Releases: presidentbeef/brakeman
Releases · presidentbeef/brakeman
0.5.1
Fix issue with 'has_one' => in routes
0.5.0
- Add support for routes like get 'x/y', :to => 'ctrlr#whatever'
- Allow empty blocks in Rails 3 routes
- Check initializer for session settings
- Add line numbers to session setting warnings
- Add --checks option to list checks
0.4.1
Fix reported line numbers when using new Erubis parser (mostly affects Rails 3 apps).
0.4.0
- Handle Rails XSS protection properly
- More detection options for rails_xss
- Add --escape-html option
0.3.2
- Autodetect Rails 3 applications
- Turn on auto-escaping for Rails 3 apps
- Check Model.create() for mass assignment
0.3.1
- Always output a line number in tabbed output format
- Restrict characters in category name in tabbed output format to word characters and spaces, for Hudson/Jenkins plugin
0.2.2
- Fix version_between? when no Rails version is specified
0.2.1
- Add code snippet to tab output messages
0.2.0
- Add check for mail_to vulnerability - CVE-2011-0446
- Add check for CSRF weakness - CVE-2011-0447
0.1.1
- Be more permissive with ActiveSupport version