All Versions
135
Latest Version
Avg Release Cycle
47 days
Latest Release
304 days ago
Changelog History
Page 11
Changelog History
Page 11
-
v1.5.0 Changes
March 02, 2012- Add version check for SafeBuffer vulnerability
- Add check for select vulnerability in Rails 3
- select() is no longer considered safe in Rails 2
- Add check for skipping CSRF protection with a blacklist
- Add JSON report format
- Model#id should not be considered XSS
- Standardize methods to check for SQL injection
- Fix Rails 2 route parsing issue with nested routes
-
v1.4.0 Changes
February 24, 2012- Add check for user input in link_to href parameter
- Match ERB processing to rails_xss plugin when plugin used
- Add Brakeman::Report#to_json, Brakeman::Warning#to_json
- Warnings below minimum confidence are dropped completely
- Brakeman.run always returns a Tracker
-
v1.3.0 Changes
February 09, 2012- Add file paths to HTML report
- Add caching of filters
- Add --skip-files option
- Add support for attr_protected
- Add detection of request.env as user input
- Descriptions of checks in -k output
- Improved processing of named scopes
- Check for mass assignment in ActiveRecord::Associations::AssociationCollection#build
- Better variable substitution
- Table output option for rescan reports
-
v1.2.2 Changes
January 26, 2012- --no-progress works again
- Make CheckLinkTo a separate check
- Don't fail on unknown options to resource(s)
- Handle empty resource(s) blocks
- Add RescanReport#existing_warnings
-
v1.2.1 Changes
January 20, 2012- Remove link_to warning for Rails 3.x or when using rails_xss
- Don't warn if first argument to link_to is escaped
- Detect usage of attr_accessible with no arguments
- Fix error when rendering a partial from a view but not through a controller
- Fix some issues with rails_xss, CheckCrossSiteScripting, and CheckTranslateBug
- Simplify Brakeman Rake task
- Avoid modifying $VERBOSE
- Add Brakeman::RescanReport#to_s
- Add Brakeman::Warning#to_s
-
v1.2.0 Changes
January 14, 2012- Speed improvements for CheckExecute and CheckRender
- Check named_scope() and scope() for SQL injection
- Add --rake option to create rake task to run Brakeman
- Add experimental support for rescanning a subset of files
- Add --summary option to only output summary
- Fix a problem with Rails 3 routes
-
v1.1.0 Changes
December 22, 2011- Relax required versions for dependencies
- Performance improvements for source processing
- Better progress reporting
- Handle basic operators like << + - * /
- Rescue more errors to prevent complete crashes
- Compatibility with newer Haml versions
- Fix some warnings
-
v1.0.0 Changes
December 08, 2011- Better handling of assignments inside ifs
- Check more expressions for SQL injection
- Use latest ruby_parser for better 1.9 syntax support
- Better behavior for Brakeman as a library
-
v1.0.0.rc1 Changes
December 06, 2011- Brakeman can now be used as a library
- Faster call search
- Add option to return error code if warnings are found (tw-ngreen)
- Allow truncated messages to be expanded in HTML
- Fix summary when using warning thresholds
- Better support for Rails 3 routes
- Reduce SQL injection duplicate warnings
- Lower confidence on mass assignment with no user input
- Ignore mass assignment using all literal arguments
- Keep expanded context in view with HTML output
-
v0.9.2 Changes
November 22, 2011- Fix Rails 3 configuration parsing
- Add t() helper to check for translate XSS bug