Update RedCloth to 4.3.2 for CVE-2012-6684 (!4929) · Merge requests · GitLab.org / GitLab FOSS · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

username-removed-100770 requested to merge tnir/gitlab-ce:redcloth-4-3-2-cve-2012-6684 into master Jun 26, 2016

What does this MR do?

To fix XSS (CVE-2012-6684), upgrade RedCloth to 4.3.2.

Are there points in the code the reviewer needs to double check?

No.

Why was this MR needed?

Security vulnerability in RedCloth (CVE-2012-6684) should be fixed to provide GitLab as a secure software.

What are the relevant issue numbers?

Closes #19169 (closed)

cf. !2037 (merged), !2071 (merged)

Does this MR meet the acceptance criteria?

CHANGELOG entry added
[n/a] Documentation created/updated
[n/a] API support added
Tests
- [n/a] Added for this feature/bug
- All builds are passing
Conform by the style guides
Branch has no merge conflicts with master (if you do - rebase it please)
Squashed related commits together