CHANGES.md in brakeman-4.3.1 vs CHANGES.md in brakeman-4.4.0

- old
+ new
@@ -1,15 +1,38 @@
+# 4.4.0
+
+* Set default encoding to UTF-8
+* Update to Slim 4.0.1 (Jake Peterson)
+* Update to RubyParser 3.12.0
+* Add rendered template information to render paths
+* Fix trim mode for ERb templates in old Rails versions
+* Fix thread-safety issue in CallIndex
+* Add `--enable` option to enable optional checks
+* Support reading gem versions from gemspecs
+* Support gem versions which are just major.minor (e.g. 3.0)
+* Treat `if not` like `unless`
+* Handle empty `secrets.yml` files (Naoki Kimura)
+* Correctly set `rel="noreferrer"` in HTML reports
+* Avoid warning about command injection when `String#shellescape` and `Shellwords.shelljoin` are used (George Ogata)
+* Add Dockerfile to run Brakeman inside Docker (Ryan Kemper)
+* Trim some unnecessary files from bundled gems
+* Add check for CVE-2018-3760
+* Avoid nils when concatenating arrays
+* Ignore Tempfiles in FileAccess warnings (Christina Koller)
+* Complete overhaul of warning message construction
+* Deadcode and typo fixes found via Coverity
+
 # 4.3.1
 
 * Ignore `Object#freeze`, use the target instead
 * Ignore `foreign_key` calls in SQL
 * Handle `included` calls outside of classes/modules
 * Add `:BRAKEMAN_SAFE_LITERAL` to represent known-safe literals
 * Handle `Array#map` and `Array#each` over literal arrays
 * Use safe literal when accessing literal hash with unknown key
 * Avoid deprecated use of ERB in Ruby 2.6 (Koichi ITO)
 * Allow `symbolize_keys` to be called on `params` in SQL (Jacob Evelyn)
-* Improve handling of conditionals in shell commands (Jacob Evenlyn)
+* Improve handling of conditionals in shell commands (Jacob Evelyn)
 * Fix error when setting line number in implicit renders
 
 # 4.3.0
 
 * Check exec-type calls even if they are targets