This release of Brakeman includes some big internal refactorings as well as a bunch of bug fixes. For anyone writing code for Brakeman, the Sexp class has been extended with methods for accessing child nodes instead of using array-like access. New code should use these methods if possible (docs: http://rdoc.info/gems/brakeman/Sexp). Note that these methods also "type check" the node, which caught quite a few bugs and should help Brakeman be more robust in the future.
Some new features include: showing the full "render chain" (from controller to view) for view warnings in HTML reports, full backtraces in debug mode, and an option for relative paths in reports. Changes since 1.7.1: * Support relative paths in reports (fsword) * Allow Brakeman to be run without tty (fsword) * Fix exit code with `--compare` (fsword) * Fix `--rake` option (Deepak Kumar) * Add high confidence warnings for `to_json` output (Neil Matatall) * Fix `redirect_to` false negative * Fix duplicate warnings with `raw` calls * Fix shadowing of rendered partials * Add "render chain" to HTML reports * Add check for XSS in `content_tag` * Add full backtrace for errors in debug mode * Switch to method access for Sexp nodes * Treat model attributes in `or` expressions as immediate values Full details here: http://brakemanscanner.org/blog/2012/09/04/brakeman-1-dot-8-0-released/
