A flaw was discovered in ruby-kramdown, a fast, pure ruby, Markdown parser and converter, which could result in unintended read access to files or unintended embedded Ruby code execution when the {::options /} extension is used together with the "template" option. The Update introduces a new option "forbidden_inline_options" to restrict the options allowed with the {::options /} extension. By default the "template" option is forbidden.