v0.13.0

v0.13.0

• Removed
  • Support for minimum Elixir versions 1.5 & 1.6 (POTENTIALLY BREAKING - only applies if you relied on Elixir 1.5 or 1.6, 1.7+ is still supported)
• Enhancements
  • Fixed all credo warnings
  • Implemented all credo "Code Readability" adjustments
  • Took advantage of some credo refactoring opportunities
  • Added (sub)module documentation that was missing for some vulnerabilities and unified presentation of others
• Bug fixes
  • Fixed --details / -d not displaying correct information
  • Fixed incompatibility issue with Elixir 1.15
• Misc
  • Added mix credo --strict to project
  • Improvements to GitHub CI
    • Hex Audit
    • Compiler Warnings as Errors
    • Checks Formatting
  • Added helper mix test.all alias

v.0.12.2

v0.12.2

• Bug fixes
  • Removed :castore and introduced :verify_none to quiet warning and unblock escript usage, see #133 for more context on why this is necessary

v.0.12.1

v0.12.1

• Bug fixes
  • Lowered required version of :castore to remove upgrade path issues
  • Reconfigured :verify_peer to actually use CAStore and remove warning

v.0.12.0

v0.12.0

Please note it has been quite some time between GitHub releases - please refer to the CHANGELOG for more information on what has changed since v0.8.0, the changelog below is ONLY for the changes between v.0.11.1 and v.0.12.0

• Removed
  • Support for minimum Elixir version 1.4 (POTENTIALLY BREAKING - only applies if you relied on Elixir 1.4, 1.5+ is still supported)
  • Enhancements
    • Adds support for HEEx to XSS.Raw
    • Adds --version CLI flag
    • README Improvements
      • Umbrella App usage
      • Clearer installation process
      • Layout changes
    • Updated dependencies
  • Bug fixes
    • Adds to_string() to exit_on
    • Sets SSL opt verify_peer in version check
    • Reworks -v, --verbose printing to not use the now deprecated Macro.to_string/2
  • Misc
    • Allows atom values for threshold in config file
    • Uses SPDX ID for licenses in mixfile
    • Fixed typo

v0.8.0

v0.8.0

• Enhancements

  • Improve output consistency
    • All JSON findings contain type, file, and line keys
    • "Line" output now refers directly to the vulnerable line
    • Default output headers have been normalized

  Note: If you depend on the structure of the output, this
  may be a breaking change. More information can be found at
  https://sobelow.io.

v0.7.8

v0.7.8

• Enhancements

  • Add --threshold flag
  • Add module names to finding output

• Deprecations

  • File/Path check has been deprecated

• Bug Fixes

  • Fix inaccurate CSRF details

v0.7.2 - Enhancements

v0.7.2

• Enhancements
  • Add router path to config findings
  • Add --out flag for writing to file

v0.7.1 - Enhancements

v0.7.1

• Enhancements
  • Improved handling of JSON format
  • Additional checks for File functions

v0.7.0 - Enhancements and Bug Fixes

v0.7.0

• Enhancements

  • Improved handling of vulnerabilities within templates.

• Bug Fixes

  • Sobelow no longer incorrectly flags :binary send_download functions.

v0.6.9 - Enhancements

v0.6.9

• Enhancements

  • Improve template parsing and validation.
  • Support multiple routers, and improve route discovery.

• Misc.

  • Update language for missing directory.