!87 Update xmlhash to 1.3.8 for fix CVE-2022-21949

From: @wk333 
Reviewed-by: @small_leek 
Signed-off-by: @small_leek

Gemfile.lock

@@ -468,7 +468,7 @@ GEM
     websocket-driver (0.7.1)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.4)
-    xmlhash (1.3.7)
+    xmlhash (1.3.8)
       pkg-config
     xmlrpc (0.3.0)
     xpath (3.2.0)

obs-server.spec

@@ -5,7 +5,7 @@
 
 Name:           obs-server
 Version:        2.10.11
-Release:        2
+Release:        3
 Summary:        The Open Build Service -- Server Component
 License:        GPL-2.0-only or GPL-3.0-only
 URL:            http://www.openbuildservice.org
@@ -494,6 +494,9 @@ usermod -a -G docker obsservicerun
 %{_sbindir}/rcobsstoragesetup
 
 %changelog
+* Mon May 16 2022 wangkai <wangkai385@h-partners.com> - 2.10.11-3
+- Update xmlhash to 1.3.8 for fix CVE-2022-21949
+
 * Thu Mar 17 2022 houyingchao <houyingchao@huawei.com> - 2.10.11-2
 - Fix install failed