0.5.1

Fix issue with 'has_one' => in routes

0.5.0

• Add support for routes like get 'x/y', :to => 'ctrlr#whatever'
• Allow empty blocks in Rails 3 routes
• Check initializer for session settings
• Add line numbers to session setting warnings
• Add --checks option to list checks

0.4.1

Fix reported line numbers when using new Erubis parser (mostly affects Rails 3 apps).

0.4.0

• Handle Rails XSS protection properly
• More detection options for rails_xss
• Add --escape-html option

0.3.2

• Autodetect Rails 3 applications
• Turn on auto-escaping for Rails 3 apps
• Check Model.create() for mass assignment

0.3.1

• Always output a line number in tabbed output format
• Restrict characters in category name in tabbed output format to word characters and spaces, for Hudson/Jenkins plugin

0.2.2

• Fix version_between? when no Rails version is specified

0.2.1

• Add code snippet to tab output messages

0.2.0

• Add check for mail_to vulnerability - CVE-2011-0446
• Add check for CSRF weakness - CVE-2011-0447

0.1.1

• Be more permissive with ActiveSupport version