[brakeman] Brakeman 2.0.0 Released!

Mon, 20 May 2013 13:13:04 -0700 

Lots of changes in this release, but that's mostly because it's been 
over a month since 1.9.5. There are some changes in this release which 
may break external tools, thus the "2.0" version number. Also, "1.10" 
would have been next, which is ugly.

Please note the changes to JSON reports. Also, warning "fingerprints" 
should be reliable now, but please report any issues!

Changes since 1.9.5:

  * Remove "timestamp" key from JSON reports
  * Relative paths are used by default in JSON reports
  * `--absolute-paths` replaces `--relative-paths`
  * Fix fingerprint generation to actually use the file path
  * Clean up SQL CVE warning messages
  * Remove deprecated config file locations
  * Add `--only-files` option to specify files/paths to scan ([Ian 
Ehlert](https://github.com/ehlertij))
  * Add Marshal/CSV deserialization check
  * Combine Marshal/YAML/CSV deserialization checks into single check
  * Avoid duplicate "Dangerous Send" and "Unsafe Reflection" warnings
  * Avoid duplicate results for Symbol DoS check
  * Medium confidence for mass assignment to `attr_protected` models
  * Only treat classes with names containing `Controller` like controllers
  * Better handling of classes nested inside controllers
  * Better handling of controller classes nested in classes/modules
  * Handle `->` lambdas with no arguments 
([#331](https://github.com/presidentbeef/brakeman/issues/331))
  * Handle explicit block argument destructuring
  * Skip Rails config options that are real objects 
([#324](https://github.com/presidentbeef/brakeman/issues/324))
  * Detect Rails 3 JSON escape config option
  * Much better tracking of warning file names
  * Fix errors when using `--separate-models` ([Noah 
Davis](https://github.com/noahd1))
  * Fix text report console output in JRuby 
([#229](https://github.com/presidentbeef/brakeman/issues/229))
  * Fix false positives on `Model#id`
  * Fix false positives on `params.to_json`
  * Fix model path guesses to use "models/" instead of "controllers/"
  * Use exceptions instead of abort in brakeman lib 
([#230](https://github.com/presidentbeef/brakeman/issues/230))
  * Update to Ruby2Ruby 2.0.5

For details, please see the release post: 
http://brakemanscanner.org/blog/2013/05/20/brakeman-2-dot-0-0-released/

Reply via email to