All Versions
135
Latest Version
Avg Release Cycle
47 days
Latest Release
414 days ago
Changelog History
Page 13
Changelog History
Page 13
-
v0.6.1 Changes
July 29, 2011- Fix XSS check for cookies as parameters in output
- Don't bother calling super in CheckSessionSettings
- Add escape_once as a safe method
- Accept '\Z' or '\z' in model validations
-
v0.6.0 Changes
July 20, 2011- Tests are in place and fully functional
- Hide errors by default in HTML output
- Warn if routes.rb cannot be found
- Narrow methods assumed to be file access
- Increase confidence for methods known to not escape output
- Fixes to output processing for Erubis
- Fixes for Rails 3 XSS checks
- Fixes to line numbers with Erubis
- Fixes to escaped output scanning
- Update CSRF CVE-2011-0447 message to be less assertive
-
v0.5.2 Changes
June 29, 2011- Output report file name when finished
- Add initial tests for Rails 2.x
- Fix ERB line numbers when using Ruby 1.9
-
v0.5.1 Changes
June 17, 2011- Fix issue with 'has_one' => in routes
-
v0.5.0 Changes
June 08, 2011- Add support for routes like get 'x/y', :to => 'ctrlr#whatever'
- Allow empty blocks in Rails 3 routes
- Check initializer for session settings
- Add line numbers to session setting warnings
- Add --checks option to list checks
-
v0.4.1 Changes
May 23, 2011- Fix reported line numbers when using new Erubis parser (Mostly affects Rails 3 apps)
-
v0.4.0 Changes
May 19, 2011- Handle Rails XSS protection properly
- More detection options for rails_xss
- Add --escape-html option
-
v0.3.2 Changes
May 12, 2011- Autodetect Rails 3 applications
- Turn on auto-escaping for Rails 3 apps
- Check Model.create() for mass assignment
-
v0.3.1 Changes
May 03, 2011- Always output a line number in tabbed output format
- Restrict characters in category name in tabbed output format to word characters and spaces, for Hudson/Jenkins plugin
-
v0.3.0 Changes
March 21, 2011- Check for SQL injection in calls using constantize()
- Check for SQL injection in calls to count_by_sql()