Skip to content

Releases: presidentbeef/brakeman

7.0.2

04 Apr 17:29
Compare
Choose a tag to compare
  • Fix error with empty BUNDLE_GEMFILE env variable

7.0.1

04 Apr 17:28
Compare
Choose a tag to compare
  • Avoid warning on evaluation of plain strings (#1919)
  • Enable use of custom/alternative Gemfiles (#1840, #1907)
  • Fix error on directory with rb extension (viralpraxis)
  • Support terminal-table 4.0 (Chedli Bourguiba)
  • Better support Prism 1.4.0 (#1927)
  • Only output timing for each file when using --debug

7.0.0

31 Dec 06:05
Compare
Choose a tag to compare
  • Default to using Prism parser if available (disable with --no-prism)
  • Disable following symbolic links by default (re-enable with --follow-symlinks)
  • Remove updated entry in Brakeman ignore files (Toby Hsieh)
  • Major changes to how rescanning works
  • Fix hardcoded globally excluded paths (#1830)
  • Always warn about deserializing from Marshal
  • Update eval check to be a little noisier
  • Output originalBaseUriIds for SARIF format report (#1889)
  • Add step (and timing) for finding files
  • Fix recursion when handling multiple assignment expressions (#1877)
  • Fix array/hash unknown index handling
  • Update terminal-table version
  • Add CSV library as explicit dependency for Ruby 3.4 support
  • Raise minimum Ruby version to 3.1

6.2.2

18 Oct 15:52
Compare
Choose a tag to compare
  • New end-of-support dates for Rails
  • Revamp command injection detection in pipeline* calls (#1862)
  • Exclude more native gems from vendored gems in brakeman gem (#1869)

6.2.1

22 Aug 20:40
Compare
Choose a tag to compare

6.1.2

02 Feb 06:39
Compare
Choose a tag to compare
  • Avoid detecting Phlex components as dynamic render paths (Máximo Mussini)
  • Avoid detecting ViewComponentContrib::Base as dynamic render paths (vividmuimui)
  • Avoid copying Sexps that are too large (#1818, #1546)
  • Add EOL date for Ruby 3.3.0
  • Remove deprecated use of Kernel#open("|...")
  • Remove safe_yaml gem dependency
  • Update Highline to 3.0 (#1812)

6.1.1

24 Dec 07:52
Compare
Choose a tag to compare
  • Handle racc as a default gem in Ruby 3.3.0

6.1.0

05 Dec 07:06
Compare
Choose a tag to compare
  • Add check for unfiltered search with Ransack
  • Add --timing to add timing duration for scan steps
  • Add PG::Connection.escape_string as a SQL sanitization method (Joévin Soulenq)
  • Handle class << self
  • Fix class method lookup in parent classes
  • Fix keyword splats in filter arguments

6.0.0.1 - Docker only

25 May 16:11
6af53c6
Compare
Choose a tag to compare

This release is to fix the Ruby version used in the Docker image.

No other changes.

6.0.0

25 May 16:09
Compare
Choose a tag to compare
  • Drop support for Ruby 1.8/1.9 syntax
  • Raise minimum Ruby version to 3.0
  • Add obsolete fingerprints to comparison report (#1758)
  • Warn about missing CSRF protection when defaults are not loaded (Chris Kruger)
  • Fix false positive with content_tag in newer Rails (#1778)
  • Scan directories that include the word public
  • Fix end-of-life dates for Ruby