All Versions
29
Latest Version
Avg Release Cycle
45 days
Latest Release
191 days ago

Changelog History
Page 1

  • v5.0.1 Changes

    December 04, 2020

    ๐Ÿš€ Release build of Microsoft.CodeAnalysis.NetAnalyzers containing first-party code quality analyzers ("CAxxxx rules").

    • ๐Ÿ”– Version 5.0.1 of this package contains additional bug fixes on top of version 5.0.0 that ships with the .NET 5 SDK.
    • ๐Ÿš€ Works with VS 2019 16.8 or later.
    • ๐Ÿš€ All the shipped CA rules with the default severity and enabled state can be found here
  • v5.0.1.xx

    July 10, 2020
  • v5.0.0 Changes

    November 12, 2020

    ๐Ÿš€ Release build of first-party code quality analyzers ("CAxxxx rules") that ship with the .NET 5 SDK. Works with VS 2019 16.8 or later. All the shipped CA rules with the default severity and enabled state can be found here

  • v3.3.2 Changes

    December 04, 2020

    ๐Ÿš€ Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

    • ๐Ÿš€ Contains important functionality and performance bug fixes on top of v3.3.1 release
    • ๐Ÿ“„ New deprecation warning CA9998 for Microsoft.CodeAnalysis.FxCopAnalyzers package:
      ๐Ÿ“ฆ FxCopAnalyzers package has been deprecated in favor of 'Microsoft.CodeAnalysis.NetAnalyzers', that ships with the .NET SDK. Please refer to https://docs.microsoft.com/visualstudio/code-quality/migrate-from-fxcop-analyzers-to-net-analyzers to migrate to .NET analyzers.
  • v3.3.1 Changes

    October 29, 2020

    ๐Ÿš€ Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

    ๐Ÿš€ Contains following important changes on top of v3.3.0 release:

    ๐Ÿ› Bug Fixes

    • ๐ŸŽ Functionality and performance bug fixes
    • Tainted data rules improvements
    • ๐Ÿ“„ CA5377: Don't warn when unable to get the control flow graph for dataflow analysis
    • ๐Ÿ“„ CA3075: Fix false positive on XmlReader.Create(string) invocations
    • โšก๏ธ Optimizing error list refresh times for full compilation analyzers in Visual Studio 2019 16.9

    โž• Additional analyzers/fixers

    โž• Added

    • Globalization
      • CA1310: Specify StringComparison for correctness -- Enabled by default
    • Interoperability
      • CA1416: Validate platform compatibility -- Enabled by default

    ๐Ÿ”„ Changed

    • Globalization
      • CA1307: Specify StringComparison for clarity -- Now disabled by default
  • v3.3.0 Changes

    August 10, 2020

    ๐Ÿš€ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

    ๐Ÿš€ Contains following important changes on top of v3.0.0 release

    ๐Ÿ”’ The new security rules CA2350-CA2362 can help find vulnerabilities related to DataSet and DataTable security guidance.

    ๐Ÿ”‹ Feature

    ๐Ÿ‘€ Editorconfig based file/directory level options configuration. See details here

    ๐Ÿ› Bug Fixes

    • ๐ŸŽ Many bug fixes, including performance fixes.
    • Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.

    โž• Additional analyzers/fixers

    โž• Added

    • Design
      • CA1002: Do not expose generic lists
      • CA1005: Avoid excessive parameters on generic types
      • CA1045: Do not pass types by reference
      • CA1046: Do not overload equality operator on reference types
      • CA1047: Do not declare protected member in sealed type -- Enabled by default
      • CA1070: Do not declare event fields as virtual -- Enabled by default
    • Interoperability
      • CA1417: Do not use 'OutAttribute' on string parameters for P/Invokes -- Enabled by default
    • Naming
      • CA1700: Do not name enum values 'Reserved'
      • CA1713: Events should not have 'Before' or 'After' prefix -- Enabled by default
    • ๐ŸŽ Performance
      • CA1805: Do not initialize unnecessarily -- Enabled by default
      • CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder -- Enabled by default
      • CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1834: Consider using 'StringBuilder.Append(char)' when applicable -- Enabled by default
      • CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
      • CA1836: Prefer IsEmpty over Count -- Enabled by default
      • CA1837: Use 'Environment.ProcessId' -- Enabled by default
      • CA1838: Avoid 'StringBuilder' parameters for P/Invokes
    • Publish
      • IL3000: Avoid using accessing Assembly file path when publishing as a single-file -- Enabled by default
      • IL3001: Avoid using accessing Assembly file path when publishing as a single-file -- Enabled by default
    • Reliability
      • CA2014: Do not use stackalloc in loops -- Enabled by default
      • CA2015: Do not define finalizers for types derived from MemoryManager -- Enabled by default
      • CA2016: Forward the 'CancellationToken' parameter to methods that take one -- Enabled by default
    • ๐Ÿ”’ Security
      • CA2109: Review visible event handlers
      • CA2350: Do not use DataTable.ReadXml() with untrusted data
      • CA2351: Do not use DataSet.ReadXml() with untrusted data
      • CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
      • CA2353: Unsafe DataSet or DataTable in serializable type
      • CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
      • CA2355: Unsafe DataSet or DataTable type found in deserializable object graph
      • CA2356: Unsafe DataSet or DataTable type in web deserializable object graph
      • CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
      • CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
    • Usage
      • CA2247: Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum -- Enabled by default
      • CA2248: Provide correct 'enum' argument to 'Enum.HasFlag' -- Enabled by default
      • CA2249: Consider using 'string.Contains' instead of 'string.IndexOf' -- Enabled by default

    โœ‚ Removed

    • Reliability
      • CA2010: Always consume the value returned by methods marked with PreserveSigAttribute -- Enabled by default
  • v3.3.0-beta2.final Changes

    July 15, 2020

    ๐Ÿš€ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

    ๐Ÿš€ Contains following important changes on top of v3.0.0 release

    ๐Ÿ”’ The new security rules CA2350-CA2356 can help find vulnerabilities related to DataSet and DataTable security guidance.

    ๐Ÿ”‹ Feature

    ๐Ÿ‘€ Editorconfig based file/directory level options configuration. See details here

    ๐Ÿ› Bug Fixes

    ๐ŸŽ Many bug fixes, including performance fixes.

    โž• Additional analyzers/fixers:

    โž• Added

    • Design
      • CA1002: Do not expose generic lists
      • CA1005: Avoid excessive parameters on generic types
      • CA1045: Do not pass types by reference
      • CA1046: Do not overload equality operator on reference types
      • CA1047: Do not declare protected member in sealed type -- Enabled by default
      • CA1070: Do not declare event fields as virtual -- Enabled by default
    • Naming
      • CA1700: Do not name enum values 'Reserved'
      • CA1713: Events should not have 'Before' or 'After' prefix -- Enabled by default
    • ๐ŸŽ Performance
      • CA1805: Do not initialize unnecessarily -- Enabled by default
      • CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder. -- Enabled by default
      • CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1834: Consider using 'StringBuilder.Append(char)' when applicable. -- Enabled by default
      • CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
      • CA1836: Prefer IsEmpty over Count -- Enabled by default
    • Reliability
      • CA2014: Do not use stackalloc in loops. -- Enabled by default
      • CA2015: Do not define finalizers for types derived from MemoryManager -- Enabled by default
      • CA2016: Forward the 'CancellationToken' parameter to methods that take one -- Enabled by default
    • ๐Ÿ”’ Security
      • CA2109: Review visible event handlers -- Enabled by default
      • CA2350: Do not use insecure deserialization with DataTable.ReadXml()
      • CA2351: Do not use insecure deserialization with DataSet.ReadXml()
      • CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
      • CA2353: Unsafe DataSet or DataTable in serializable type
      • CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
      • CA2355: Unsafe DataSet or DataTable type found in deserializable object graph
      • CA2356: Unsafe DataSet or DataTable type in web deserializable object graph
    • Usage
      • CA2247: Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum. -- Enabled by default
      • CA2248: Provide correct 'enum' argument to 'Enum.HasFlag' -- Enabled by default
      • CA2249: Consider using 'string.Contains' instead of 'string.IndexOf' -- Enabled by default

    โœ‚ Removed

    • Reliability
      • CA2010: Always consume the value returned by methods marked with PreserveSigAttribute -- Enabled by default
  • v3.3.0-beta1.final Changes

    July 06, 2020

    ๐Ÿš€ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

    ๐Ÿš€ Contains following important changes on top of v3.0.0 release

    ๐Ÿ”‹ Feature

    ๐Ÿ‘€ Editorconfig based file/directory level options configuration. See details here

    ๐Ÿ› Bug Fixes

    ๐ŸŽ Many bug fixes, including performance fixes.

    โž• Additional analyzers/fixers:

    โž• Added

    • Design
      • CA1002: Do not expose generic lists
      • CA1005: Avoid excessive parameters on generic types
      • CA1045: Do not pass types by reference
      • CA1046: Do not overload equality operator on reference types
      • CA1047: Do not declare protected member in sealed type -- Enabled by default
      • CA1070: Do not declare event fields as virtual -- Enabled by default
    • Naming
      • CA1700: Do not name enum values 'Reserved'
      • CA1713: Events should not have 'Before' or 'After' prefix -- Enabled by default
    • ๐ŸŽ Performance
      • CA1805: Do not initialize unnecessarily -- Enabled by default
      • CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder. -- Enabled by default
      • CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
      • CA1834: Consider using 'StringBuilder.Append(char)' when applicable. -- Enabled by default
      • CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
      • CA1836: Prefer IsEmpty over Count -- Enabled by default
    • Reliability
      • CA2014: Do not use stackalloc in loops. -- Enabled by default
      • CA2015: Do not define finalizers for types derived from MemoryManager -- Enabled by default
      • CA2016: Forward the 'CancellationToken' parameter to methods that take one -- Enabled by default
    • ๐Ÿ”’ Security
      • CA2109: Review visible event handlers -- Enabled by default
    • Usage
      • CA2247: Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum. -- Enabled by default
      • CA2248: Provide correct 'enum' argument to 'Enum.HasFlag' -- Enabled by default
      • CA2249: Consider using 'string.Contains' instead of 'string.IndexOf' -- Enabled by default

    โœ‚ Removed

    • Reliability
      • CA2010: Always consume the value returned by methods marked with PreserveSigAttribute -- Enabled by default
  • v3.0.0 Changes

    April 27, 2020

    ๐Ÿš€ Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.0.0 NuGet packages. Works with VS 2019 or later.

    ๐Ÿš€ Contains following important changes on top of v2.9.x releases

    ๐Ÿ› Bug Fixes

    ๐Ÿ›  Tons of bug fixes

    โž• Additional analyzers/fixers:

    โž• Added

    • Design
      • CA1021: Avoid out parameters
      • CA1069: Enums values should not be duplicated -- Enabled by default
    • Reliability
      • CA2011: Avoid infinite recursion -- Enabled by default
      • CA2012: Use ValueTasks correctly -- Enabled by default
      • CA2013: Do not use ReferenceEquals with value types -- Enabled by default
    • Usage
      • CA2215: Dispose methods should call base class dispose -- Enabled by default

    ๐Ÿ”„ Changed

    • ๐Ÿ”’ Security
      • CA5361: Do Not Disable SChannel Use of Strong Crypto -- Now disabled by default
      • CA5376: Use SharedAccessProtocol HttpsOnly -- Now disabled by default
      • CA5377: Use Container Level Access Policy -- Now disabled by default
      • CA5378: Do not disable ServicePointManagerSecurityProtocols -- Now disabled by default
      • CA5380: Do Not Add Certificates To Root Store -- Now disabled by default
      • CA5381: Ensure Certificates Are Not Added To Root Store -- Now disabled by default
  • v3.0.0-beta3.final Changes

    March 24, 2020

    ๐Ÿš€ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.0.0 NuGet packages. Works with VS 2019 or later.

    ๐Ÿš€ Contains following important changes on top of v2.9.x releases

    ๐Ÿ› Bug Fixes

    ๐Ÿ›  Lot of bug fixes

    โž• Additional analyzers/fixers:

    โž• Added

    • Design
      • CA1021: Avoid out parameters
      • CA1069: Enums values should not be duplicated -- Enabled by default
    • Reliability
      • CA2011: Avoid infinite recursion -- Enabled by default
      • CA2012: Use ValueTasks correctly -- Enabled by default
      • CA2013: Do not use ReferenceEquals with value types -- Enabled by default
    • Usage
      • CA2215: Dispose methods should call base class dispose -- Enabled by default

    ๐Ÿ”„ Changed

    • ๐Ÿ”’ Security
      • CA5361: Do Not Disable SChannel Use of Strong Crypto -- Now disabled by default
      • CA5376: Use SharedAccessProtocol HttpsOnly -- Now disabled by default
      • CA5377: Use Container Level Access Policy -- Now disabled by default
      • CA5378: Do not disable ServicePointManagerSecurityProtocols -- Now disabled by default
      • CA5380: Do Not Add Certificates To Root Store -- Now disabled by default
      • CA5381: Ensure Certificates Are Not Added To Root Store -- Now disabled by default