SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby3.1-rubygem-brakeman-5.4.0-lp154.3.3.x86_64.rpm :

* Wed Dec 07 2022 Stephan Kulow updated to version 5.4.0 see installed CHANGES.md
* Sun Nov 27 2022 Georg Pfuetzenreuter - Update to version 5.4.0
* Mon Aug 29 2022 Stephan Kulow updated to version 5.3.1 see installed CHANGES.md
* Thu Aug 04 2022 Stephan Kulow updated to version 5.2.3 see installed CHANGES.md
* Thu Apr 28 2022 Stephan Kulow updated to version 5.2.2 see installed CHANGES.md
* Tue Feb 15 2022 Stephan Kulow updated to version 5.2.1 see installed CHANGES.md
* Tue Jan 25 2022 Stephan Kulow updated to version 5.2.0 see installed CHANGES.md
* Mon Jul 26 2021 Stephan Kulow updated to version 5.1.1 see installed CHANGES.md
* Thu Jun 24 2021 Stephan Kulow updated to version 5.0.4 see installed CHANGES.md
* Wed Jan 20 2021 Stephan Kulow updated to version 4.10.1 see installed CHANGES.md
* Fri Sep 25 2020 Stephan Kulow updated to version 4.9.1 see installed CHANGES.md
* Thu May 07 2020 Stephan Kulow - updated to version 4.8.1 see installed CHANGES.md
* Mon Feb 10 2020 Stephan Kulow - updated to version 4.7.2 see installed CHANGES.md
* Fri Jul 19 2019 Stephan Kulow - updated to version 4.5.1 see installed CHANGES.md
* Fri Mar 29 2019 Stephan Kulow - updated to version 4.5.0 see installed CHANGES.md 1.0.5 - ---- - fixed [#80](https://github.com/dtao/safe_yaml/issues/80): uninitialized constant DateTime
* Sat Mar 02 2019 Stephan Kulow - updated to version 4.4.0 see installed CHANGES.md
* Thu Jun 07 2018 factory-autoAATTkulow.org- updated to version 4.3.1 see installed CHANGES.md
* Wed May 16 2018 factory-autoAATTkulow.org- updated to version 4.3.0 see installed CHANGES.md
* Sat Mar 24 2018 factory-autoAATTkulow.org- updated to version 4.2.1 see installed CHANGES.md
* Fri Feb 23 2018 factory-autoAATTkulow.org- updated to version 4.2.0 see installed CHANGES.md
* Tue Jan 09 2018 cooloAATTsuse.com- updated to version 4.1.1 see installed CHANGES.md
* Thu Dec 14 2017 cooloAATTsuse.com- updated to version 4.1.0 see installed CHANGES
* Wed Oct 11 2017 cooloAATTsuse.com- updated to version 4.0.1 see installed CHANGES
* Mon Aug 28 2017 cooloAATTsuse.com- updated to version 3.7.2 see installed CHANGES
* Thu Aug 03 2017 cooloAATTsuse.com- updated to version 3.7.0 see installed CHANGES
* Tue May 23 2017 cooloAATTsuse.com- updated to version 3.6.2 see installed CHANGES
* Mon Mar 27 2017 cooloAATTsuse.com- updated to version 3.6.1 see installed CHANGES
* Fri Mar 24 2017 cooloAATTsuse.com- updated to version 3.6.0 see installed CHANGES
* Thu Feb 02 2017 cooloAATTsuse.com- updated to version 3.5.0 see installed CHANGES
* Thu Nov 03 2016 cooloAATTsuse.com- updated to version 3.4.1 see installed CHANGES
* Thu Sep 08 2016 cooloAATTsuse.com- updated to version 3.4.0 see installed CHANGES
* Sat Aug 13 2016 cooloAATTsuse.com- updated to version 3.3.5 see installed CHANGES
* Thu Jul 21 2016 cooloAATTsuse.com- updated to version 3.3.3 see installed CHANGES
* Mon Jun 13 2016 cooloAATTsuse.com- updated to version 3.3.2 see installed CHANGES
* Fri Jun 03 2016 cooloAATTsuse.com- updated to version 3.3.1 see installed CHANGES 3.0.7 (2016-05-22)
* Add additional attributes feature to shortcuts
* Freeze string literals
* Fri May 06 2016 cooloAATTsuse.com- updated to version 3.3.0 see installed CHANGES
* Wed Mar 02 2016 cooloAATTsuse.com- updated to version 3.2.1 see installed CHANGES [#] 3.2.1
* Remove `multi_json` dependency from `bin/brakeman`
* Thu Feb 25 2016 cooloAATTsuse.com- updated to version 3.2.0 see installed CHANGES [#] 3.2.0
* Skip Symbol DoS check on Rails 5
* Only update ignore config file on changes
* Sort ignore config file
* Support calls using `&.` operator
* Update ruby_parser dependency to 3.8.1
* Remove `fastercsv` dependency
* Fix finding calls with `targets: nil`
* Remove `multi-json` dependecy
* Handle CoffeeScript in HAML
* Avoid render warnings about params[:action]/params[:controller]
* Index calls in class bodies but outside methods
* Fri Jan 29 2016 cooloAATTsuse.com- updated to version 3.1.5 see installed CHANGES [#] 3.1.5
* Fix CodeClimate construction of --only-files (Will Fleming)
* Add check for denial of service via routes (CVE-2015-7581)
* Warn about RCE with `render params` (CVE-2016-0752)
* Add check for `strip_tags` XSS (CVE-2015-7579)
* Add check for `sanitize` XSS (CVE-2015-7578/80)
* Add check for `reject_if` proc bypass (CVE-2015-7577)
* Add check for mime-type denial of service (CVE-2016-0751)
* Add check for basic auth timing attack (CVE-2015-7576)
* Add initial Rails 5 support
* Check for implict integer comparison in dynamic finders
* Support directories better in --only-files and --skip-files (Patrick Toomey)
* Avoid warning about `permit` in SQL
* Handle guards using `detect`
* Avoid warning on user input in comparisons
* Handle module names with self methods
* Add session manipulation documentation
* Wed Dec 23 2015 cooloAATTsuse.com- updated to version 3.1.4 see installed CHANGES [#] 3.1.4
* Emit brakeman\'s native fingerprints for Code Climate engine (Noah Davis)
* Ignore secrets.yml if in .gitignore
* Clean up Ruby warnings (Andy Waite)
* Increase test coverage for option parsing (Zander Mackie)
* Work around safe_yaml error
* Fri Dec 04 2015 cooloAATTsuse.com- updated to version 3.1.3 see installed CHANGES [#] 3.1.3
* Check for session secret in secrets.yml
* Respect `exit_on_warn` in config file
* Avoid warning on `without_protection: true` with hash literals
* Make sure before_filter call with block is still a call
* CallIndex improvements
* Restore minimum Highline version (Kevin Glowacz)
* Add Code Climate output format (Ashley Baldwin-Hunter/Devon Blandin/John Pignata/Michael Bernstein)
* Iteratively replace values
* Output nil instead of false for user_input in JSON
* Depend on safe_yaml 1.0 or later
* Test coverage improvements for Brakema module (Bethany Rentz)
* Thu Oct 29 2015 cooloAATTsuse.com- updated to version 3.1.2 see installed CHANGES [#] 3.1.2
* Treat `current_user` like a model
* Set user input value for inline renders
* Avoid warning on inline renders with safe content types
* Handle empty interpolation in HAML filters
* Ignore filters that are not method names
* Avoid warning about model find/find_by
* in hrefs
* Use SafeYAML to load configuration files
* Warn on SQL query keys, not values in hashes
* Allow inspection of recursive Sexps
* Add line numbers to class-level warnings
* Handle `private def ...`
* Catch divide-by-zero in alias processing
* Reduce string allocations in Warning#initialize
* Sortable tables in HTML report (David Lanner)
* Search for config file relative to application root
* Thu Sep 24 2015 cooloAATTsuse.com- updated to version 3.1.1 see installed CHANGES [#] 3.1.1
* Add optional check for use of MD5 and SHA1
* Avoid warning when linking to decorated models
* Add check for user input in session keys
* Fix chained assignment
* Treat a.try(&:b) like a.b()
* Consider j/escape_javascript safe inside HAML JavaScript blocks
* Better HAML processing of find_and_preserve calls
* Add more Arel methods to be ignored in SQL
* Fix absolute paths for Windows (Cody Frederick)
* Support newer terminal-table releases
* Allow searching call index methods by regex (Alex Ianus)
* Tue Sep 01 2015 cooloAATTsuse.com- updated to version 3.1.0 see installed CHANGES [#] 3.1.0
* Add support for gems.rb/gems.locked
* Update render path information in JSON reports
* Remove renaming of several Sexp nodes
* Convert YAML config keys to symbols (Karl Glaser)
* Use railties version if rails gem is missing (Lucas Mazza)
* Warn about unverified SSL mode in Net::HTTP.start
* Add Model, Controller, Template, Config classes internally
* Report file being parsed in debug output
* Update dependencies to Ruby 1.8 incompatible versions
* Treat Array.new and Hash.new as arrays/hashes
* Fix handling of string concatenation with existing string
* Treat html_safe like raw()
* Fix low confidence XSS warning code
* Avoid warning on path creation methods in link_to
* Expand safe methods to match methods with targets
* Avoid duplicate eval() warnings
* Tue Jun 23 2015 cooloAATTsuse.com- updated to version 3.0.5 see installed CHANGES [#] 3.0.5
* Fix check for CVE-2015-3227
* Fri Jun 19 2015 cooloAATTsuse.com- updated to version 3.0.4 see installed CHANGES [#] 3.0.4
* Add check for CVE-2015-3226 (XSS via JSON keys)
* Add check for CVE-2015-3227 (XML DoS)
* Treat `<%==` as unescaped output
* Update `ruby_parser` dependency to 3.7.0
* Fri May 01 2015 cooloAATTsuse.com- updated to version 3.0.3 see installed CHANGES [#] 3.0.3
* Ignore more Arel methods in SQL
* Warn about protect_from_forgery without exceptions (Neil Matatall)
* Handle lambdas as filters
* Ignore quoted_table_name in SQL (Gabriel Sobrinho)
* Warn about RCE and file access with `open`
* Handle array include? guard conditionals
* Do not ignore targets of `to_s` in SQL
* Add Rake task to exit with error code on warnings (masarakki)
* Tue Mar 10 2015 cooloAATTsuse.com- updated to version 3.0.2
* Mon Feb 09 2015 cooloAATTsuse.com- updated to version 3.0.1
* Avoid protect_from_forgery warning unless ApplicationController inherits from ActionController::Base
* Properly format command interpolation (again)
* Remove Slim dependency (Casey West)
* Allow for controllers/models/templates in directories under `app/` (Neal Harris)
* Add `--add-libs-path` for additional libraries (Patrick Toomey)
* Properly process libraries (Patrick Toomey) [#] 3.0.0
* Add check for CVE-2014-7829
* Add check for cross site scripting via inline renders
* Fix formatting of command interpolation
* Local variables are no longer formatted as `(local var)`
* Actually skip skipped before filters
* `--exit-on-warn --compare` only returns error code on new warnings (Jeff Yip)
* Fix parsing of `<%==` in ERB
* Sort warnings by fingerprint in JSON report (Jeff Yip)
* Handle symmetric multiple assignment
* Do not branch for self attribute assignment `x = x.y`
* Fix CVE for CVE-2011-2932
* Remove \"fake filters\" from warning fingerpints
* Index calls in `lib/` files
* Move Symbol DoS to optional checks
* CVEs report correct line and file name (Gemfile/Gemfile.lock) (Rob Fletcher)
* Change `--separate-models` to be the default
* Mon Nov 03 2014 tboergerAATTsuse.com- Updated to 2.6.3 - 2.6.3 - Whitelist `exists` arel method from SQL injection check - Avoid warning about Symbol DoS on safe parameters as method targets - Fix stack overflow in ProcessHelper#class_name - Add optional check for unscoped find queries (Ben Toews) - Add framework for optional checks - Fix stack overflow for cycles in class ancestors (Jeff Rafter) - 2.6.2 - Add check for CVE-2014-3415 - Avoid warning about symbolizing safe parameters - Update ruby2ruby dependency to 2.1.1 - Expand app path in one place instead of all over (Jeff Rafter) - Add `--add-checks-path` option for external checks (Clint Gibler) - Fix SQL injection detection in deep nested string building - Add `-4` option to force Rails 4 mode - Check entire call for `send` - Check for .gitignore of secrets in subdirectories - Fix block statment endings in Erubis - Fix undefined variable in controller processing error (Jason Barnabe)
* Mon Oct 13 2014 cooloAATTsuse.com- adapt to new rubygem packaging
  
ICM