Changes since 8.0.4:
- Add
quote_schema_nameto safe quote method list (changes by Zsolt Kozaroczy) - Fix SQL injection false positive for
compact_blank/compacton permitted params (changes by Arpit Jain) - Fix inline render false positive for local named
text(changes by Arpit Jain) - Fix HAML crash on
.rawcalls (changes by Federico Franco) - Fix Ruby version parsing - especially for non-CRuby versions (changes by Chris Southerland Jr)
- Fix
TemplateAliasProcessor#template_namearity (changes by viralpraxis) - Reduce false positives when using shell escaping (changes)
Breaking with tradition, since these are all bug fixes that are pretty clear from the description I will not be writing up detailed notes.
Nearly all fixes came from the community this round - thank you all for your contributions!
Links to the pull requests are included above.
Checksums
The SHA256 sums for this release are:
03735f9690d3fd4b32d66aacbf0a6d15a84266bdd06b32c05c8ecc8f6021d2be
brakeman-8.0.5.gem
287be7e40fbada68008387564aa9a18e22494c3c3bee5eea2b91c0ab74c85f71
brakeman-lib-8.0.5.gem
cc33b87e4ed33cb20ef4fa9bba908e9a6d92c705fbd708685bf59700e58dec1c
brakeman-min-8.0.5.gem
Reporting Issues
Thank you to everyone who reported bugs and contributed to this release!
Please report any issues with this release. Take a look at this guide to reporting Brakeman problems.
Hang out on GitHub for questions and discussion.