Skip to content

v2.9.10
Compare
Choose a tag to compare
@mavasani mavasani released this 14 Jul 23:47
· 213 commits to 2.9.x since this release
v2.9.10
d512b50
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017 15.9 or later.

Contains the following important changes on top of the v2.9.9 release.

New security rules to help find vulnerabilities related to DataSet and DataTable security guidance.

Bug fixes

  • CA3075: Fix false positives with XmlDocument on .NET Framework 4.5.2 or later

Added

  • Security
    • CA2350: Ensure DataTable.ReadXml()'s input is trusted
    • CA2351: Ensure DataSet.ReadXml()'s input is trusted
    • CA2352: Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks
    • CA2353: Unsafe DataSet or DataTable in serializable type
    • CA2354: Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks
    • CA2355: Unsafe DataSet or DataTable in deserialized object graph
    • CA2356: Unsafe DataSet or DataTable in web deserialized object graph
Assets 2
Loading