted-checkout-toctou/critical, actions/cache-poisoning/poisonable-step, actions/cache-poisoning/direct-cache and actions/artifact-poisoning/path-traversal.

No user-facing changes.

• Removed false positive injection sink models for the context input of docker/build-push-action and the allowed-endpoints input of step-security/harden-runner.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

• Fixed a crash when analysing a ${{ ... }} expression over around 300 characters in length.

• The query actions/code-injection/medium has been updated to include results which were incorrectly excluded while filtering out results that are reported by actions/code-injection/critical.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

• The actions/artifact-poisoning/critical and actions/artifact-poisoning/medium queries now exclude artifacts downloaded to $[{ runner.temp }} in addition to /tmp.

• Fixed performance issues in the parsing of Bash scripts in workflow files, which led to out-of-disk errors when analysing certain workflow files with complex interpolations of shell commands or quoted strings.

No user-facing changes.

No user-facing changes.

No user-facing changes.

No user-facing changes.

• CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.

• The query actions/code-injection/medium now produces alerts for injection vulnerabilities on pull_request events.

No user-facing changes.

No user-facing changes.

• The "Unpinned tag for a non-immutable Action in workflow" query (actions/unpinned-tag) now supports expanding the trusted action owner list using data extensions (extensible: trustedActionsOwnerDataModel). If you trust an Action publisher, you can include the owner name/organization in a model pack to add it to the allow list for this query. This addition will prevent security alerts when using unpinned tags for Actions published by that owner. For more information on creating a model pack, see Creating a CodeQL Model Pack.

• Fixed data for vulnerable versions of actions/download-artifact and rlespinasse/github-slug-action (following GHSA-cxww-7g56-2vh6 and GHSA-6q4m-7476-932w).
• Improved untrustedGhCommandDataModel regex for gh pr view and Bash taint analysis in GitHub Actions.

No user-facing changes.

• Initial public preview release