Actually released last night, but took some time to write the blog post. It has a lot of info this time :)
Sorry for the delay, but the five latest CVEs are now checked by Brakeman. This release also includes a new check for uses of `Parameters#permit!`. For the first time, this release is signed with the certificate stored in the GitHub repo, so it can be installed with `gem install brakeman -P MediumSecurity` (after adding the cert). See the blog post for more details. Changes since 2.3.0: * Add check for CVE-2013-4491 (i18n XSS) * Add check for CVE-2013-6414 (header DoS) * Add check for CVE-2013-6415 (number_to_currency) * Add check for CVE-2013-6416 (simple_format XSS) * Add check for CVE-2013-6417 (query generation) * Add check for Parameters#permit! (#281) * Fix Slim XSS false positives (Noah Davis) * Whitelist Model#create for redirects (#406) * Collapse send/try calls * Fix scoping issues with instance variables and blocks (#406) * Fix typos in reflection and translate bug messages See release post for more details: http://brakemanscanner.org/blog/2013/12/11/brakeman-2-dot-3-0-released/