Releases: dotnet/roslyn-analyzers
v2.9.4-beta1.final
Pre-Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains following additional analyzers and additional bug fixes on top of v2.9.3 release:
- Usage rule CA2245 (AvoidPropertySelfAssignment) - On by default
- Security rule CA5387 (DefinitelyUseWeakKDFInsufficientIterationCount) - Off by default
- Security rule CA5388 (MaybeUseWeakKDFInsufficientIterationCount) - Off by default
- Security rule CA5389 (DoNotAddArchiveItemPathToTheTargetFileSystemPath) - Off by default
Works with VS 2017.9 or later.
v2.9.3
Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains bug fixes on top of v2.9.2 release.
Works with VS 2017.9 or later.
Added
- Security
- CA2321: Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver
- CA2322: Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing
- CA5366: Use XmlReader For DataSet Read Xml -- Enabled by default
- CA5369: Use XmlReader For Deserialize -- Enabled by default
- CA5370: Use XmlReader For Validating Reader -- Enabled by default
- CA5371: Use XmlReader For Schema Read -- Enabled by default
- CA5372: Use XmlReader For XPathDocument -- Enabled by default
- CA5373: Do not use obsolete key derivation function -- Enabled by default
- CA5374: Do Not Use XslTransform -- Enabled by default
- CA5375: Do Not Use Account Shared Access Signature
- CA5376: Use SharedAccessProtocol HttpsOnly -- Enabled by default
- CA5377: Use Container Level Access Policy -- Enabled by default
- CA5378: Do not disable ServicePointManagerSecurityProtocols -- Enabled by default
- CA5379: Do Not Use Weak Key Derivation Function Algorithm -- Enabled by default
- CA5380: Do Not Add Certificates To Root Store -- Enabled by default
- CA5381: Ensure Certificates Are Not Added To Root Store -- Enabled by default
- CA5382: Use Secure Cookies In ASP.Net Core
- CA5383: Ensure Use Secure Cookies In ASP.Net Core
- CA5384: Do Not Use Digital Signature Algorithm (DSA) -- Enabled by default
- CA5385: Use Rivest–Shamir–Adleman (RSA) Algorithm With Sufficient Key Size -- Enabled by default
- CA5386: Avoid hardcoding SecurityProtocolType value
v2.6.4
v2.9.0-beta1.final
Pre-Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains additional analyzers/fixers and additional bug fixes on top of v2.6.3 release.
Works with VS 2017.9 or later.
v2.9.2
v2.9.1
Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.1 NuGet packages. Contains bug fixes on top of v2.9.0 release.
Works with VS 2017.9 or later.
Added
- Security
- CA3061: Do Not Add Schema By URL -- Enabled by default
- CA5367: Do Not Serialize Types With Pointer Fields
- CA5368: Set ViewStateUserKey For Classes Derived From Page -- Enabled by default
v2.9.0
Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains additional analyzers/fixers and additional bug fixes on top of v2.6.3 release.
Works with VS 2017.9 or later.
Added
- Design
- Globalization
- CA1303: Do not pass literals as localized parameters
- Maintainability
- CA1508: Avoid dead conditional code
- Naming
- CA1712: Do not prefix enum values with type name -- Enabled by default
- Reliability
- CA2000: Dispose objects before losing scope
- Security
- CA2100: Review SQL queries for security vulnerabilities
- CA2300: Do not use insecure deserializer BinaryFormatter
- CA2301: Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
- CA2302: Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
- CA2305: Do not use insecure deserializer LosFormatter
- CA2310: Do not use insecure deserializer NetDataContractSerializer
- CA2311: Do not deserialize without first setting NetDataContractSerializer.Binder
- CA2312: Ensure NetDataContractSerializer.Binder is set before deserializing
- CA2315: Do not use insecure deserializer ObjectStateFormatter
- CA3001: Review code for SQL injection vulnerabilities
- CA3002: Review code for XSS vulnerabilities
- CA3003: Review code for file path injection vulnerabilities
- CA3004: Review code for information disclosure vulnerabilities
- CA3005: Review code for LDAP injection vulnerabilities
- CA3006: Review code for process command injection vulnerabilities
- CA3007: Review code for open redirect vulnerabilities
- CA3008: Review code for XPath injection vulnerabilities
- CA3009: Review code for XML injection vulnerabilities
- CA3010: Review code for XAML injection vulnerabilities
- CA3011: Review code for DLL injection vulnerabilities
- CA3012: Review code for regex injection vulnerabilities
- CA5359: Do Not Disable Certificate Validation -- Enabled by default
- CA5360: Do Not Call Dangerous Methods In Deserialization -- Enabled by default
- CA5361: Do Not Disable SChannel Use of Strong Crypto -- Enabled by default
- CA5362: Do Not Refer Self In Serializable Class
- CA5363: Do Not Disable Request Validation -- Enabled by default
- CA5364: Do Not Use Deprecated Security Protocols -- Enabled by default
- CA5365: Do Not Disable HTTP Header Checking -- Enabled by default
- Usage
- CA2213: Disposable fields should be disposed
Removed
- Naming
- Async002: Async Method Names Should End in Async
- Usage
- Async001: Avoid Async Void
- Async003: Don't Pass Async Lambdas as Void Returning Delegate Types
- Async004: Don't Store Async Lambdas as Void Returning Delegate Types
- Async006: Don't Mix Blocking and Async
v2.6.3
v2.6.2
v2.6.2-beta2
Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.6.0 NuGet packages, with additional bug fixes and analyzers on top of v2.6.1 release.
Primary addition includes packaging of "rulesets" in the analyzer NuGet packages, listing all rules implemented in the package.
Works with VS 2017.5 or later.