github presidentbeef/brakeman v2.4.0

  • Detect Rails LTS versions
    • Reduce false positives for SQL injection in string building
    • More accurate user input marking for SQL injection warnings
    • Detect SQL injection in delete_all/destroy_all
    • Detect SQL injection raw SQL queries using connection
    • Parse exact versions from Gemfile.lock for all gems
    • Ignore generators
    • Update to RubyParser 3.4.0
    • Fix false positives when SQL methods are not called on AR models (Aaron Bedra)
    • Add check for uses of OpenSSL::SSL::VERIFY_NONE (Aaron Bedra)
    • No longer raise exceptions if a class name cannot be determined
    • Fingerprint attribute warnings individually (Case Taintor)
latest releases: v5.1.1, v5.1.0, v5.0.4...
7 years ago