A new gem version has been released because the 2.4.2 gem was not signed. No other changes were introduced.
As a reminder, the Brakeman gems are (supposed to be) signed and can be verified with this certificate.
To verify on installation:
gem cert --add <(curl -Ls https://raw.github.com/presidentbeef/brakeman/master/brakeman-public_cert.pem) gem install brakeman -P MediumSecurity
“HighSecurity” requires all dependencies to be signed as well, which is unlikely.
There is some weirdness around
-P MediumSecurity currently. The simplest solution seems to be:
gem install brakeman # Install Brakeman and all dependencies gem uninstall brakeman # Remove the Brakeman gem gem install brakeman -P MediumSecurity # Install Brakeman gem and check signature
The SHA1 sums for this release are
16b4890fa8ee6bad1d429a12bf3f0cb8e76cb2d8 brakeman-2.4.3.gem be5743d77140e64b75eefc53f8697f767ab370d9 brakeman-min-2.4.3.gem