diff options
author | Stan Hu <stanhu@gmail.com> | 2016-06-27 17:50:24 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-27 15:14:51 -0400 |
commit | 7cf41bf5e692201b17e8300afcea44142ac8a993 (patch) | |
tree | adfe5d78b8c46a096cedaa5c7a673c952e873ec8 | |
parent | a61b40136b3941b5cd23d80e0cbad2eedaf06b97 (diff) | |
download | gitlab-ce-7cf41bf5e692201b17e8300afcea44142ac8a993.tar.gz |
Merge branch 'update-omniauth-saml' into 'master'
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
## What does this MR do?
Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
Fixes #19206
See merge request !4951
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 9 |
3 files changed, 6 insertions, 6 deletions
diff --git a/CHANGELOG b/CHANGELOG index 4307d6dd03c..7363f30b12e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.9.2 - Fix visibility of snippets when searching. + - Update omniauth-saml to 1.6.0 !4951 v 8.9.1 - Refactor labels documentation. !3347 @@ -30,7 +30,7 @@ gem 'omniauth-github', '~> 1.1.1' gem 'omniauth-gitlab', '~> 1.0.0' gem 'omniauth-google-oauth2', '~> 0.2.0' gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos -gem 'omniauth-saml', '~> 1.5.0' +gem 'omniauth-saml', '~> 1.6.0' gem 'omniauth-shibboleth', '~> 1.2.0' gem 'omniauth-twitter', '~> 1.2.0' gem 'omniauth_crowd', '~> 2.2.0' diff --git a/Gemfile.lock b/Gemfile.lock index ce52985bd4a..76e84756bb8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -468,9 +468,9 @@ GEM omniauth-oauth2 (1.3.1) oauth2 (~> 1.0) omniauth (~> 1.2) - omniauth-saml (1.5.0) + omniauth-saml (1.6.0) omniauth (~> 1.3) - ruby-saml (~> 1.1, >= 1.1.1) + ruby-saml (~> 1.3) omniauth-shibboleth (1.2.1) omniauth (>= 1.0.0) omniauth-twitter (1.2.1) @@ -631,9 +631,8 @@ GEM ruby-fogbugz (0.2.1) crack (~> 0.4) ruby-progressbar (1.8.1) - ruby-saml (1.1.2) + ruby-saml (1.3.0) nokogiri (>= 1.5.10) - uuid (~> 2.3) ruby_parser (3.8.2) sexp_processor (~> 4.1) rubyntlm (0.5.2) @@ -920,7 +919,7 @@ DEPENDENCIES omniauth-gitlab (~> 1.0.0) omniauth-google-oauth2 (~> 0.2.0) omniauth-kerberos (~> 0.3.0) - omniauth-saml (~> 1.5.0) + omniauth-saml (~> 1.6.0) omniauth-shibboleth (~> 1.2.0) omniauth-twitter (~> 1.2.0) omniauth_crowd (~> 2.2.0) |