Changes since 5.1.2:
- Initial Rails 7 support (#1653)
- Add new checks for unsupported Ruby and Rails version
- Fix issue with calls to
foo.rootin routes (#1640) - Ignore
I18n.localein SQL queries (#1597) - Do not treat
sanitize_sql_likeas safe - Bundled version of
ruby_parserupdated to 3.18.1 - Require Ruby 2.5.0+ (#1649)
Initial Rails 7 Support
Nothing special here, but the -7 option is available and Brakeman won’t think a Rails 7 app is a Rails 2 app.
(changes)
New Checks for Unmaintained Software
Brakeman will now warn about use of Ruby or Rails versions which are no longer maintained.
Unlike other warnings, these new checks have a time component and will change as the end-of-life dates approach:
- 60 days until EOL: Low warning
- 30 days until EOL: Medium warning
- EOL+: High warning
(changes)
Bug Fix in Routes
Calls to something.root will no longer cause Brakeman to freak out.
(changes)
SQL Injection Updates
I18n.locale is ignored in SQL queries.
(changes)
sanitize_sql_like is no longer treated as “safe”. It only escapes LIKE-specific characters such as % but does not prevent SQL injection.
(changes)
Reporting Issues
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Follow @brakeman on Twitter and hang out on Gitter for questions and discussion.