Changelog History
Page 1
-
v5.0.1 Changes
December 04, 2020๐ Release build of Microsoft.CodeAnalysis.NetAnalyzers containing first-party code quality analyzers ("CAxxxx rules").
- ๐ Version
5.0.1
of this package contains additional bug fixes on top of version5.0.0
that ships with the .NET 5 SDK. - ๐ Works with VS 2019 16.8 or later.
- ๐ All the shipped CA rules with the default severity and enabled state can be found here
- ๐ Version
-
v5.0.1.xx
July 10, 2020 -
v5.0.0 Changes
November 12, 2020๐ Release build of first-party code quality analyzers ("CAxxxx rules") that ship with the .NET 5 SDK. Works with VS 2019 16.8 or later. All the shipped CA rules with the default severity and enabled state can be found here
-
v3.3.2 Changes
December 04, 2020๐ Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.
- ๐ Contains important functionality and performance bug fixes on top of v3.3.1 release
- ๐ New deprecation warning CA9998 for
Microsoft.CodeAnalysis.FxCopAnalyzers
package:
๐ฆFxCopAnalyzers package has been deprecated in favor of 'Microsoft.CodeAnalysis.NetAnalyzers', that ships with the .NET SDK. Please refer to https://docs.microsoft.com/visualstudio/code-quality/migrate-from-fxcop-analyzers-to-net-analyzers to migrate to .NET analyzers.
-
v3.3.1 Changes
October 29, 2020๐ Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.
๐ Contains following important changes on top of v3.3.0 release:
๐ Bug Fixes
- ๐ Functionality and performance bug fixes
- Tainted data rules improvements
- ๐ CA5377: Don't warn when unable to get the control flow graph for dataflow analysis
- ๐ CA3075: Fix false positive on XmlReader.Create(string) invocations
- โก๏ธ Optimizing error list refresh times for full compilation analyzers in Visual Studio 2019 16.9
โ Additional analyzers/fixers
โ Added
- Globalization
- CA1310: Specify StringComparison for correctness -- Enabled by default
- Interoperability
- CA1416: Validate platform compatibility -- Enabled by default
๐ Changed
- Globalization
- CA1307: Specify StringComparison for clarity -- Now disabled by default
-
v3.3.0 Changes
August 10, 2020๐ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.
๐ Contains following important changes on top of v3.0.0 release
๐ The new security rules CA2350-CA2362 can help find vulnerabilities related to DataSet and DataTable security guidance.
๐ Feature
๐ Editorconfig based file/directory level options configuration. See details here
๐ Bug Fixes
- ๐ Many bug fixes, including performance fixes.
- Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.
โ Additional analyzers/fixers
โ Added
- Design
- CA1002: Do not expose generic lists
- CA1005: Avoid excessive parameters on generic types
- CA1045: Do not pass types by reference
- CA1046: Do not overload equality operator on reference types
- CA1047: Do not declare protected member in sealed type -- Enabled by default
- CA1070: Do not declare event fields as virtual -- Enabled by default
- Interoperability
- CA1417: Do not use 'OutAttribute' on string parameters for P/Invokes -- Enabled by default
- Naming
- ๐ Performance
- CA1805: Do not initialize unnecessarily -- Enabled by default
- CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder -- Enabled by default
- CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1834: Consider using 'StringBuilder.Append(char)' when applicable -- Enabled by default
- CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
- CA1836: Prefer IsEmpty over Count -- Enabled by default
- CA1837: Use 'Environment.ProcessId' -- Enabled by default
- CA1838: Avoid 'StringBuilder' parameters for P/Invokes
- Publish
- Reliability
- ๐ Security
- CA2109: Review visible event handlers
- CA2350: Do not use DataTable.ReadXml() with untrusted data
- CA2351: Do not use DataSet.ReadXml() with untrusted data
- CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
- CA2353: Unsafe DataSet or DataTable in serializable type
- CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
- CA2355: Unsafe DataSet or DataTable type found in deserializable object graph
- CA2356: Unsafe DataSet or DataTable type in web deserializable object graph
- CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
- CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks
- Usage
- CA2247: Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum -- Enabled by default
- CA2248: Provide correct 'enum' argument to 'Enum.HasFlag' -- Enabled by default
- CA2249: Consider using 'string.Contains' instead of 'string.IndexOf' -- Enabled by default
โ Removed
- Reliability
- CA2010: Always consume the value returned by methods marked with PreserveSigAttribute -- Enabled by default
-
v3.3.0-beta2.final Changes
July 15, 2020๐ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.
๐ Contains following important changes on top of v3.0.0 release
๐ The new security rules CA2350-CA2356 can help find vulnerabilities related to DataSet and DataTable security guidance.
๐ Feature
๐ Editorconfig based file/directory level options configuration. See details here
๐ Bug Fixes
๐ Many bug fixes, including performance fixes.
โ Additional analyzers/fixers:
โ Added
- Design
- CA1002: Do not expose generic lists
- CA1005: Avoid excessive parameters on generic types
- CA1045: Do not pass types by reference
- CA1046: Do not overload equality operator on reference types
- CA1047: Do not declare protected member in sealed type -- Enabled by default
- CA1070: Do not declare event fields as virtual -- Enabled by default
- Naming
- ๐ Performance
- CA1805: Do not initialize unnecessarily -- Enabled by default
- CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder. -- Enabled by default
- CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1834: Consider using 'StringBuilder.Append(char)' when applicable. -- Enabled by default
- CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
- CA1836: Prefer IsEmpty over Count -- Enabled by default
- Reliability
- ๐ Security
- CA2109: Review visible event handlers -- Enabled by default
- CA2350: Do not use insecure deserialization with DataTable.ReadXml()
- CA2351: Do not use insecure deserialization with DataSet.ReadXml()
- CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
- CA2353: Unsafe DataSet or DataTable in serializable type
- CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
- CA2355: Unsafe DataSet or DataTable type found in deserializable object graph
- CA2356: Unsafe DataSet or DataTable type in web deserializable object graph
- Usage
- CA2247: Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum. -- Enabled by default
- CA2248: Provide correct 'enum' argument to 'Enum.HasFlag' -- Enabled by default
- CA2249: Consider using 'string.Contains' instead of 'string.IndexOf' -- Enabled by default
โ Removed
- Reliability
- CA2010: Always consume the value returned by methods marked with PreserveSigAttribute -- Enabled by default
- Design
-
v3.3.0-beta1.final Changes
July 06, 2020๐ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.
๐ Contains following important changes on top of v3.0.0 release
๐ Feature
๐ Editorconfig based file/directory level options configuration. See details here
๐ Bug Fixes
๐ Many bug fixes, including performance fixes.
โ Additional analyzers/fixers:
โ Added
- Design
- CA1002: Do not expose generic lists
- CA1005: Avoid excessive parameters on generic types
- CA1045: Do not pass types by reference
- CA1046: Do not overload equality operator on reference types
- CA1047: Do not declare protected member in sealed type -- Enabled by default
- CA1070: Do not declare event fields as virtual -- Enabled by default
- Naming
- ๐ Performance
- CA1805: Do not initialize unnecessarily -- Enabled by default
- CA1830: Prefer strongly-typed Append and Insert method overloads on StringBuilder. -- Enabled by default
- CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1832: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1833: Use AsSpan or AsMemory instead of Range-based indexers when appropriate -- Enabled by default
- CA1834: Consider using 'StringBuilder.Append(char)' when applicable. -- Enabled by default
- CA1835: Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' -- Enabled by default
- CA1836: Prefer IsEmpty over Count -- Enabled by default
- Reliability
- ๐ Security
- CA2109: Review visible event handlers -- Enabled by default
- Usage
- CA2247: Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum. -- Enabled by default
- CA2248: Provide correct 'enum' argument to 'Enum.HasFlag' -- Enabled by default
- CA2249: Consider using 'string.Contains' instead of 'string.IndexOf' -- Enabled by default
โ Removed
- Reliability
- CA2010: Always consume the value returned by methods marked with PreserveSigAttribute -- Enabled by default
- Design
-
v3.0.0 Changes
April 27, 2020๐ Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.0.0 NuGet packages. Works with VS 2019 or later.
๐ Contains following important changes on top of v2.9.x releases
๐ Bug Fixes
๐ Tons of bug fixes
โ Additional analyzers/fixers:
โ Added
- Design
- Reliability
- Usage
- CA2215: Dispose methods should call base class dispose -- Enabled by default
๐ Changed
- ๐ Security
- CA5361: Do Not Disable SChannel Use of Strong Crypto -- Now disabled by default
- CA5376: Use SharedAccessProtocol HttpsOnly -- Now disabled by default
- CA5377: Use Container Level Access Policy -- Now disabled by default
- CA5378: Do not disable ServicePointManagerSecurityProtocols -- Now disabled by default
- CA5380: Do Not Add Certificates To Root Store -- Now disabled by default
- CA5381: Ensure Certificates Are Not Added To Root Store -- Now disabled by default
-
v3.0.0-beta3.final Changes
March 24, 2020๐ Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.0.0 NuGet packages. Works with VS 2019 or later.
๐ Contains following important changes on top of v2.9.x releases
๐ Bug Fixes
๐ Lot of bug fixes
โ Additional analyzers/fixers:
โ Added
- Design
- Reliability
- Usage
- CA2215: Dispose methods should call base class dispose -- Enabled by default
๐ Changed
- ๐ Security
- CA5361: Do Not Disable SChannel Use of Strong Crypto -- Now disabled by default
- CA5376: Use SharedAccessProtocol HttpsOnly -- Now disabled by default
- CA5377: Use Container Level Access Policy -- Now disabled by default
- CA5378: Do not disable ServicePointManagerSecurityProtocols -- Now disabled by default
- CA5380: Do Not Add Certificates To Root Store -- Now disabled by default
- CA5381: Ensure Certificates Are Not Added To Root Store -- Now disabled by default