github presidentbeef/brakeman v3.0.0

  • --exit-on-warn --compare only returns error code on new warnings (Jeff Yip)
  • Sort warnings by fingerprint in JSON report (Jeff Yip)
  • CVEs report correct line and file name (Gemfile/Gemfile.lock) (Rob Fletcher)
  • Change --separate-models to be the default
  • Local variables are no longer formatted as (local var)
  • Actually skip skipped before filters
  • Remove "fake filters" from warning fingerpints
  • Index calls in lib/ files
  • Handle symmetric multiple assignment
  • Do not branch for self attribute assignment x = x.y (#552)
  • Move Symbol DoS to optional checks
  • Add check for cross site scripting via inline renders
  • Add check for CVE-2014-7829
  • Fix parsing of <%== in ERB
  • Fix output format of command interpolation
  • Fix CVE for CVE-2011-2932
latest releases: v5.1.1, v5.1.0, v5.0.4...
6 years ago