Sorry for the delay. Brakeman 1.4.0 was released yesterday. Work on Brakeman is picking up again. This is not a huge release, but there is a new check for the href parameter for `link_to` and some internal changes.
Changes since 1.3.0: * Add check for user input in link_to href parameter (Neil Matatall) * Match ERB processing to rails_xss plugin when plugin used * Add Brakeman::Report#to_json, Brakeman::Warning#to_json * Warnings below minimum confidence are dropped completely * Brakeman.run will now always return a Tracker See the blog post for more information: http://brakemanscanner.org/blog/2012/02/25/brakeman-1-dot-4-0-released/
