This release includes a bunch of changes, mostly reductions in false positions. There is one new check for denial of service through dynamic regular expressions. Rails 4 support has been improved for action filters and model scopes. Also, Markdown formatted reports have been added.
Changes since 2.4.3: * Add GitHub-flavored Markdown output format (Greg Ose) * Add check for regex denial of service (Ben Toews) * Fix false positives when sanitize is used in SQL (Jeff Yip) * Add String#intern and Hash#symbolize_keys DoS check (Jan Rusnacko) * Add support for Rails 4 before_actions and friends * Add support for RailsLTS 2.3.18.7 and 2.3.18.8 * Check for protected_attributes gem (#475) * Fix SQLi detection in chain calls in scopes (#471) * Fix false positive when :host is specified in redirect (#464) * Check all arguments in Model.select for SQLi * Move SQLi CVE checks to CheckSQLCVEs * Handle more non-literals in routes (#461) For full details, please see the release post: http://brakemanscanner.org/blog/2014/04/30/brakeman-2-dot-5-0-released/
