Changes since 5.1.2:
- Initial Rails 7 support (#1653)
- Add new checks for unsupported Ruby and Rails version
- Fix issue with calls to
foo.rootin routes (#1640)
I18n.localein SQL queries (#1597)
- Do not treat
- Bundled version of
ruby_parserupdated to 3.18.1
- Require Ruby 2.5.0+ (#1649)
Initial Rails 7 Support
Nothing special here, but the
-7 option is available and Brakeman won’t think a Rails 7 app is a Rails 2 app.
New Checks for Unmaintained Software
Brakeman will now warn about use of Ruby or Rails versions which are no longer maintained.
Unlike other warnings, these new checks have a time component and will change as the end-of-life dates approach:
- 60 days until EOL: Low warning
- 30 days until EOL: Medium warning
- EOL+: High warning
Bug Fix in Routes
something.root will no longer cause Brakeman to freak out.
SQL Injection Updates
I18n.locale is ignored in SQL queries.
sanitize_sql_like is no longer treated as “safe”. It only escapes
LIKE-specific characters such as
% but does not prevent SQL injection.
Thank you to everyone who reported bugs and contributed to this release!