This release includes a ton of changes and fixes, including an update to RubyParser 3.0.4. Please note that some defaults have changed.
Changes since 1.8.3: * Update to RubyParser 3 * Ignore route information by default * Add optional "interprocedural" analysis for controllers * Properly pass instance variables between before_filters * Support `strong_parameters` gem/Rails 4 * Support newer `validates :format` call * Add scan time to reports * Add Brakeman version to reports * Don't mangle whitespace in JSON code formatting * Fix `CheckExecute` to warn on all string interpolation * Fix false positive on `to_sql` calls * Add AppTree as facade for filesystem (Bryan Helmkamp) * Add link for translate vulnerability warning (Michael Grosser) * Add Rakefile to run tests (Michael Grosser) * Better default config file locations (Michael Grosser) * Remove "find by regex" feature from `CallIndex` * Reduce Sexp creation * Handle empty model files For all the gory details: http://brakemanscanner.org/blog/2012/12/25/brakeman-1-dot-9-0-released/ Please test out the new `--interprocedural` option and report any strangeness. This may be on by default in 2.0.