Skip to content

v2.9.11
Compare
Choose a tag to compare
@dotpaul dotpaul released this 10 Aug 20:13
· 195 commits to 2.9.x since this release
v2.9.11
8394e05
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 2.9.0 NuGet packages. Works with VS 2017 15.9 or later.

Contains the following important changes on top of the v2.9.10 release.

New security rules to help find vulnerabilities related to DataSet and DataTable security guidance.

Fixes

  • Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.

Added

  • Security
    • CA2361: Ensure autogenerated class containing DataSet.ReadXml() is not used with untrusted data
    • CA2362: Unsafe DataSet or DataTable in autogenerated serializable type can be vulnerable to remote code execution attacks

Changed

  • Security
    • CA2351: Some cases of autogenerated code are now reported as CA2361
    • CA2352: Some cases of autogenerated code are now reported as CA2362
Assets 2
Loading