This is a small release prompted by a potential security within 
Brakeman. Brakeman will load files potentially containing custom Haml 
filters. However, those files could also contain malicious code, which 
would be bad. For now, that entire attempt at handling Haml filters is 
removed.

*Changes since 2.1.1:*

  * Do not attempt to load custom Haml filters
  * Do not warn about `to_json` XSS in Rails 4
  * Remove fuzzy matching on dangerous `attr_accessible` values
  * Add --table-width option to set width of text reports

See the release post for full details: 
http://brakemanscanner.org/blog/2013/09/18/brakeman-2-dot-1-2-released-important-security-update/

Reply via email to