Skip to content

Releases: github/codeql-cli-binaries

v2.24.3

05 Mar 16:13
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.24.3
f467d25
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.24.3 Latest
Latest

Release 2.24.3 (2026-03-05)

Bug Fixes

  • Fixed a race condition that could cause flaky failures in overlay CodeQL tests. Test extraction now skips *.testproj directories by name, preventing interference from concurrently cleaned-up test databases.
  • Fixed spurious "OOPS" warnings that could appear in help output for commands using mutually exclusive option groups, such as codeql query run.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.24.3.

Assets 10
Loading

v2.24.2

20 Feb 11:23
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.24.2
f4e1dee
This commit was signed with the committer’s verified signature.
mbg Michael B. Gale
GPG key ID: FF5E2765BD00628F
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.24.2

Bug Fixes

  • Fixed SARIF output to generate RFC 1738 compatible file URIs. File URIs now always use the file:/// format instead of file:/ for better interoperability with SARIF consumers.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.24.2.

Loading

v2.24.1

05 Feb 15:58
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.24.1
3f1fd5f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.24.1

Miscellaneous

  • The vulnerable xwork-core 2.3.37 test dependency (CVE-2025-68493) has been removed. The CodeQL Java library has been updated to support both legacy Struts 2.x-6.x package names and Struts 7.x package names for analyzing user code.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.24.1.

Loading

v2.24.0

26 Jan 12:45
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.24.0
6866fd9

Choose a tag to compare

View all tags
v2.24.0

Release 2.24.0 (2026-01-26)

Miscellaneous

  • The OWASP Java HTML Sanitizer library used by the CodeQL CLI for internal documentation generation commands has been updated to version 20260102.1.
  • The build of Eclipse Temurin OpenJDK that is used to run the CodeQL CLI has been updated to version 21.0.9.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.24.0.

Loading

v2.23.9

09 Jan 17:33
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.23.9
fe40a78

Choose a tag to compare

View all tags
v2.23.9

Release 2.23.9 (2026-01-09)

Deprecations

  • Support for Kotlin version 1.6 and 1.7 has been deprecated and will be removed from CodeQL version 2.24.1. Starting with version 2.24.1, users will need to use Kotlin version >= 1.8 to extract Kotlin databases.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.9.

Loading

v2.23.8

11 Dec 16:35
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.23.8
998e37c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.23.8

Release 2.23.8 (2025-12-10)

This release contains no CLI changes.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.8.

Loading

v2.23.7

05 Dec 14:28
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.23.7
2dd2c45
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.23.7

Release 2.23.7 (2025-12-05)

Deprecations

  • The --save-cache flag to codeql database run-queries and other commands that execute queries has been deprecated. This flag previously instructed the evaluator to aggressively write intermediate results to the disk cache, but now has no effect.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.7.

Loading

v2.23.6

24 Nov 08:41
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.23.6
7fa2614
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.23.6

Breaking changes

  • The LGTM results format for uploading to LGTM has been removed.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.6.

Loading

v2.23.5

13 Nov 20:58
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.23.5
f66af53
This commit was signed with the committer’s verified signature.
mbg Michael B. Gale
GPG key ID: FF5E2765BD00628F
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v2.23.5

Breaking changes

  • In order to make a @kind path-problem query diff-informed, the getASelectedSourceLocation and getASelectedSinkLocation predicates in the dataflow configuration now need to be overridden to always return the location of the source/sink in addition to any other locations that are selected by the query. See the QLdoc for more details.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.5.

Loading

v2.23.3

17 Oct 13:22
@codeql-ci codeql-ci
Immutable release. Only release title and notes can be modified.
v2.23.3
05e07ac

Choose a tag to compare

View all tags
v2.23.3

Breaking changes

  • The --permissive command line option has been removed from the C/C++ extractor, and passing the option will make the extractor fail. When calling the extractor directly, --permissive should no longer be passed.

Bugs fixed

  • Fixed a bug that made many codeql subcommands fail with the message not in while, until, select, or repeat loop on Linux or macOS systems where /bin/sh is zsh.

For more information about the changes included in this release, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.

This release is compatible with the CodeQL language packs from github/codeql@codeql-cli/v2.23.3.

Loading