diff options
| author | Stan Hu <stanhu@gmail.com> | 2016-06-27 20:50:24 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-28 00:07:53 +0300 |
| commit | 5297d111f5f12c6c2c5ccc971b691608a8387978 (patch) | |
| tree | 325e78b70288c37a3458946f9df3c897546e4fa5 | |
| parent | ef30f66950d9db4dddfe230c8f4a1f483acb57a3 (diff) | |
Merge branch 'update-omniauth-saml' into 'master'
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
Fixes #19206
See merge request !4951
(cherry picked from commit c3a8b252cdf569729e5e1e8e0614b4d2e5226371)
| -rw-r--r-- | CHANGELOG | 3 | ||||
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 16 |
3 files changed, 9 insertions, 12 deletions
diff --git a/CHANGELOG b/CHANGELOG index 2beafe2749b..f2c58a8baa9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ Please view this file on the master branch, on stable branches it's out of date. +v 8.7.8 + - Update omniauth-saml to 1.6.0. !4951 + v 8.7.7 - Prevent unauthorized access to other projects build traces - Forbid scripting for wiki files @@ -31,7 +31,7 @@ gem 'omniauth-github', '~> 1.1.1' gem 'omniauth-gitlab', '~> 1.0.0' gem 'omniauth-google-oauth2', '~> 0.2.0' gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos -gem 'omniauth-saml', '~> 1.5.0' +gem 'omniauth-saml', '~> 1.6.0' gem 'omniauth-shibboleth', '~> 1.2.0' gem 'omniauth-twitter', '~> 1.2.0' gem 'omniauth_crowd', '~> 2.2.0' diff --git a/Gemfile.lock b/Gemfile.lock index b00d7b35c84..e7f4397624b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -459,8 +459,6 @@ GEM rb-inotify (>= 0.9) loofah (2.0.3) nokogiri (>= 1.5.9) - macaddr (1.7.1) - systemu (~> 2.6.2) mail (2.6.4) mime-types (>= 1.16, < 4) mail_room (0.6.1) @@ -531,9 +529,9 @@ GEM omniauth-oauth2 (1.3.1) oauth2 (~> 1.0) omniauth (~> 1.2) - omniauth-saml (1.5.0) + omniauth-saml (1.6.0) omniauth (~> 1.3) - ruby-saml (~> 1.1, >= 1.1.1) + ruby-saml (~> 1.3) omniauth-shibboleth (1.2.1) omniauth (>= 1.0.0) omniauth-twitter (1.2.1) @@ -692,9 +690,8 @@ GEM ruby-fogbugz (0.2.1) crack (~> 0.4) ruby-progressbar (1.7.5) - ruby-saml (1.1.2) + ruby-saml (1.3.0) nokogiri (>= 1.5.10) - uuid (~> 2.3) ruby2ruby (2.3.0) ruby_parser (~> 3.1) sexp_processor (~> 4.0) @@ -793,7 +790,6 @@ GEM activerecord (~> 4.1) state_machines-activemodel (>= 0.3.0) stringex (2.5.2) - systemu (2.6.5) task_list (1.0.2) html-pipeline teaspoon (1.1.5) @@ -848,8 +844,6 @@ GEM get_process_mem (~> 0) unicorn (>= 4, < 6) uniform_notifier (1.9.0) - uuid (2.3.8) - macaddr (~> 1.0) version_sorter (2.0.0) virtus (1.0.5) axiom-types (~> 0.1) @@ -982,7 +976,7 @@ DEPENDENCIES omniauth-gitlab (~> 1.0.0) omniauth-google-oauth2 (~> 0.2.0) omniauth-kerberos (~> 0.3.0) - omniauth-saml (~> 1.5.0) + omniauth-saml (~> 1.6.0) omniauth-shibboleth (~> 1.2.0) omniauth-twitter (~> 1.2.0) omniauth_crowd (~> 2.2.0) @@ -1058,4 +1052,4 @@ DEPENDENCIES wikicloth (= 0.8.1) BUNDLED WITH - 1.11.2 + 1.12.5 |