.NET Compiler Platform ("Roslyn") Analyzers v2.9.11

Version Release Notes from August 10, 2020 (over 3 years ago)

« Changelog History

.NET Compiler Platform ("Roslyn") Analyzers v2.9.11 Release Notes

Release Date: 2020-08-10 // over 3 years ago

🚀 Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017 15.9 or later.

🚀 Contains the following important changes on top of the v2.9.10 release.

🆕 New security rules to help find vulnerabilities related to DataSet and DataTable security guidance.

🛠 Fixes
- Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.
➕ Added
- 🔒 Security
  - CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
  - CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
🔄 Changed
- 🔒 Security
  - CA2351: Some cases of autogenerated code are now reported as CA2361
  - CA2352: Some cases of autogenerated code are now reported as CA2362

Awesome .NET is part of the LibHunt network. Terms. Privacy Policy.