Security fix: OSVDB-120415 - Upgrade redcarpet to 3.2 · ec90210ed4 - jekyll

mirror of https://github.com/jekyll/jekyll.git synced 2026-01-30 17:28:29 -05:00

Security fix: OSVDB-120415 - Upgrade redcarpet to 3.2

*Note*: Please release a new gem version of jekyll after merging this.

More information at:
http://osvdb.org/show/osvdb/120415

`redcarpet Gem for Ruby contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the parse_inline() function in markdown.c does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.`

9fc00d0814
8e707ebb94
http://social.schiessle.org/display/b38b1460c2b201329b1f4860008dbc6c
https://gemnasium.com/gems/redcarpet/versions/3.2.3

/cc @parkr @envygeeks

This commit is contained in:

Christian Vuerings

2015-04-13 08:01:16 -07:00

parent c76c4e478b

commit ec90210ed4

1 changed files with 1 additions and 1 deletions

									
										2

Gemfile
									
												View File
												
				@@ -2,7 +2,7 @@ source 'https://rubygems.org'

				gemspec

				gem 'pygments.rb', '~> 0.6.0'

				gem 'redcarpet', '~> 3.1'

				gem 'redcarpet', '~> 3.2.3'

				gem 'toml', '~> 0.1.0'

				gem 'jekyll-paginate', '~> 1.0'

				gem 'jekyll-gist', '~> 1.0'

Security fix: OSVDB-120415 - Upgrade redcarpet to 3.2

2 Gemfile Unescape Escape View File

2

Gemfile

View File