Skip to content

v2.9.3

Compare
Choose a tag to compare
@mavasani mavasani released this 06 Jun 21:23
7f096af

Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains bug fixes on top of v2.9.2 release.

Works with VS 2017.9 or later.

Added

  • Security
    • CA2321: Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
    • CA2322: Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
    • CA5366: Use XmlReader For DataSet Read Xml -- Enabled by default
    • CA5369: Use XmlReader For Deserialize -- Enabled by default
    • CA5370: Use XmlReader For Validating Reader -- Enabled by default
    • CA5371: Use XmlReader For Schema Read -- Enabled by default
    • CA5372: Use XmlReader For XPathDocument -- Enabled by default
    • CA5373: Do not use obsolete key derivation function -- Enabled by default
    • CA5374: Do Not Use XslTransform -- Enabled by default
    • CA5375: Do Not Use Account Shared Access Signature
    • CA5376: Use SharedAccessProtocol HttpsOnly -- Enabled by default
    • CA5377: Use Container Level Access Policy -- Enabled by default
    • CA5378: Do not disable ServicePointManagerSecurityProtocols -- Enabled by default
    • CA5379: Do Not Use Weak Key Derivation Function Algorithm -- Enabled by default
    • CA5380: Do Not Add Certificates To Root Store -- Enabled by default
    • CA5381: Ensure Certificates Are Not Added To Root Store -- Enabled by default
    • CA5382: Use Secure Cookies In ASP.Net Core
    • CA5383: Ensure Use Secure Cookies In ASP.Net Core
    • CA5384: Do Not Use Digital Signature Algorithm (DSA) -- Enabled by default
    • CA5385: Use Rivest–Shamir–Adleman (RSA) Algorithm With Sufficient Key Size -- Enabled by default
    • CA5386: Avoid hardcoding SecurityProtocolType value