- Warn about SQL injection even if target is not known ActiveRecord model
- Avoid warning about models as SQL injection (#655, #680, #833)
- Avoid warning about SQLi in
all
,first
, orlast
after Rails 4.0 - Treat templates without
.html
as HTML anyway (#790) - Report check name in JSON and plain reports (#971)
- Add
--ensure-latest
option (tamgrosser / Michael Grosser) - Add
--no-summary
to hide summaries in HTML/text reports (#963) - Fail on invalid checks specified by
-x
or-t
(#970) - Handle
included
block in concerns (#958) - Updated RubyParser/Ruby2Ruby dependencies