Merge branch 'redcloth-4-3-2-cve-2012-6684' into 'master'

Update RedCloth to 4.3.2 for CVE-2012-6684 ## What does this MR do? To fix XSS (CVE-2012-6684), upgrade RedCloth to 4.3.2. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? Security vulnerability in RedCloth (CVE-2012-6684) should be fixed to provide GitLab as a secure software. ## What are the relevant issue numbers? Closes #19169 cf. !2037, !2071 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [n/a] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [n/a] API support added - Tests - [n/a] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4929

Merge branch 'redcloth-4-3-2-cve-2012-6684' into 'master'
Update RedCloth to 4.3.2 for CVE-2012-6684 ## What does this MR do? To fix XSS (CVE-2012-6684), upgrade RedCloth to 4.3.2. ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? Security vulnerability in RedCloth (CVE-2012-6684) should be fixed to provide GitLab as a secure software. ## What are the relevant issue numbers? Closes #19169 cf. !2037, !2071 ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [n/a] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [n/a] API support added - Tests - [n/a] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !4929
95336861 · Stan Hu · 328fbd82 · a034374f · 95336861 · 95336861
Commit 95336861 authored Jul 03, 2016 by Stan Hu
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

CHANGELOG CHANGELOG +1 -0

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +2 -2

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -38,6 +38,7 @@ v 8.9.5 (unreleased)
  - Show "locked" label for locked runners on runners admin. !4961
  - Fixes issues importing events in Import/Export. Import/Export version bumped to 0.1.1
  - Fix import button disabled when import process fail due to the namespace already been taken.
+  - Security: Update RedCloth to 4.3.2 (Takuya Noguchi)

 v 8.9.4
  - Fix privilege escalation issue with OAuth external users.

--- a/Gemfile
+++ b/Gemfile
@@ -107,7 +107,7 @@ gem 'html-pipeline', '~> 1.11.0'
 gem 'task_list',     '~> 1.0.2', require: 'task_list/railtie'
 gem 'github-markup', '~> 1.3.1'
 gem 'redcarpet',     '~> 3.3.3'
-gem 'RedCloth',      '~> 4.2.9'
+gem 'RedCloth',      '~> 4.3.2'
 gem 'rdoc',          '~>3.6'
 gem 'org-ruby',      '~> 0.9.12'
 gem 'creole',        '~> 0.5.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
 GEM
  remote: https://rubygems.org/
  specs:
-    RedCloth (4.2.9)
+    RedCloth (4.3.2)
    ace-rails-ap (4.0.2)
    actionmailer (4.2.6)
      actionpack (= 4.2.6)
@@ -803,7 +803,7 @@ PLATFORMS
  ruby

 DEPENDENCIES
-  RedCloth (~> 4.2.9)
+  RedCloth (~> 4.3.2)
  ace-rails-ap (~> 4.0.2)
  activerecord-session_store (~> 1.0.0)
  acts-as-taggable-on (~> 3.4)