github presidentbeef/brakeman v4.4.0
4.4.0

  • Add check for CVE-2018-3760
  • Add --enable option to enable optional checks
  • Add Dockerfile to run Brakeman inside Docker (Ryan Kemper)
  • Handle empty secrets.yml files (Naoki Kimura)
  • Ignore Tempfiles in FileAccess warnings (Christina Koller)
  • Avoid warning about command injection when String#shellescape and Shellwords.shelljoin are used (George Ogata)
  • Treat if not like unless (#1225)
  • Fix Rails 4 configuration handling
  • Set default encoding to UTF-8
  • Support reading gem versions from gemspecs
  • Support gem versions which are just major.minor (e.g. 3.0)
  • Correctly set rel="noreferrer" in HTML reports
  • Fix thread-safety issue in CallIndex
  • Fix trim mode for ERb templates in old Rails versions
  • Avoid nil errors when concatenating arrays
  • Add rendered template information to render paths
  • Trim some unnecessary files from bundled gems
  • Deadcode and typo fixes found via Coverity
  • Complete overhaul of warning message construction
  • Update to Slim 4.0.1 (Jake Peterson)
  • Update to RubyParser 3.12.0
  • Updated license
latest releases: v5.1.1, v5.1.0, v5.0.4...
2 years ago