- Support non-native line endings in Gemfile.lock (Paul Deardorff)
- Support for ignoring warnings
- Check for dangerous model attributes defined in attr_accessible (Paul Deardorff)
- Update to ruby_parser 3.2.2
- Add brakeman-min gemspec
- Load gem dependencies on-demand
- Output JSON diff to file if -o option is used
- Add check for authenticate_or_request_with_http_basic
- Refactor of SQL injection check code (Bart ten Brinke)
- Fix detection of duplicate XSS warnings
- Refactor reports into separate classes
- Allow use of Slim 2.x (Ian Zabel)
- Return error exit code when application path is not found
- Add
--branch-limit
option, limit to 5 by default - Add more methods to check for command injection
- Fix output format detection to be more strict again
- Allow empty Brakeman configuration file