Patch #30137

Remove rails-html-sanitizer from Gemfile

Added by Go MAEDA 10 months ago. Updated 10 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Go MAEDA% Done:

0%

Category:Code cleanup/refactoring
Target version:4.0.0

Description

Redmine installs rails-html-sanitizer to ensure that not to use vulnerable versions prior to 1.0.3.

But it is not necessary any longer because Rails actionview 5.2.2 requires rails-html-sanitizer 1.0.3 or later.

Index: Gemfile
===================================================================
--- Gemfile    (revision 17706)
+++ Gemfile    (working copy)
@@ -17,9 +17,6 @@
 gem "nokogiri", "~> 1.8.0" 
 gem "i18n", "~> 0.7.0" 

-# Request at least rails-html-sanitizer 1.0.3 because of security advisories
-gem "rails-html-sanitizer", ">= 1.0.3" 
-
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :x64_mingw, :mswin]
 gem "rbpdf", "~> 1.19.6" 

Associated revisions

Revision 17707
Added by Go MAEDA 10 months ago

Remove rails-html-sanitizer from Gemfile (#30137).

Revision 17708
Added by Jean-Philippe Lang 10 months ago

Merged r17707 to 4.0-stable (#30137).

History

#1 Updated by Go MAEDA 10 months ago

It was introduced in r15105.

#2 Updated by Go MAEDA 10 months ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA

Committed.

#3 Updated by Jean-Philippe Lang 10 months ago

  • Target version changed from 4.1.0 to 4.0.0

Also available in: Atom PDF