![]() These fingerprints are warnings that are configured to be ignored, but no longer exist. When using the -compare option, the output JSON will now include an obsolete key with an array of fingerprints. ( changes Obsolete Warnings in Comparison Report Now Brakeman correctly handles the default configuration values.īrakeman will no longer warn about user input in content_tag attribute names in Rails 6.1.6+ Brakeman assumed the protection was enabled based on the Rails version. Since Rails 5.2.0, new applications have had cross-site request forgery protection enabled. ( changes) Missing CSRF Protection Warning Official support for the 2.x line of Ruby has ended, so it is a good time to bump up the minimum requirement and adopt more modern language features. The minimum Ruby version to run Brakeman is now 3.0.0. But since it has been eight years since Ruby 1.9 has been unmaintained… it is time to let go. Brakeman was depending on the ruby_parser-legacy gem for these older versions. Ruby_parser, the gem Brakeman depends on for parsing Ruby, dropped support quite a while ago. This version of Brakeman no longer supports parsing Ruby 1.8/1.9 syntax. ![]() Scan directories that include the word public.Fix false positive with content_tag in newer Rails ( #1778).Warn about missing CSRF protection when defaults are not loaded ( Chris Kruger).Add obsolete fingerprints to comparison report ( #1758).Brakeman 6.0 drops parsing support for Ruby 1.8/1.9, and raises the minimum Ruby version to run Brakeman to 3.0. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |