Brakeman v4.5.1 Release Notes
Release Date: 2019-05-11 // almost 5 years ago-
- โ Add initial Rails 6 support
- โ Add optional check for
config.force_ssl
(#1181) - โ Add deserialization warning for
Oj.load/object_load
- Add SQL injection checks for
destroy_by
/delete_by
- Add SQL injection checks for
find_or_create_by
and friends - Check
link_to
with block for href XSS (#1339) - Convert
!!
calls to boolean value (#1343) - Use relative paths for
__FILE__
- Represent file paths internally as
Brakeman::FilePath
- ๐ Handle empty partial names
- ๐ Handle trailing comma in block args
- โ Remove code for Ruby versions prior to 1.9