Changes since 3.3.3:
- Add generic warning for CVE-2016-6316
- Warn about dangerous use of
- Add warning for CVE-2016-6317
- Use Minitest
Changes since 3.3.4:
- Fix bug in reports when using
Typically Rails will escape attribute values passed to tag helpers like
content_tag. If the attribute has already been marked as “safe” with
.html_safe or (more likely) a different escaping helper like
sanitize, the tag helper will not escape the value again (that is the purpose of
.html_safe). However, not all sanitizers/escape methods escape double quotes, which are dangerous inside of tag attributes. In particular, double quotes allow an attacker to close the current attribute and insert new attributes (like
Brakeman will issue a generic warning about CVE-2016-6316 for affected versions and may generate warnings for potentially dangerous calls to
The JSON bug is back. Specially-crafted queries can cause parameters to be interpreted as empty hashes, which may cause unexpected behavior in SQL queries.
Brakeman will generate a generic warning for affected versions (4.2 series).
Unrelated, Brakeman now uses Minitest instead of test-unit.
The SHA256 sums for this release are
7231e00bdb4353ee7e91e5f1e60e34cf29b5563e6f7e1e5478223e72568c493a brakeman-3.3.5.gem c07e282c2e1733f8d7db4a4ffefe22e7e38a62ddfd750f0866c0b49070cb61c9 brakeman-lib-3.3.5.gem a7f8e6fa8eb4254b7ad17080180289794a02641b1f2ec362de57cfdb2f1535be brakeman-min-3.3.5.gem
Thank you to everyone who reported bugs.