diff --git a/Gemfile b/Gemfile
index ee8287d2d9..bfce3aef11 100644
--- a/Gemfile
+++ b/Gemfile
@@ -38,7 +38,8 @@ gem 'faraday-http-cache'
 gem 'warden'
 gem 'active_hash'
 gem 'ansible'
-gem 'github-markdown'
+gem 'github-markup'
+gem 'commonmarker'
 gem 'coderay'
 gem 'net-http-persistent'
 gem 'concurrent-ruby'
diff --git a/Gemfile.lock b/Gemfile.lock
index 7ca93ad318..2bb915548d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -277,6 +277,8 @@ GEM
       thor (>= 0.18, < 2)
     byebug (8.2.2)
     coderay (1.1.1)
+    commonmarker (0.21.1)
+      ruby-enum (~> 0.5)
     concurrent-ruby (1.1.7)
     connection_pool (2.2.1)
     crack (0.4.3)
@@ -316,7 +318,7 @@ GEM
     forking_test_runner (1.2.0)
       parallel_tests (>= 1.3.7)
     git_diff_parser (3.1.0)
-    github-markdown (0.6.9)
+    github-markup (3.0.5)
     gitlab (4.10.0)
       httparty (~> 0.14, >= 0.14.0)
       terminal-table (~> 1.5, >= 1.5.1)
@@ -560,6 +562,8 @@ GEM
     rubocop-rails (2.3.2)
       rack (>= 1.1)
       rubocop (>= 0.72.0)
+    ruby-enum (0.8.0)
+      i18n
     ruby-progressbar (1.10.1)
     ruby_parser (3.13.1)
       sexp_processor (~> 4.9)
@@ -644,6 +648,7 @@ DEPENDENCIES
   bundler
   bundler-audit
   coderay
+  commonmarker
   concurrent-ruby
   connection_pool
   dalli
@@ -656,7 +661,7 @@ DEPENDENCIES
   flay
   forking_test_runner
   gcloud_image_tagger!
-  github-markdown
+  github-markup
   goldiloader
   large_object_store
   lograge
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 34c6441738..d5d3f373aa 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 require 'ansible'
-require 'github/markdown'
+require 'github/markup'
 
 module ApplicationHelper
   BOOTSTRAP_FLASH_MAPPINGS = {
@@ -27,7 +27,7 @@ def autolink(text)
 
   # https://github.com/showdownjs/showdown/wiki/Markdown's-XSS-Vulnerability-(and-how-to-mitigate-it)
   def markdown(str)
-    sanitize GitHub::Markdown.render_gfm(str)
+    sanitize GitHub::Markup.render_s(GitHub::Markups::MARKUP_MARKDOWN, str)
   end
 
   def deploy_link(project, stage)
diff --git a/test/helpers/application_helper_test.rb b/test/helpers/application_helper_test.rb
index ad142428a2..a86dae4f31 100644
--- a/test/helpers/application_helper_test.rb
+++ b/test/helpers/application_helper_test.rb
@@ -72,8 +72,14 @@
     end
 
     it "does not allow XSS" do
-      result = markdown("<script>alert(1)</script>")
-      result.must_equal "alert(1)\n"
+      result = markdown("foo <script>alert(1)</script> ")
+      result.must_equal "<p>foo alert(1)</p>\n"
+      assert result.html_safe?
+    end
+
+    it "does not allow XSS, strips entire tag" do
+      result = markdown("<script>alert(1)</script> ")
+      result.must_equal "\n"
       assert result.html_safe?
     end
   end