From b6863388984853ccd6e9b49aadac9c714454257f Mon Sep 17 00:00:00 2001
From: Takuya Noguchi <tak.noguchi.iridge@gmail.com>
Date: Mon, 27 Jun 2016 00:18:46 +0900
Subject: Update RedCloth to 4.3.2 for CVE-2012-6684

---
 Gemfile      | 2 +-
 Gemfile.lock | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Gemfile b/Gemfile
index d622af6b0a3..e409e66aab0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -107,7 +107,7 @@ gem 'html-pipeline', '~> 1.11.0'
 gem 'task_list',     '~> 1.0.2', require: 'task_list/railtie'
 gem 'github-markup', '~> 1.3.1'
 gem 'redcarpet',     '~> 3.3.3'
-gem 'RedCloth',      '~> 4.2.9'
+gem 'RedCloth',      '~> 4.3.2'
 gem 'rdoc',          '~>3.6'
 gem 'org-ruby',      '~> 0.9.12'
 gem 'creole',        '~> 0.5.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 45cb327168c..34138decc13 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    RedCloth (4.2.9)
+    RedCloth (4.3.2)
     ace-rails-ap (4.0.2)
     actionmailer (4.2.6)
       actionpack (= 4.2.6)
@@ -803,7 +803,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  RedCloth (~> 4.2.9)
+  RedCloth (~> 4.3.2)
   ace-rails-ap (~> 4.0.2)
   activerecord-session_store (~> 1.0.0)
   acts-as-taggable-on (~> 3.4)
-- 
cgit v1.2.1


From a034374f004ab2a9e96619438962201b4a6ab222 Mon Sep 17 00:00:00 2001
From: Takuya Noguchi <tak.noguchi.iridge@gmail.com>
Date: Mon, 27 Jun 2016 00:34:28 +0900
Subject: Update CHANGELOG

---
 CHANGELOG | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG b/CHANGELOG
index 2f93fcdbaa0..2f29a64df1b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -38,6 +38,7 @@ v 8.9.5 (unreleased)
   - Show "locked" label for locked runners on runners admin. !4961
   - Fixes issues importing events in Import/Export. Import/Export version bumped to 0.1.1
   - Fix import button disabled when import process fail due to the namespace already been taken.
+  - Security: Update RedCloth to 4.3.2 (Takuya Noguchi)
 
 v 8.9.4
   - Fix privilege escalation issue with OAuth external users.
-- 
cgit v1.2.1