Skip to content

Update RedCloth to 4.3.2 for CVE-2012-6684

What does this MR do?

To fix XSS (CVE-2012-6684), upgrade RedCloth to 4.3.2.

Are there points in the code the reviewer needs to double check?


Why was this MR needed?

Security vulnerability in RedCloth (CVE-2012-6684) should be fixed to provide GitLab as a secure software.

What are the relevant issue numbers?

Closes #19169 (closed)

cf. !2037 (merged), !2071 (merged)

Does this MR meet the acceptance criteria?

Merge request reports