Brakeman 1.2.1 has been released!
The most noticeable change in this release is probably the fixes to
"link_to" warnings. In Rails < 3.0, "link_to" was not escaping the body
of the tag. This would lead to warnings like
Unescaped model attribute in link_to near line ...
Brakeman was not checking the Rails version number when generating
these warnings, but now it will! If you are using Rails 3.x or Rails 2.x
with the "rails_xss" gem, then these warnings will no longer be
reported.
Changes since 1.2.0:
* Remove link_to warning for Rails 3.x or when using rails_xss
* Don't warn if first argument to link_to is escaped
* Detect usage of attr_accessible with no arguments
* Fix error when rendering a partial from a view but not through a
controller
* Fix some issues with rails_xss, CheckCrossSiteScripting, and
CheckTranslateBug
* Simplify Brakeman Rake task
* Avoid modifying $VERBOSE
* Add Brakeman::RescanReport#to_s
* Add Brakeman::Warning#to_s
Thanks to Neil Matatall, Andreas Kemkes, and Justin Wiley for reporting
issues which were fixed in this release!
Full announcement:
http://brakemanscanner.org/blog/2012/01/20/brakeman-1-dot-2-1-released/
