SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for rubygem-brakeman-doc-1.9.0-21.13.x86_64.rpm :
Wed Dec 26 13:00:00 2012 cooloAATTsuse.com
- updated to version 1.9.0

* Update to RubyParser 3

* Ignore route information by default

* Support `strong_parameters`

* Support newer `validates :format` call

* Add scan time to reports

* Add Brakeman version to reports

* Fix `CheckExecute` to warn on all string interpolation

* Fix false positive on `to_sql` calls

* Don\'t mangle whitespace in JSON code formatting

* Add AppTree as facade for filesystem (brynary)

* Add link for translate vulnerability warning (grosser)

* Rename LICENSE to MIT-LICENSE, remove from README (grosser)

* Add Rakefile to run tests (grosser)

* Better default config file locations (grosser)

* Reduce Sexp creation

* Handle empty model files

* Remove \"find by regex\" feature from `CallIndex`

Wed Nov 14 13:00:00 2012 cooloAATTsuse.com
- updated to version 1.8.3

* Use `multi_json` gem for better harmony

* Performance improvement for call indexing

* Fix issue with processing HAML files

* Handle pre-release versions when processing `Gemfile.lock`

* Only check first argument of `redirect_to`

* Fix false positives from `Model.arel_table` accesses

* Fix false positives on redirects to models decorated with Draper gem

* Fix false positive on redirect to model association

* Fix false positive on `YAML.load`

* Fix false positive XSS on any `to_i` output

* Fix error on Rails 2 name routes with no args

* Fix error in rescan of mixins with symbols in method name

* Do not rescan non-Ruby files in config/

Fri Oct 26 14:00:00 2012 cooloAATTsuse.com
- updated to version 1.8.2

* Fixed rescanning problems caused by 1.8.0 changes

* Fix scope calls with single argument

* Report specific model name in rendered collections

* Handle overwritten JSON escape settings

* Much improved test coverage

* Add CHANGES to gemspec

Tue Sep 25 14:00:00 2012 cooloAATTsuse.com
- updated to version 1.8.1

* Recover from errors in output formatting

* Fix false positive in redirect_to (Neil Matatall)

* Fix problems with removal of `Sexp#method_missing`

* Fix array indexing in alias processing

* Fix old mail_to vulnerability check

* Fix rescans when only controller action changes

* Allow comparison of versions with unequal lengths

* Handle super calls with blocks

* Respect `-q` flag for \"Rails 3 detected\" message

Thu Sep 6 14:00:00 2012 cooloAATTsuse.com
- updated to version 1.8.0

* Support relative paths in reports (fsword)

* Allow Brakeman to be run without tty (fsword)

* Fix exit code with --compare (fsword)

* Fix --rake option (Deepak Kumar)

* Add high confidence warnings for to_json XSS (Neil Matatall)

* Fix redirect_to false negative

* Fix duplicate warnings with raw calls

* Fix shadowing of rendered partials

* Add “render chain” to HTML reports

* Add check for XSS in content_tag

* Add full backtrace for errors in debug mode

* Treat model attributes in or expressions as immediate values

* Switch to method access for Sexp nodes

Sun Aug 26 14:00:00 2012 cooloAATTsuse.com
- updated to version 1.7.1

Wed Aug 1 14:00:00 2012 cooloAATTsuse.com
- updated to version 1.7.0

Sat Jul 28 14:00:00 2012 cooloAATTsuse.com
- update to latest gem2rpm

Fri Jun 22 14:00:00 2012 cooloAATTsuse.com
- update to 1.6.2
Add checks for CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695 (Dave Worth)
Avoid warning when redirecting to a model instance
Raise confidence level for model attributes in redirects
Add request.parameters as a parameters hash
Return non-zero exit code when missing dependencies
Fix before_filter :except logic
Only accept symbol literals as before_filter names
Cache before_filter lookups
Turn off quiet mode by default for --compare

Wed Apr 25 14:00:00 2012 cooloAATTsuse.com
- update to 1.6.0
Remove the Ruport dependency (Neil Matatall)
Add more informational JSON output (Neil Matatall)
Add comparison to previous JSON report (Neil Matatall)
Add highlighting of dangerous values in HTML/text reports
Model#update_attribute should not raise mass assignment warning (Dave Worth)
Don’t check find_by_
* method for SQL injection
Fix duplicate reporting of mass assignment and SQL injection
Fix rescanning of deleted files
Properly check for rails_xss in Gemfile

Wed Apr 11 14:00:00 2012 cooloAATTsuse.com
- update to 1.5.3
Multiple output files can be specified

Mon Apr 9 14:00:00 2012 cooloAATTsuse.com
- initial package


  
ICM