This is a small release with mostly bug fixes. However, it does introduce the ability to have "optional" checks - rules that will not be run by default. This opens the door to more experimentation and checks that may be unfit for general consumption for one reason or another (slow, lots of false positives, etc.)
Please note I am serious about 3.0 coming very soon, as I have a backlog of breaking changes I would like to introduce (https://github.com/presidentbeef/brakeman/wiki/Roadmap#30). Let me know if there are some you would like to see. Changes since 2.6.2: * Add framework for optional checks * Add optional check for unscoped find queries (Ben Toews) * Fix stack overflow for cycles in class ancestors (Jeff Rafter) * Fix stack overflow in `ProcessHelper#class_name` * Whitelist `exists` arel method from SQL injection check * Avoid warning about Symbol DoS on safe parameters as method targets For full details, please see the release post: http://brakemanscanner.org/blog/2014/10/13/brakeman-2-dot-6-3-released/