github presidentbeef/brakeman v4.5.1
4.5.1

latest releases: v6.1.2.1, v6.1.2, v6.1.1...
4 years ago
  • Add initial Rails 6 support
  • Add optional check for config.force_ssl (#1181)
  • Add deserialization warning for Oj.load/object_load
  • Add SQL injection checks for destroy_by/delete_by
  • Add SQL injection checks for find_or_create_by and friends
  • Check link_to with block for href XSS (#1339)
  • Convert !! calls to boolean value (#1343)
  • Use relative paths for __FILE__
  • Represent file paths internally as Brakeman::FilePath
  • Handle empty partial names
  • Handle trailing comma in block args
  • Remove code for Ruby versions prior to 1.9

Don't miss a new brakeman release

NewReleases is sending notifications on new releases.