Releases: dotnet/roslyn-analyzers
v2.9.2
v2.9.1
Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.1 NuGet packages. Contains bug fixes on top of v2.9.0 release.
Works with VS 2017.9 or later.
Added
- Security
- CA3061: Do Not Add Schema By URL -- Enabled by default
- CA5367: Do Not Serialize Types With Pointer Fields
- CA5368: Set ViewStateUserKey For Classes Derived From Page -- Enabled by default
v2.9.0
Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Contains additional analyzers/fixers and additional bug fixes on top of v2.6.3 release.
Works with VS 2017.9 or later.
Added
- Design
- Globalization
- CA1303: Do not pass literals as localized parameters
- Maintainability
- CA1508: Avoid dead conditional code
- Naming
- CA1712: Do not prefix enum values with type name -- Enabled by default
- Reliability
- CA2000: Dispose objects before losing scope
- Security
- CA2100: Review SQL queries for security vulnerabilities
- CA2300: Do not use insecure deserializer BinaryFormatter
- CA2301: Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder
- CA2302: Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize
- CA2305: Do not use insecure deserializer LosFormatter
- CA2310: Do not use insecure deserializer NetDataContractSerializer
- CA2311: Do not deserialize without first setting NetDataContractSerializer.Binder
- CA2312: Ensure NetDataContractSerializer.Binder is set before deserializing
- CA2315: Do not use insecure deserializer ObjectStateFormatter
- CA3001: Review code for SQL injection vulnerabilities
- CA3002: Review code for XSS vulnerabilities
- CA3003: Review code for file path injection vulnerabilities
- CA3004: Review code for information disclosure vulnerabilities
- CA3005: Review code for LDAP injection vulnerabilities
- CA3006: Review code for process command injection vulnerabilities
- CA3007: Review code for open redirect vulnerabilities
- CA3008: Review code for XPath injection vulnerabilities
- CA3009: Review code for XML injection vulnerabilities
- CA3010: Review code for XAML injection vulnerabilities
- CA3011: Review code for DLL injection vulnerabilities
- CA3012: Review code for regex injection vulnerabilities
- CA5359: Do Not Disable Certificate Validation -- Enabled by default
- CA5360: Do Not Call Dangerous Methods In Deserialization -- Enabled by default
- CA5361: Do Not Disable SChannel Use of Strong Crypto -- Enabled by default
- CA5362: Do Not Refer Self In Serializable Class
- CA5363: Do Not Disable Request Validation -- Enabled by default
- CA5364: Do Not Use Deprecated Security Protocols -- Enabled by default
- CA5365: Do Not Disable HTTP Header Checking -- Enabled by default
- Usage
- CA2213: Disposable fields should be disposed
Removed
- Naming
- Async002: Async Method Names Should End in Async
- Usage
- Async001: Avoid Async Void
- Async003: Don't Pass Async Lambdas as Void Returning Delegate Types
- Async004: Don't Store Async Lambdas as Void Returning Delegate Types
- Async006: Don't Mix Blocking and Async
v2.6.3
v2.6.2
v2.6.2-beta2
Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.6.0 NuGet packages, with additional bug fixes and analyzers on top of v2.6.1 release.
Primary addition includes packaging of "rulesets" in the analyzer NuGet packages, listing all rules implemented in the package.
Works with VS 2017.5 or later.
v2.6.2-beta1
Pre-release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.6.0 NuGet packages, with additional bug fixes and analyzers on top of v2.6.1 release.
Primary addition includes packaging of "rulesets" in the analyzer NuGet packages, listing all rules implemented in the package.
Works with VS 2017.5 or later.
v2.6.1
v2.6.0
v2.6.0-beta2
Preview build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.6.0-beta3 NuGet packages, with additional bug fixes on top of v2.6.0-beta1.
Works with VS 2017.5 or later.