Re: [brakeman] Brakeman 1.6.0 is...almost released!

2012-04-19 Thread Justin Collins 
Haha, thanks. But the Ruport removal, JSON output, and JSON diffing was 
done by Neil Matatall, and Dave Worth also snuck some commits into this one.


-Justin

On 04/19/2012 07:31 PM, Michael McCabe wrote:


Justin,

You're awesome.

Thanks.

On Apr 19, 2012 10:27 PM, "Justin" > wrote:


Some significant code changes are coming in 1.6 (such as the
removal of
Ruport and new JSON output), so there is a pre-release gem available
(https://rubygems.org/gems/brakeman/versions/1.6.0.pre1) so people can
kick the tires just a little bit.

However, the full release of Brakeman 1.6 will be tomorrow (UTC-7), so
there is only a limited amount of time to get in any bug reports
before
the actual release. So please try out the pre-release gem and
report any
issues!

Major changes:

* No more Ruport for reports (yay!)
* Compare scan results to previous (JSON) reports via `--compare`!
* Rescanning and comparing results should be more accurate (in
terms of
fixed/new)!
* JSON reports are much more informative now!
* "Dangerous" user input is highlighted in text/HTML reports!
* Fixed duplicate reporting of SQL injection and mass assignment in
views!

Re: [brakeman] Brakeman 1.6.0 is...almost released!

2012-04-19 Thread Michael McCabe 
Justin,

You're awesome.

Thanks.
On Apr 19, 2012 10:27 PM, "Justin"  wrote:

> Some significant code changes are coming in 1.6 (such as the removal of
> Ruport and new JSON output), so there is a pre-release gem available
> (https://rubygems.org/gems/brakeman/versions/1.6.0.pre1) so people can
> kick the tires just a little bit.
>
> However, the full release of Brakeman 1.6 will be tomorrow (UTC-7), so
> there is only a limited amount of time to get in any bug reports before
> the actual release. So please try out the pre-release gem and report any
> issues!
>
> Major changes:
>
> * No more Ruport for reports (yay!)
> * Compare scan results to previous (JSON) reports via `--compare`!
> * Rescanning and comparing results should be more accurate (in terms of
> fixed/new)!
> * JSON reports are much more informative now!
> * "Dangerous" user input is highlighted in text/HTML reports!
> * Fixed duplicate reporting of SQL injection and mass assignment in
> views!
>