All Versions
135
Latest Version
Avg Release Cycle
47 days
Latest Release
304 days ago

Changelog History
Page 11

  • v1.5.0 Changes

    March 02, 2012
    • Add version check for SafeBuffer vulnerability
    • Add check for select vulnerability in Rails 3
    • select() is no longer considered safe in Rails 2
    • Add check for skipping CSRF protection with a blacklist
    • Add JSON report format
    • Model#id should not be considered XSS
    • Standardize methods to check for SQL injection
    • Fix Rails 2 route parsing issue with nested routes

  • v1.4.0 Changes

    February 24, 2012
    • Add check for user input in link_to href parameter
    • Match ERB processing to rails_xss plugin when plugin used
    • Add Brakeman::Report#to_json, Brakeman::Warning#to_json
    • Warnings below minimum confidence are dropped completely
    • Brakeman.run always returns a Tracker

  • v1.3.0 Changes

    February 09, 2012
    • Add file paths to HTML report
    • Add caching of filters
    • Add --skip-files option
    • Add support for attr_protected
    • Add detection of request.env as user input
    • Descriptions of checks in -k output
    • Improved processing of named scopes
    • Check for mass assignment in ActiveRecord::Associations::AssociationCollection#build
    • Better variable substitution
    • Table output option for rescan reports

  • v1.2.2 Changes

    January 26, 2012
    • --no-progress works again
    • Make CheckLinkTo a separate check
    • Don't fail on unknown options to resource(s)
    • Handle empty resource(s) blocks
    • Add RescanReport#existing_warnings

  • v1.2.1 Changes

    January 20, 2012
    • Remove link_to warning for Rails 3.x or when using rails_xss
    • Don't warn if first argument to link_to is escaped
    • Detect usage of attr_accessible with no arguments
    • Fix error when rendering a partial from a view but not through a controller
    • Fix some issues with rails_xss, CheckCrossSiteScripting, and CheckTranslateBug
    • Simplify Brakeman Rake task
    • Avoid modifying $VERBOSE
    • Add Brakeman::RescanReport#to_s
    • Add Brakeman::Warning#to_s

  • v1.2.0 Changes

    January 14, 2012
    • Speed improvements for CheckExecute and CheckRender
    • Check named_scope() and scope() for SQL injection
    • Add --rake option to create rake task to run Brakeman
    • Add experimental support for rescanning a subset of files
    • Add --summary option to only output summary
    • Fix a problem with Rails 3 routes

  • v1.1.0 Changes

    December 22, 2011
    • Relax required versions for dependencies
    • Performance improvements for source processing
    • Better progress reporting
    • Handle basic operators like << + - * /
    • Rescue more errors to prevent complete crashes
    • Compatibility with newer Haml versions
    • Fix some warnings

  • v1.0.0 Changes

    December 08, 2011
    • Better handling of assignments inside ifs
    • Check more expressions for SQL injection
    • Use latest ruby_parser for better 1.9 syntax support
    • Better behavior for Brakeman as a library

  • v1.0.0.rc1 Changes

    December 06, 2011
    • Brakeman can now be used as a library
    • Faster call search
    • Add option to return error code if warnings are found (tw-ngreen)
    • Allow truncated messages to be expanded in HTML
    • Fix summary when using warning thresholds
    • Better support for Rails 3 routes
    • Reduce SQL injection duplicate warnings
    • Lower confidence on mass assignment with no user input
    • Ignore mass assignment using all literal arguments
    • Keep expanded context in view with HTML output

  • v0.9.2 Changes

    November 22, 2011
    • Fix Rails 3 configuration parsing
    • Add t() helper to check for translate XSS bug