- Tests are in place and fully functional
- Hide errors by default in HTML output
- Warn if routes.rb cannot be found
- Narrow methods assumed to be file access
- Increase confidence for methods known to not escape output
- Fixes to output processing for Erubis
- Fixes for Rails 3 XSS checks
- Fixes to line numbers with Erubis
- Fixes to escaped output scanning
- Update CSRF CVE-2011-0447 message to be less assertive