.NET Compiler Platform ("Roslyn") Analyzers v2.9.10 Release Notes
Release Date: 2020-07-14 // almost 4 years ago-
๐ Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017 15.9 or later.
๐ Contains the following important changes on top of the v2.9.9 release.
๐ New security rules to help find vulnerabilities related to DataSet and DataTable security guidance.
๐ Bug fixes
- ๐ CA3075: Fix false positives with XmlDocument on .NET Framework 4.5.2 or later
โ Added
- ๐ Security
- CA2350: Ensure DataTable.ReadXml()'s input is trusted
- CA2351: Ensure DataSet.ReadXml()'s input is trusted
- CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
- CA2353: Unsafe DataSet or DataTable in serializable type
- CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
- CA2355: Unsafe DataSet or DataTable in deserialized object graph
- CA2356: Unsafe DataSet or DataTable in web deserialized object graph