Brakeman v4.9.0 Release Notes
Release Date: 2020-08-04 // over 3 years ago-
- ➕ Add
--ensure-ignore-notes
(Eli Block) - ➕ Add check for user input in
ERB.new
(Matt Hickman) - ➕ Add check for CVE-2020-8166 (Jamie Finnigan)
- Always scan
environment.rb
- ⚠ Avoid warning when
safe_yaml
is used viaYAML.load(..., safe: true)
- Do not warn about mass assignment with
params.permit!.slice
- Ignore
params.permit!
in path helpers - Treat
Dir.glob
as safe source of values in guards - ✂ Remove whitelist/blacklist language, add clarifications
- ➕ Add "full call" information to call index results
- ⚡️ Updated Slim dependency (Jeremiah Church)
- ➕ Add