This was supposed to be a 1.0.1 release, but quite a bit of code changed.
Changes since 1.0:
- Relax required versions for dependencies (this is for Bundler users)
- Performance improvements for source processing
- Better progress reporting
- Handle basic operators like << + - * /
- Rescue more errors to prevent Brakeman from completely bailing out
- Compatibility with newer Haml versions
- Fix some 1.9 warnings
The version dependencies for Brakeman have been relaxed somewhat, so it should work fine if included in a Rails 3 Gemfile. Unfortunately, this makes it a little harder to be sure it will work with all setups. Please report any problems!
The 1.0 release reduced the time taken for running the vulnerability checks, but (unrelatedly) the time for processing the source code increased.
This release makes some improvements that should improve scan times. If it takes an intolerable amount of time for scans (more than 5-10 minutes), try using the
--faster option. This will possibly report fewer vulnerabilities, but should be much faster.
Brakeman will now provide better feedback about its progress while processing applications. For even more output, use the
Handle More Operators
See here for the kinds of simple processing Brakeman can do.
Rescue More Errors
Brakeman does its best to never completely abort execution and tries to always provide an analysis of whatever it can manage. This release rescues exceptions that may occur while processing configurations and Gemfiles.