Brakeman 2.6.2 includes several bug fixes, two new options, and a check for CVE-2014-3415.
By the way, next week is the four year anniversary of Brakeman's first public release! Wow! Thank you to everyone who has contributed, promoted, and used Brakeman. Changes since 2.6.1: * Add check for CVE-2014-3415 * Add `--add-checks-path` option for external checks (Clint Gibler) * Add `-4` option to force Rails 4 mode * Fix SQL injection detection in deep nested string building * Check entire call for `send` * Check for .gitignore of secrets in subdirectories * Avoid warning about symbolizing safe parameters * Fix block statment endings in Erubis * Update ruby2ruby dependency to 2.1.1 * Expand app path in one place instead of all over (Jeff Rafter) * Fix undefined variable in controller processing error (Jason Barnabe) For full details, see the release post: http://brakemanscanner.org/blog/2014/08/18/brakeman-2-dot-6-2-released/