SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for rubygem-brakeman-1.9.0-21.9.i586.rpm :

* Wed Dec 26 2012 cooloAATTsuse.com- updated to version 1.9.0
* Update to RubyParser 3
* Ignore route information by default
* Support `strong_parameters`
* Support newer `validates :format` call
* Add scan time to reports
* Add Brakeman version to reports
* Fix `CheckExecute` to warn on all string interpolation
* Fix false positive on `to_sql` calls
* Don\'t mangle whitespace in JSON code formatting
* Add AppTree as facade for filesystem (brynary)
* Add link for translate vulnerability warning (grosser)
* Rename LICENSE to MIT-LICENSE, remove from README (grosser)
* Add Rakefile to run tests (grosser)
* Better default config file locations (grosser)
* Reduce Sexp creation
* Handle empty model files
* Remove \"find by regex\" feature from `CallIndex`
* Wed Nov 14 2012 cooloAATTsuse.com- updated to version 1.8.3
* Use `multi_json` gem for better harmony
* Performance improvement for call indexing
* Fix issue with processing HAML files
* Handle pre-release versions when processing `Gemfile.lock`
* Only check first argument of `redirect_to`
* Fix false positives from `Model.arel_table` accesses
* Fix false positives on redirects to models decorated with Draper gem
* Fix false positive on redirect to model association
* Fix false positive on `YAML.load`
* Fix false positive XSS on any `to_i` output
* Fix error on Rails 2 name routes with no args
* Fix error in rescan of mixins with symbols in method name
* Do not rescan non-Ruby files in config/
* Fri Oct 26 2012 cooloAATTsuse.com- updated to version 1.8.2
* Fixed rescanning problems caused by 1.8.0 changes
* Fix scope calls with single argument
* Report specific model name in rendered collections
* Handle overwritten JSON escape settings
* Much improved test coverage
* Add CHANGES to gemspec
* Tue Sep 25 2012 cooloAATTsuse.com- updated to version 1.8.1
* Recover from errors in output formatting
* Fix false positive in redirect_to (Neil Matatall)
* Fix problems with removal of `Sexp#method_missing`
* Fix array indexing in alias processing
* Fix old mail_to vulnerability check
* Fix rescans when only controller action changes
* Allow comparison of versions with unequal lengths
* Handle super calls with blocks
* Respect `-q` flag for \"Rails 3 detected\" message
* Thu Sep 06 2012 cooloAATTsuse.com- updated to version 1.8.0
* Support relative paths in reports (fsword)
* Allow Brakeman to be run without tty (fsword)
* Fix exit code with --compare (fsword)
* Fix --rake option (Deepak Kumar)
* Add high confidence warnings for to_json XSS (Neil Matatall)
* Fix redirect_to false negative
* Fix duplicate warnings with raw calls
* Fix shadowing of rendered partials
* Add “render chain” to HTML reports
* Add check for XSS in content_tag
* Add full backtrace for errors in debug mode
* Treat model attributes in or expressions as immediate values
* Switch to method access for Sexp nodes
* Sun Aug 26 2012 cooloAATTsuse.com- updated to version 1.7.1
* Wed Aug 01 2012 cooloAATTsuse.com- updated to version 1.7.0
* Sat Jul 28 2012 cooloAATTsuse.com- update to latest gem2rpm
* Fri Jun 22 2012 cooloAATTsuse.com- update to 1.6.2 Add checks for CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695 (Dave Worth) Avoid warning when redirecting to a model instance Raise confidence level for model attributes in redirects Add request.parameters as a parameters hash Return non-zero exit code when missing dependencies Fix before_filter :except logic Only accept symbol literals as before_filter names Cache before_filter lookups Turn off quiet mode by default for --compare
* Wed Apr 25 2012 cooloAATTsuse.com- update to 1.6.0 Remove the Ruport dependency (Neil Matatall) Add more informational JSON output (Neil Matatall) Add comparison to previous JSON report (Neil Matatall) Add highlighting of dangerous values in HTML/text reports Model#update_attribute should not raise mass assignment warning (Dave Worth) Don’t check find_by_
* method for SQL injection Fix duplicate reporting of mass assignment and SQL injection Fix rescanning of deleted files Properly check for rails_xss in Gemfile
* Wed Apr 11 2012 cooloAATTsuse.com- update to 1.5.3 Multiple output files can be specified
* Mon Apr 09 2012 cooloAATTsuse.com- initial package
  
ICM