Merge branch 'redcloth-4-3-2-cve-2012-6684' into 'master'
Update RedCloth to 4.3.2 for CVE-2012-6684 ## What does this MR do? To fix XSS (CVE-2012-6684), upgrade RedCloth to 4.3.2. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? Security vulnerability in RedCloth (CVE-2012-6684) should be fixed to provide GitLab as a secure software. ## What are the relevant issue numbers? Closes #19169 cf. !2037, !2071 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [n/a] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [n/a] API support added - Tests - [n/a] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4929 (cherry picked from commit 95336861)
Showing
... | @@ -106,7 +106,7 @@ gem 'html-pipeline', '~> 1.11.0' | ... | @@ -106,7 +106,7 @@ gem 'html-pipeline', '~> 1.11.0' |
gem 'task_list', '~> 1.0.2', require: 'task_list/railtie' | gem 'task_list', '~> 1.0.2', require: 'task_list/railtie' | ||
gem 'github-markup', '~> 1.3.1' | gem 'github-markup', '~> 1.3.1' | ||
gem 'redcarpet', '~> 3.3.3' | gem 'redcarpet', '~> 3.3.3' | ||
gem 'RedCloth', '~> 4.2.9' | gem 'RedCloth', '~> 4.3.2' | ||
gem 'rdoc', '~>3.6' | gem 'rdoc', '~>3.6' | ||
gem 'org-ruby', '~> 0.9.12' | gem 'org-ruby', '~> 0.9.12' | ||
gem 'creole', '~> 0.5.0' | gem 'creole', '~> 0.5.0' | ||
... | ... |
Please register or sign in to comment