Ruby on Rails Static Analysis Security Tool

Brakeman 2.3.1 Released

Two minor bugs were fixed in this release. Please see the 2.3.0 release post if you are upgrading from an earlier version.


Changes since 2.3.0:

  • Fix check for CVE-2013-4491 (i18n XSS) to detect workaround
  • Fix link for CVE-2013-6415 (number_to_currency)

i18n XSS Workaround

Brakeman 2.3.0 included a check for the official i18n XSS workaround, but it was commented out during testing and unfortunately left that way.

The link provided for CVE-2013-6415 in Brakeman 2.3.0 was copy-pasted from an older check. This has been fixed.


The SHA sums for this release are

469b209a4c72f5a1133d696575caeee1675837e7  brakeman-2.3.1.gem
827e1cdefba543f59ed5070aaa3f587d8c7d9513  brakeman-min-2.3.1.gem

Reporting Issues

Please report any issues with this release! Take a look at this guide to reporting Brakeman problems.

Also consider joining the mailing list or following @brakeman on Twitter.