Brakeman 1.9.5 is out today. Mostly bug fixes, with one new check for dynamic symbol creation. There is also a chance that changes in this release will lead to performance improvements, depending on the application being scanned.
Little trivia: this is the highest "bug fix" version number release of Brakeman ever. Also, if anyone can reproduce this Travis failure, please let me know: https://travis-ci.org/presidentbeef/brakeman/jobs/6086982 Changes since 1.9.4: * Add check for unsafe symbol creation * Do not warn on mass assignment with `slice`/`only` * Do not warn on session secret if in `.gitignore` * Fix scoping for blocks and block arguments * Fix error when modifying blocks in templates * Fix session secret check for Rails 4 * Fix crash on `before_filter` outside controller * Fix `Sexp` hash cache invalidation * Respect `quiet` option in configuration file * Convert assignment to simple `if` expressions to `or` * More fixes for assignments inside branches * Pin to ruby2ruby version 2.0.3 For more details, see the release post: http://brakemanscanner.org/blog/2013/04/05/brakeman-1-dot-9-5-released/
