Patch #34461

Update Redcarpet to 3.5.1

Added by Marius BALTEANU 5 months ago. Updated 5 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Go MAEDA% Done:

0%

Category:Gems support
Target version:4.0.8

Associated revisions

Revision 20665
Added by Go MAEDA 5 months ago

Update Redcarpet to 3.5.1 (#34461).

The version fixes a security vulnerability using :quote in combination with the :escape_html option.

Revision 20666
Added by Go MAEDA 5 months ago

Merged r20665 from trunk to 4.1-stable (#34461).

Revision 20667
Added by Go MAEDA 5 months ago

Merged r18353 from trunk to 4.0-stable (#34461).

This merge is intended to update Redcarpet from 3.4 to 3.5 before merging r20665 which updates Redcarpet to 3.5.1.

Revision 20668
Added by Go MAEDA 5 months ago

Merged r20665 from trunk to 4.0-stable (#34461).

History

#1 Updated by Marius BALTEANU 5 months ago

  • Tracker changed from Defect to Patch
diff --git a/Gemfile b/Gemfile
index 9824c3b2e..a5baf33ce 100644
--- a/Gemfile
+++ b/Gemfile
@@ -44,7 +44,7 @@ end

 # Optional Markdown support, not for JRuby
 group :markdown do
-  gem "redcarpet", "~> 3.5.0" 
+  gem "redcarpet", "~> 3.5.1" 
 end

#2 Updated by Go MAEDA 5 months ago

https://github.com/vmg/redcarpet/blob/master/CHANGELOG.md#version-351-security

Fix a security vulnerability using :quote in combination with the :escape_html option.

#3 Updated by Go MAEDA 5 months ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA

Committed the patch. Thank you.

Also available in: Atom PDF