2/10/2024 0 Comments Download RSS Guard 4.4.0 freeRails 7 introduced a new protection against open directs. The default configuration values for Rails 6.1 and Rails 7.0 have been added to Brakeman. Fix file/line location for EOL software warnings.Fix issue with if expressions in when clauses ( #1743). Support presence, presence_in and in? ( #1569).Warn about unscoped find for find_by(id.Prevent redirects using url_from being marked as unsafe ( Lachlan Sylvester).Revise checking for request.env to only consider request headers.Add redirect_back and redirect_back_or_to to open redirect check.Add Rails 6.1 and 7.0 default configuration values.Several changes in this release are updates to Brakeman’s open redirect check. This report format matches the -json output. Note that the report will include all fingerprints in the ignore configuration that are not in the current report, even if they were already obsolete. These fingerprints are warnings that are configured to be ignored, but no longer exist. When using the -compare option, the output JSON will now include an obsolete key with an array of fingerprints. ( changes Obsolete Warnings in Comparison Report Now Brakeman correctly handles the default configuration values.īrakeman will no longer warn about user input in content_tag attribute names in Rails 6.1.6+ Brakeman assumed the protection was enabled based on the Rails version. Since Rails 5.2.0, new applications have had cross-site request forgery protection enabled. ( changes) Missing CSRF Protection Warning Official support for the 2.x line of Ruby has ended, so it is a good time to bump up the minimum requirement and adopt more modern language features. The minimum Ruby version to run Brakeman is now 3.0.0. But since it has been eight years since Ruby 1.9 has been unmaintained… it is time to let go. Brakeman was depending on the ruby_parser-legacy gem for these older versions. Ruby_parser, the gem Brakeman depends on for parsing Ruby, dropped support quite a while ago. This version of Brakeman no longer supports parsing Ruby 1.8/1.9 syntax. Scan directories that include the word public.Fix false positive with content_tag in newer Rails ( #1778).Warn about missing CSRF protection when defaults are not loaded ( Chris Kruger).Add obsolete fingerprints to comparison report ( #1758).Brakeman 6.0 drops parsing support for Ruby 1.8/1.9, and raises the minimum Ruby version to run Brakeman to 3.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |