Sorry for the poor timing of this release. I pushed Ryan Davis to update ruby2ruby to use ruby_parser 3.1.1 and it broke Brakeman's dependencies. No exciting changes in this release, but there are several new checks so expect new warnings.
Changes since 1.9.0: * Add check for CVE-2012-5664 - SQL Injection * Add check for CVE-2013-0155 - SQL Injection * Add check for CVE-2013-0156 - Remote Code Execution * Add check for unsafe YAML.load * Update to RubyParser 3.1.1 (neersighted) * Remove ActiveSupport dependency (Neil Matatall) * Do not warn on arrays passed to link_to (Neil Matatall) * Warn on secret tokens * Warn on more mass assignment methods See the release post for more details: http://brakemanscanner.org/blog/2013/01/18/brakeman-1-dot-9-1-released/