v2.0.0-rc1

v2.0.0-rc1 NuGet Package

• BUGFIX: Eliminate BA2004.EnableSecureSourceCodeHashing false positives to Windows Runtime components (resulting from references to Win RT API metadata files).
• BREAKING: Removed SARIF 1.0 support from BinSkim. Now option -v | --sarif-output-version does not accept value OneZeroZero. 719
• Update Sarif.Sdk submodule from fc9a9df to e557b69. Critically, this update resolves transient Collection modified exception during analysis. #722
• Eliminate BA2015.EnableHighEntropyVirtualAddresses false positives for some 32-bit exes. #721
• FEATURE: Raw command line passed to the linker now exposed on ObjectModuleDetail instances. #708
• BUGFIX: Fix error ERR997.ExceptionLoadingPdb : '[filename]' was not evaluated because its PDB could not be loaded (E_PDB_NOT_FOUND). when reading PE file built with PDBPageSize:8192 or greater, by upgrading msdia140.dll from 14.27.28826.96 to 14.32.31326.0. 685
• FEATURE: Add BA3031.EnableClangSafeStack, rename BA3030.UseCheckedFunctionsWithGcc to BA3030.UseGccCheckedFunctions #663
• Upgrade Sarif.Sdk by updating submodule from fc9a9df to 698adb6. #674
• Introduce first performance rule BA6001.DisableIncrementalLinkingInReleaseBuilds #667
• Introduce more performance rules BA6002.EliminateDuplicateStrings, BA6004.EnableCOMDATFolding, BA6005.EnableOptimizeReferences, BA6006.EnableLinkTimeCodeGeneration #691
• BUGFIX: Fix command line parameter in documents: -Wl,z,relro with -Wl,-z,relro, and -Wl,z,now with -Wl,-z,now. 736

v1.9.5

v1.9.5 NuGet Package

• Bump ELFSharp from 2.13.2 to 2.14.0. #628
• Bump System.Reflection.Metadata from 5.0.0 to 6.0.1 and System.Collections.Immutable from 5.0.0 to 6.0.0. #605
• Bump ELFSharp from 2.14.0 to 2.15.0. #631
• FEATURE: Enable BinSkim for MacOS. #576
• Bump Sarif.Sdk by updating submodule from 4e9f606 to fc9a9df. #638
• FALSE POSITIVE FIX: Skip BA2025.EnableShadowStack rule for ARM Binaries which cannot use /CETCOMPAT. #650
• BUGFIX: Fix missing commandLineId from CommandLineInformation event. #652

v1.9.4

v1.9.4 NuGet Package

• FEATURE: Add new PE CV_CFL_LANG language code for ALIASOBJ and Rust. 530
• BUGFIX: Fix BA2014.DoNotDisableStackProtectionForFunctions to eliminate false positive reports that GsDriverEntry has disabled the stack protector. 551
• BREAKING: Rename BA2026.EnableAdditionalSdlSecurityChecks to BA2026.EnableMicrosoftCompilerSdlSwitch to clarify rule purpose. #586
• BUGFIX: Fix Newtonsoft.Json.JsonSerializationException when reading SARIF V1 with telemetry enabled. 613

v1.9.3

v1.9.3 NuGet Package

• BUGFIX: Fix KeyNotFoundException exception raised by BA2006.BuildWithSecureTools when individual MinimumToolVersions properties are removed from XML configuration. #565
• BUGFIX: Fix BA2006.BuildWithSecureTools is not emitting the compiler list. Commit SHA 135946

v1.9.2

v1.9.2 NuGet Package

• BUGFIX: Fix MultithreadedAnalyzeCommandBase artifacts generation and enforcing JSON properties ordering. #555

v1.9.1

v1.9.1 NuGet Package

• BUGFIX: Fix incorrect analysis for non-Microsoft compiler on BA2006.BuildWithSecureTools. #545
• BUGFIX: Fix JsonSerializationException that occurs when saving SARIF v1 with telemetry enabled. #535
• BUGFIX: Fix NullReferenceException when --Hashes and telemetry rules are enabled. #531
• BUGFIX: Fix error ERR998.ExceptionInAnalyze - PropertiesDictionary isn't thread safe. #539

v1.9.0

v1.9.0 NuGet Package

• BUGFIX: Fix telemetry session creation. 515

v1.9.0-prerelease3

v1.9.0-prerelease3 NuGet Package

• BUGFIX: Fix exception when collecting telemetry. 486, #487
• FEATURE: Collect/Send assembly references when rule BA4001 is enabled. #493
• FEATURE: Enable multithread analysis. #495
• FEATURE: Package BinaryParsers project as a new nuget. #502
• FEATURE: Do not return 1 when ignorePdbLoadError is enabled for PDB loading issues. #506

v1.9.0-prerelease2

v1.9.0-prerelease2 NuGet Package

• BUGFIX: Fix exception handling when PDB cannot be loaded by IDiaDataSource. #461
• BREAKING: PDB exceptions will be reported once per target. #465
• BUGFIX: Fix exception System.AccessViolationException caused by trying to read data out of boundary. #470
• BUGFIX: Include C++ runtime in the package to prevent DllNotFoundException when loading msdia140.dll. #474
• FEATURE: Add dialects to the reporting rules. #475
• BUGFIX: Change compiler report rule to report all modules in file. #476
• BUGFIX: Fix exception System.ArgumentException when checking file format. #481
• BUGFIX: Fix opcode handling when reading DWARF line number programs. #482
• BUGFIX: Fix BA3005 to use similar output as BA3003. #483
• BUGFIX: Fix exception System.AccessViolationException when reading DWARF string by position. #484

v1.9.0-prerelease1

v1.9.0-prerelease1 NuGet Package

• FEATURE: Add BA3011.EnableBindNow. #363
• FEATURE: Add BA2025.EnableShadowStack. #376
• FEATURE: Add BA3005.EnableStackClashProtection. #379
• BUGFIX: Force load PDB. #380
• BUGFIX: Fix BA2004 for MASM compilers. 381
• FEATURE: Add BA3006.EnableNonExecutableStack. #383
• FEATURE: Add BA2026.EnableAdditionalSecurityChecks. #388
• FEATURE: Add BA4002.ReportDwarfCompilerData. #394
• BUGFIX: Fix for E_PDB_MAX error. #399
• BREAKING: Removing win-x86 support. #401
• FEATURE: Add baseline support. #409
• BUGFIX: Fix exception when the PDB is embedded. #410