Skip to content

Latest commit

 

History

History
102 lines (79 loc) · 7 KB

ReleaseHistory.md

File metadata and controls

102 lines (79 loc) · 7 KB
Raw

BinSkim Release History

Unreleased

  • BREAKING Change from self-contained to dotnettool. #306

v1.7.0 NuGet Package

  • AUTOMATION BREAKING: Update to .NET Core 3.1. Changes tool paths in NuGet package.
  • FEATURE: Add --trace argument to enable specialized trace of execution behavior, such as PdbLoad.
  • FEATURE: Update SARIF version to 2.3.8
  • BREAKING Default output is sarif v2

v1.6.1 NuGet Package

  • DOC FIX: Correct reporting to reflect that /guard:cf is case-sensitive for the compiler. Contributed by @JacksonText
  • BUG FIX: Fix ExceptionRaisedInSkimmerCanAnalyze null dereference exception for binaries without PDBs. #265

v1.6.0 NuGet Package

  • FEATURE: Update to final SARIF v2 (version 2.1.16). This enables results caching when passing --hashes on the command-line, a significant performance improvement when recursively analyzing directories with multiple copies of scan targets.
  • BUG FIX: Fix typo in BA2021.DoNotMarkWritableSectionsAsExecutable output.
  • PERFORMANCE: Eliminate PDB loading for all non-mixed-mode for managed assemblies, including IL Library (ahead of time compiled) binaries.
  • FALSE NEGATIVE FIX: Verify that a PDB placed alongside a binary actually matches the binary under analysis
  • FEATURE: Provide --local-symbol-directories argument to specify additional (local, non-symbol-server) PDB look-up locations
  • FALSE POSITIVE FIX: Skip PDB-driven analysis for the generated .NET core native bootstrap exe (which is not user-controllable code).

v1.6.0-beta.3 NuGet Package

  • Drop Spectre analysis to warning

v1.6.0-beta.2 NuGet Package

  • Fix Linux NuGet packaging to include BinSkim executable missing in 1.6.0-beta.1
  • Update to pre-release SARIF v2 output format (sarif-2.0.0-csd.2.beta.2019-01-24)
  • Provide for SARIF v1 or v2 file format export. Default is v1 until SARIF v2 is final.

v1.6.0-beta.1 NuGet Package

  • Breaking Output is now Sarif V2-CSD1 compliant rather than Sarif V1

v1.5.1 NuGet Package

  • Fix Linux NuGet packaging to include BinSkim executable missing in 1.5.0.

v1.5.0 NuGet Package

  • Cross platform (Windows/Linux) support.
  • Possibly Breaking: New Results: Identify and fire configuration errors when located PDBs are stripped
  • Possibly Breaking: New Results: False negative removed for BA2015.EnableHighEntropyVA: Correctly flags an AnyCPU binary with HighEntropyVA and Prefer32Bit disabled
  • Possibly Breaking: New Rules: New rules for ELF Binaries (BA3001.EnablePieOnExecutables, BA3002.DoNotMarkStackAsExecutable, BA3003.EnableStackProtector, BA3010.EnableReadOnlyRelocations, and BA3030.UseCheckedFunctionsWithGcc)
  • Possibly Breaking: New Rules: Provide preliminary BA2024.EnableSpectreMitigations analysis

v1.4.5 NuGet Package

  • Correct signing check pass message to reflect actual analysis
  • Sign all BinSkim binaries

v1.4.4 NuGet Package

  • Do not fire BA2001.LoadImageAboveFourGigabyteAddressId for ILOnly 64-bit assemblies

v1.4.3 NuGet Package

  • Fix rich return code return functionality when core command-line parsing breaks
  • Export configuration knob to adjust EnableControlFlowGuard linker version check
  • Loosen SignSecurely rule to prevent errors on WinTrustVerify errors CERT_E_UNTRUSTEDROOT and CERT_E_CHAINING

v1.4.2 NuGet Package

  • Add 'rich' return code (a bitfield value of observed runtime conditions) via SARIF SDK --rich-return-code arg

v1.4.1 NuGet Package

  • Add response file support
  • Add __vcrt_trace_logging_provider::_TlgWrite exception to BA2014.DoNotDisableStackProtectionForFunctions

v1.4.0 NuGet Package

  • Fix rule crash on firing 'not applicable' message for control flow guard check
  • Add BinScope readable rule name information to SARIF log file output
  • Fix reporting errors when flagging binaries signed with weak cryptogrphic algorithms
  • Drop required compiler tools version to 17.0.65501.17013
  • Make minimum required linker configurable for EnableControlFlowGuard check

v1.3.9 NuGet Package

  • Fix false positives of BA2008:EnableControlFlowGuard firing on x86 kernel mode binaries
  • Eliminate high-entropy VA analysis for binaries with no entry points
  • Update various checks to eliminate noise analyzing boot binaries

v1.3.8 NuGet Package

  • Update Sarif dependency to 1.5.40
  • --config argument is now optional
  • Fix false positives of BA2008:EnableControlFlowGuard firing against MC++ mixed mode binaries
  • Fix false positives of BA2008:EnableControlFlowGuard firing against resource-only dll that include exported API forwarders (but no code)
  • XML-based configuration now functional
  • Eliminated compiler tool version false positives for Intel compiler and MASM

v1.3.7 NuGet Package

  • Update Sarif dependency to 1.5.38
  • More incidental reporting improvements

v1.3.6 NuGet Package

  • Update Sarif dependency to 1.5.36
  • Improves output in error cases

v1.3.5 NuGet Package

  • Fix false positives in 'sign securely' analysis for multi-signed binaries
  • Eliminate noise in stack protection analysis against .NET native binaries
  • Update Sarif dependency to 1.5.28

v1.3.4-beta NuGet Package

  • Force load PDBs in some circumstances where they have failed to do so

v1.3.3-beta NuGet Package

  • Update Sarif dependency to Sarif SDK/Driver 1.5.22-beta (Sarif JSON format 1.0.0)