(Sorry if this is a duplicate, email server is all messed up today) As mentioned previously, Brakeman 2.0 is essentially a chance to break some backwards compatibility. No especially awesome new features are planned.
Planned changes that may break stuff: * Remove deprecated automatic config file locations * Use relative paths in JSON output by default * Remove timestamp from JSON output (it duplicates "end_time") * Combine YAML/Marshal/JSON/CSV load checks into single check * Change "Cross-Site Request Forgery" to "Cross Site Request Forgery" * Update warning messages for consistency, brevity, etc. Planned changes that are not especially dangerous: * Bump confidence on mass assignment with attr_protected to medium * Fix false positive reports of Model#id and to_json * Fix how mixin methods are handled - need to be duped The full roadmap is here: https://github.com/presidentbeef/brakeman/wiki/Roadmap If there are any other breaking changes you would like to see included, please discuss here or file an issue. Thanks! -Justin
