github presidentbeef/brakeman v2.6.0

  • Fix detection of :host setting in redirects with chained calls
  • Add check for CVE-2014-0130
  • Add find_by/find_by! to SQLi check for Rails 4
  • Parse most files upfront instead of on demand
  • Do not branch values for +=
  • Update to use RubyParser 3.5.0 (Patrick Toomey)
  • Improve default route detection in Rails 3/4 (Jeff Jarmoc)
  • Handle controllers and models split across files (Patrick Toomey)
  • Fix handling of protected_attributes gem in Rails 4 (Geoffrey Hichborn)
  • Ignore more model methods in redirects
  • Fix CheckRender with nested render calls
latest releases: v5.1.1, v5.1.0, v5.0.4...
7 years ago