.NET Compiler Platform ("Roslyn") Analyzers v2.9.4 Release Notes

Release Date: 2019-07-29 // 4 months ago
  • 🚀 Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains bug fixes on top of v2.9.3 release and additional rules listed below.

    Works with VS 2017.9 or later.

    ➕ Added

    • 🐎 Performance
      • CA1827: Do not use Count() when Any() can be used -- Enabled by default
    • 🔒 Security
      • CA2326: Do not use TypeNameHandling values other than None
      • CA2327: Do not use insecure JsonSerializerSettings
      • CA2328: Ensure that JsonSerializerSettings are secure
      • CA5387: Do Not Use Weak Key Derivation Function With Insufficient Iteration Count
      • CA5388: Ensure Sufficient Iteration Count When Using Weak Key Derivation Function
      • CA5389: Do Not Add Archive Item's Path To The Target File System Path -- Enabled by default
      • CA5390: Do Not Hard Code Encryption Key -- Enabled by default
    • Usage
      • CA2245: Do not assign a property to itself. -- Enabled by default

    🛠 Fixes

    • 🐎 CA3075: Insecure DTD processing in XML -- Performance improvements.
    • 🛠 CA5360: Do Not Call Dangerous Methods In Deserialization -- Fixed KeyNotFoundException.

Previous changes from v2.9.4-beta1.final

  • 🚀 Pre-Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains following additional analyzers and additional bug fixes on top of v2.9.3 release:

    0️⃣ 1. Usage rule CA2245 (AvoidPropertySelfAssignment) - On by default 🔒 2. Security rule CA5387 (DefinitelyUseWeakKDFInsufficientIterationCount) - Off by default 🔒 3. Security rule CA5388 (MaybeUseWeakKDFInsufficientIterationCount) - Off by default 🔒 4. Security rule CA5389 (DoNotAddArchiveItemPathToTheTargetFileSystemPath) - Off by default

    Works with VS 2017.9 or later.