Small release!
Changes since 6.2.1:
- Revamp command injection detection in
pipeline*calls (#1862) - New end-of-support dates for Rails
- Exclude more native gems from vendored gems in
brakemangem (#1869)
Command Injection in pipeline_* calls
More specific checks for arguments to Open3 methods pipeline, pipline_r, pipeline_rw, pipeline_w, and pipeline_start to improve
both true and false positive rates.
(changes)
Updated End of Support Dates for Rails
Updated based on the updated policy.
Unfortunately, timing of this Brakeman release means Brakeman is already warning about Rails 6.1 end-of-support (ended October 1st).
(changes)
Checksums
The SHA256 sums for this release are:
d502d653699f4d451b21225ff4d19a9ec9345d23eaab5576e246185ffd7bf618 brakeman-6.2.2.gem
fb7ba15cd309f995c95d15d9e0e590f3aad6f95a5dfa030854e8806f3ba196d9 brakeman-lib-6.2.2.gem
b3a5b59a14a527bfaca4d2637765e98c12ae800c8f044b1939da578d3ed31851 brakeman-min-6.2.2.gem
Reporting Issues
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Hang out on Github for questions and discussion.