v2.6.0

The bundled extractors are updated to match the versions currently used on LGTM.com. These are newer than the last release (1.27) of LGTM Enterprise. If you plan to upload databases to an LGTM Enterprise 1.27 instance, you need to create them with release 2.4.6.

Bugs fixed

• The physicalLocation.artifactLocation.uri fields in SARIF output are now properly encoded as specified by RFC 3986.

• The --include-extension option to the codeql database index-files command no longer includes directories that are named with the provided extension. For example, if the option --include-extension=.rb is provided, then a directory named foo.rb/ will be excluded from the indexing.

New features

• A new codeql database unbundle subcommand performs the reverse of codeql database bundle and extracts a CodeQL database from an archive.

• The CLI now understands per-codebase configuration files in the format already supported by the CodeQL Action.

• The CLI now supports the "sandwiched tracing" feature that has previously only been offered through the separate CodeQL Runner. This feature is intended for use with CI systems that cannot be configured to wrap build actions with codeql database trace-command.

• This version contains beta support for a new packaging and publishing system for third-party QL queries and libraries.

For more information about these new features, see the CodeQL CLI changelog.

You can download either the codeql-PLATFORM.zip for your platform, or the generic codeql.zip which contains binaries for all supported platforms. Please ignore the additional "source code" downloads below the .zip artifacts.