Brakeman v4.7.2 Release Notes

Release Date: 2019-11-25 // 20 days ago
    • ➕ Add request.params as query parameters (#1398)
    • 🖐 Handle more permit! cases (#1426)
    • ✂ Remove version guard for named_scope vs. scope
    • Find SQL injection in String#strip_heredoc target (#1433)
    • Ensure file name is set when processing models
    • 📜 Bundle ruby_parser version 3.14.1 (#1429)

Previous changes from v4.7.1

    • Sort text report by file and line (Jacob Evelyn)
    • Catch reverse tabnabbing with :_blank symbol (Jacob Evelyn)
    • Convert s(:lambda) to s(:call) in Sexp#block_call (#1410)
    • Check string length against limit before joining
    • 🛠 Fix flaky rails4 test (Adam Kiczula)
    • 🛠 Fix errors from frozen Symbol#to_s in Ruby 2.7
    • ➕ Add release dates to each version in CHANGES (TheSpartan1980)