- Add check for CVE-2018-3760
- Add
--enable
option to enable optional checks - Add Dockerfile to run Brakeman inside Docker (Ryan Kemper)
- Handle empty
secrets.yml
files (Naoki Kimura) - Ignore Tempfiles in FileAccess warnings (Christina Koller)
- Avoid warning about command injection when
String#shellescape
andShellwords.shelljoin
are used (George Ogata) - Treat
if not
likeunless
(#1225) - Fix Rails 4 configuration handling
- Set default encoding to UTF-8
- Support reading gem versions from gemspecs
- Support gem versions which are just major.minor (e.g. 3.0)
- Correctly set
rel="noreferrer"
in HTML reports - Fix thread-safety issue in CallIndex
- Fix trim mode for ERb templates in old Rails versions
- Avoid
nil
errors when concatenating arrays - Add rendered template information to render paths
- Trim some unnecessary files from bundled gems
- Deadcode and typo fixes found via Coverity
- Complete overhaul of warning message construction
- Update to Slim 4.0.1 (Jake Peterson)
- Update to RubyParser 3.12.0
- Updated license