Release Notes: The ability to review only the changes to a program was added. Other minor improvements and bugfixes were made.
Release Notes: Code to better support Microsoft's approach to internationalization was added along with various new rules to detect more situations. False positives were reduced and some documentation was improved.
Release Notes: This release adds more rules for finding security flaws involving cuserid, getlogin, getpass, mkstemp, getpw, memalign, gsignal, ssignal, ulimit, and usleep. It has 137 rules that it checks automatically. Lengthy text has been added to the manual to explain exactly how to use flawfinder with Vim and Emacs. An error in the --columns format has been fixed, and many shortcut single-letter commands have been added. It tries to auto-remove some false positives, and a "--falsepositive" (-F) option has been added that tries to remove many more.
Release Notes: This version fixes an extremely obscure parsing error that in very rare cases caused false reports of a vulnerability where there wasn't one. Also, readlink() has been added to the vulnerability database.
Release Notes: This release fixed a subtle code bug that caused single character constants to not be be parsed correctly under certain unusual circumstances. An error in the manual where "--minlevel" incorrectly only had one dash was fixed, and C/C ++ filename extensions are listed in the documentation.
Release Notes: This release changes the output format slightly to improve integration with other tools, and improves the RPM packaging.
Release Notes: This release improves the default output format, adds a short tutorial to the documentation, and includes various other small enhancements.
Release Notes: Entries have been added to the database to detect file openings and static character array definitions. The HTML output format has been significantly improved. There are several nice improvements in flawfinder, including a timing report. Flawfinder now (by default) skips symbolic links, and always skips special files, to counter attackers who insert malicious files in their source code directories. Finally, the documentation has been improved in various ways.
Release Notes: A fix for a bug in handling getopt_long(), and support for a new --nolink option.
Release Notes: The rule base has more than doubled to 122 rules, and the program now supports HTML output.