diff options
| author | Stan Hu <stanhu@gmail.com> | 2016-06-27 17:50:24 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2016-06-27 17:50:24 +0000 |
| commit | c3a8b252cdf569729e5e1e8e0614b4d2e5226371 (patch) | |
| tree | 07982782f2314a9cf079fbf26f4605b1e54af409 | |
| parent | 21842cf90f0d2545ed3d687ce864eb0d551b7059 (diff) | |
| parent | 6963dcb56b36d140d763a0d0c47549cc23c60978 (diff) | |
| download | gitlab-ce-c3a8b252cdf569729e5e1e8e0614b4d2e5226371.tar.gz | |
Merge branch 'update-omniauth-saml' into 'master'
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
## What does this MR do?
Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
Fixes #19206
See merge request !4951
| -rw-r--r-- | CHANGELOG | 3 | ||||
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 9 |
3 files changed, 8 insertions, 6 deletions
diff --git a/CHANGELOG b/CHANGELOG index d55f609e322..6defffefb77 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -14,6 +14,9 @@ v 8.10.0 (unreleased) - Add API endpoint for a group issues !4520 (mahcsig) - Allow [ci skip] to be in any case and allow [skip ci]. !4785 (simon_w) +v 8.9.2 + - Update omniauth-saml to 1.6.0 !4951 + v 8.9.1 - Refactor labels documentation. !3347 - Eager load award emoji on notes. !4628 @@ -30,7 +30,7 @@ gem 'omniauth-github', '~> 1.1.1' gem 'omniauth-gitlab', '~> 1.0.0' gem 'omniauth-google-oauth2', '~> 0.2.0' gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos -gem 'omniauth-saml', '~> 1.5.0' +gem 'omniauth-saml', '~> 1.6.0' gem 'omniauth-shibboleth', '~> 1.2.0' gem 'omniauth-twitter', '~> 1.2.0' gem 'omniauth_crowd', '~> 2.2.0' diff --git a/Gemfile.lock b/Gemfile.lock index 3f3ceb667b5..66660f546e7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -459,9 +459,9 @@ GEM omniauth-oauth2 (1.3.1) oauth2 (~> 1.0) omniauth (~> 1.2) - omniauth-saml (1.5.0) + omniauth-saml (1.6.0) omniauth (~> 1.3) - ruby-saml (~> 1.1, >= 1.1.1) + ruby-saml (~> 1.3) omniauth-shibboleth (1.2.1) omniauth (>= 1.0.0) omniauth-twitter (1.2.1) @@ -622,9 +622,8 @@ GEM ruby-fogbugz (0.2.1) crack (~> 0.4) ruby-progressbar (1.8.1) - ruby-saml (1.1.2) + ruby-saml (1.3.0) nokogiri (>= 1.5.10) - uuid (~> 2.3) ruby_parser (3.8.2) sexp_processor (~> 4.1) rubyntlm (0.5.2) @@ -912,7 +911,7 @@ DEPENDENCIES omniauth-gitlab (~> 1.0.0) omniauth-google-oauth2 (~> 0.2.0) omniauth-kerberos (~> 0.3.0) - omniauth-saml (~> 1.5.0) + omniauth-saml (~> 1.6.0) omniauth-shibboleth (~> 1.2.0) omniauth-twitter (~> 1.2.0) omniauth_crowd (~> 2.2.0) |