diff options
author | Stan Hu <stanhu@gmail.com> | 2016-06-27 17:50:24 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-06-27 16:31:56 -0400 |
commit | 4c80039c48ffcf2ab2bcb21b62a9a5c0d257c59a (patch) | |
tree | b82cfb59f567e76a2b36eedd93cd3039b8b73438 | |
parent | 68cd1382e5b9239c3101ef4aff3c52739832f3e3 (diff) | |
download | gitlab-ce-4c80039c48ffcf2ab2bcb21b62a9a5c0d257c59a.tar.gz |
Merge branch 'update-omniauth-saml' into 'master'
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml
Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)
Fixes #19206
See merge request !4951
(cherry picked from commit c3a8b252cdf569729e5e1e8e0614b4d2e5226371)
-rw-r--r-- | CHANGELOG | 3 | ||||
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 16 |
3 files changed, 9 insertions, 12 deletions
diff --git a/CHANGELOG b/CHANGELOG index 06b1afe673a..558ddbc2884 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ Please view this file on the master branch, on stable branches it's out of date. +v 8.8.6 + - Update omniauth-saml to 1.6.0 !4951 + v 8.8.5 - Import GitHub repositories respecting the API rate limit !4166 - Fix todos page throwing errors when you have a project pending deletion !4300 @@ -31,7 +31,7 @@ gem 'omniauth-github', '~> 1.1.1' gem 'omniauth-gitlab', '~> 1.0.0' gem 'omniauth-google-oauth2', '~> 0.2.0' gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos -gem 'omniauth-saml', '~> 1.5.0' +gem 'omniauth-saml', '~> 1.6.0' gem 'omniauth-shibboleth', '~> 1.2.0' gem 'omniauth-twitter', '~> 1.2.0' gem 'omniauth_crowd', '~> 2.2.0' diff --git a/Gemfile.lock b/Gemfile.lock index b55764504c6..77f8532b374 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -460,8 +460,6 @@ GEM rb-inotify (>= 0.9) loofah (2.0.3) nokogiri (>= 1.5.9) - macaddr (1.7.1) - systemu (~> 2.6.2) mail (2.6.4) mime-types (>= 1.16, < 4) mail_room (0.7.0) @@ -532,9 +530,9 @@ GEM omniauth-oauth2 (1.3.1) oauth2 (~> 1.0) omniauth (~> 1.2) - omniauth-saml (1.5.0) + omniauth-saml (1.6.0) omniauth (~> 1.3) - ruby-saml (~> 1.1, >= 1.1.1) + ruby-saml (~> 1.3) omniauth-shibboleth (1.2.1) omniauth (>= 1.0.0) omniauth-twitter (1.2.1) @@ -693,9 +691,8 @@ GEM ruby-fogbugz (0.2.1) crack (~> 0.4) ruby-progressbar (1.7.5) - ruby-saml (1.1.2) + ruby-saml (1.3.0) nokogiri (>= 1.5.10) - uuid (~> 2.3) ruby2ruby (2.3.0) ruby_parser (~> 3.1) sexp_processor (~> 4.0) @@ -793,7 +790,6 @@ GEM activerecord (~> 4.1) state_machines-activemodel (>= 0.3.0) stringex (2.5.2) - systemu (2.6.5) task_list (1.0.2) html-pipeline teaspoon (1.1.5) @@ -848,8 +844,6 @@ GEM get_process_mem (~> 0) unicorn (>= 4, < 6) uniform_notifier (1.9.0) - uuid (2.3.8) - macaddr (~> 1.0) version_sorter (2.0.0) virtus (1.0.5) axiom-types (~> 0.1) @@ -982,7 +976,7 @@ DEPENDENCIES omniauth-gitlab (~> 1.0.0) omniauth-google-oauth2 (~> 0.2.0) omniauth-kerberos (~> 0.3.0) - omniauth-saml (~> 1.5.0) + omniauth-saml (~> 1.6.0) omniauth-shibboleth (~> 1.2.0) omniauth-twitter (~> 1.2.0) omniauth_crowd (~> 2.2.0) @@ -1058,4 +1052,4 @@ DEPENDENCIES wikicloth (= 0.8.1) BUNDLED WITH - 1.12.3 + 1.12.5 |