-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bumped Redcarpet to 3.3.2 #149
Conversation
/cc @benbalter |
We actually deployed this internally to our Pages servers a week or so ago, as the security issue was disclosed to us by @vmg. Apologies that it's not in the public gem yet. Right now we are sussing out another potential issue, but we will merge and release this soon. |
Would be great to see this merged for the security fixes in redcarpet |
+1 |
As I said above:
If you head to https://pages.github.com/versions/, you'll see the dynamically generated versions of all the gems we run in production. The entire company is heading out to our annual Summit next week, so we'll try to take care of this in the public release of the gem 🔜. |
github's pages are one thing, but dropcaster depends on the gh_pages, which still points to 3.3.1. So I cannot fix dropcaster until this PR was merged. Or is there a better way? |
@nerab Switch to the Github pages "like" Docker image that we provide on Jekyll then, we use almost the same dependency chain but like Github we diverge if we want to force a specific version for specific reasons. |
I've just merged the PR in but am not doing a release just yet. Assuming you're using Bundler, you can refer directly to the gem with |
OK, will try that. Thanks! |
Versions 3.3.2 has a fix for a potential security issue in the HTML renderer