Merge branch '43806-update-ruby-saml-to-1.7.2' into 'master'
Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0 (CVE-2017-11428, CVE-2017-11430) Closes #43806 See merge request gitlab-org/gitlab-ce!17734
This commit is contained in:
commit
2dca1bc04d
3 changed files with 15 additions and 10 deletions
2
Gemfile
2
Gemfile
|
@ -34,7 +34,7 @@ gem 'omniauth-gitlab', '~> 1.0.2'
|
||||||
gem 'omniauth-google-oauth2', '~> 0.5.2'
|
gem 'omniauth-google-oauth2', '~> 0.5.2'
|
||||||
gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
|
gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
|
||||||
gem 'omniauth-oauth2-generic', '~> 0.2.2'
|
gem 'omniauth-oauth2-generic', '~> 0.2.2'
|
||||||
gem 'omniauth-saml', '~> 1.7.0'
|
gem 'omniauth-saml', '~> 1.10.0'
|
||||||
gem 'omniauth-shibboleth', '~> 1.2.0'
|
gem 'omniauth-shibboleth', '~> 1.2.0'
|
||||||
gem 'omniauth-twitter', '~> 1.2.0'
|
gem 'omniauth-twitter', '~> 1.2.0'
|
||||||
gem 'omniauth_crowd', '~> 2.2.0'
|
gem 'omniauth_crowd', '~> 2.2.0'
|
||||||
|
|
18
Gemfile.lock
18
Gemfile.lock
|
@ -388,7 +388,7 @@ GEM
|
||||||
thor
|
thor
|
||||||
tilt
|
tilt
|
||||||
hashdiff (0.3.4)
|
hashdiff (0.3.4)
|
||||||
hashie (3.5.6)
|
hashie (3.5.7)
|
||||||
hashie-forbidden_attributes (0.1.1)
|
hashie-forbidden_attributes (0.1.1)
|
||||||
hashie (>= 3.0)
|
hashie (>= 3.0)
|
||||||
health_check (2.6.0)
|
health_check (2.6.0)
|
||||||
|
@ -527,9 +527,9 @@ GEM
|
||||||
octokit (4.8.0)
|
octokit (4.8.0)
|
||||||
sawyer (~> 0.8.0, >= 0.5.3)
|
sawyer (~> 0.8.0, >= 0.5.3)
|
||||||
oj (2.17.5)
|
oj (2.17.5)
|
||||||
omniauth (1.4.2)
|
omniauth (1.4.3)
|
||||||
hashie (>= 1.2, < 4)
|
hashie (>= 1.2, < 4)
|
||||||
rack (>= 1.0, < 3)
|
rack (>= 1.6.2, < 3)
|
||||||
omniauth-auth0 (1.4.1)
|
omniauth-auth0 (1.4.1)
|
||||||
omniauth-oauth2 (~> 1.1)
|
omniauth-oauth2 (~> 1.1)
|
||||||
omniauth-authentiq (0.3.1)
|
omniauth-authentiq (0.3.1)
|
||||||
|
@ -568,9 +568,9 @@ GEM
|
||||||
omniauth (~> 1.2)
|
omniauth (~> 1.2)
|
||||||
omniauth-oauth2-generic (0.2.2)
|
omniauth-oauth2-generic (0.2.2)
|
||||||
omniauth-oauth2 (~> 1.0)
|
omniauth-oauth2 (~> 1.0)
|
||||||
omniauth-saml (1.7.0)
|
omniauth-saml (1.10.0)
|
||||||
omniauth (~> 1.3)
|
omniauth (~> 1.3, >= 1.3.2)
|
||||||
ruby-saml (~> 1.4)
|
ruby-saml (~> 1.7)
|
||||||
omniauth-shibboleth (1.2.1)
|
omniauth-shibboleth (1.2.1)
|
||||||
omniauth (>= 1.0.0)
|
omniauth (>= 1.0.0)
|
||||||
omniauth-twitter (1.2.1)
|
omniauth-twitter (1.2.1)
|
||||||
|
@ -649,7 +649,7 @@ GEM
|
||||||
pry (>= 0.9.10)
|
pry (>= 0.9.10)
|
||||||
public_suffix (3.0.2)
|
public_suffix (3.0.2)
|
||||||
pyu-ruby-sasl (0.0.3.3)
|
pyu-ruby-sasl (0.0.3.3)
|
||||||
rack (1.6.8)
|
rack (1.6.9)
|
||||||
rack-accept (0.4.5)
|
rack-accept (0.4.5)
|
||||||
rack (>= 0.4)
|
rack (>= 0.4)
|
||||||
rack-attack (4.4.1)
|
rack-attack (4.4.1)
|
||||||
|
@ -804,7 +804,7 @@ GEM
|
||||||
crack (~> 0.4)
|
crack (~> 0.4)
|
||||||
ruby-prof (0.17.0)
|
ruby-prof (0.17.0)
|
||||||
ruby-progressbar (1.9.0)
|
ruby-progressbar (1.9.0)
|
||||||
ruby-saml (1.4.1)
|
ruby-saml (1.7.2)
|
||||||
nokogiri (>= 1.5.10)
|
nokogiri (>= 1.5.10)
|
||||||
ruby_parser (3.9.0)
|
ruby_parser (3.9.0)
|
||||||
sexp_processor (~> 4.1)
|
sexp_processor (~> 4.1)
|
||||||
|
@ -1122,7 +1122,7 @@ DEPENDENCIES
|
||||||
omniauth-google-oauth2 (~> 0.5.2)
|
omniauth-google-oauth2 (~> 0.5.2)
|
||||||
omniauth-kerberos (~> 0.3.0)
|
omniauth-kerberos (~> 0.3.0)
|
||||||
omniauth-oauth2-generic (~> 0.2.2)
|
omniauth-oauth2-generic (~> 0.2.2)
|
||||||
omniauth-saml (~> 1.7.0)
|
omniauth-saml (~> 1.10.0)
|
||||||
omniauth-shibboleth (~> 1.2.0)
|
omniauth-shibboleth (~> 1.2.0)
|
||||||
omniauth-twitter (~> 1.2.0)
|
omniauth-twitter (~> 1.2.0)
|
||||||
omniauth_crowd (~> 2.2.0)
|
omniauth_crowd (~> 2.2.0)
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0
|
||||||
|
merge_request: 17734
|
||||||
|
author: Takuya Noguchi
|
||||||
|
type: security
|
Loading…
Reference in a new issue