Merge branch '43806-update-ruby-saml-to-1.7.2' into 'master'
Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0 (CVE-2017-11428, CVE-2017-11430) Closes #43806 See merge request gitlab-org/gitlab-ce!17734
This commit is contained in:
Robert Speicher
commit
2dca1bc04d
3 changed files with 15 additions and 10 deletions
2
Gemfile
2
Gemfile
|
|
@ -34,7 +34,7 @@ gem 'omniauth-gitlab', '~> 1.0.2'
|
|||
gem 'omniauth-google-oauth2', '~> 0.5.2'
|
||||
gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
|
||||
gem 'omniauth-oauth2-generic', '~> 0.2.2'
|
||||
gem 'omniauth-saml', '~> 1.7.0'
|
||||
gem 'omniauth-saml', '~> 1.10.0'
|
||||
gem 'omniauth-shibboleth', '~> 1.2.0'
|
||||
gem 'omniauth-twitter', '~> 1.2.0'
|
||||
gem 'omniauth_crowd', '~> 2.2.0'
|
||||
|
|
|
|||
18
Gemfile.lock
18
Gemfile.lock
|
|
@ -388,7 +388,7 @@ GEM
|
|||
thor
|
||||
tilt
|
||||
hashdiff (0.3.4)
|
||||
hashie (3.5.6)
|
||||
hashie (3.5.7)
|
||||
hashie-forbidden_attributes (0.1.1)
|
||||
hashie (>= 3.0)
|
||||
health_check (2.6.0)
|
||||
|
|
@ -527,9 +527,9 @@ GEM
|
|||
octokit (4.8.0)
|
||||
sawyer (~> 0.8.0, >= 0.5.3)
|
||||
oj (2.17.5)
|
||||
omniauth (1.4.2)
|
||||
omniauth (1.4.3)
|
||||
hashie (>= 1.2, < 4)
|
||||
rack (>= 1.0, < 3)
|
||||
rack (>= 1.6.2, < 3)
|
||||
omniauth-auth0 (1.4.1)
|
||||
omniauth-oauth2 (~> 1.1)
|
||||
omniauth-authentiq (0.3.1)
|
||||
|
|
@ -568,9 +568,9 @@ GEM
|
|||
omniauth (~> 1.2)
|
||||
omniauth-oauth2-generic (0.2.2)
|
||||
omniauth-oauth2 (~> 1.0)
|
||||
omniauth-saml (1.7.0)
|
||||
omniauth (~> 1.3)
|
||||
ruby-saml (~> 1.4)
|
||||
omniauth-saml (1.10.0)
|
||||
omniauth (~> 1.3, >= 1.3.2)
|
||||
ruby-saml (~> 1.7)
|
||||
omniauth-shibboleth (1.2.1)
|
||||
omniauth (>= 1.0.0)
|
||||
omniauth-twitter (1.2.1)
|
||||
|
|
@ -649,7 +649,7 @@ GEM
|
|||
pry (>= 0.9.10)
|
||||
public_suffix (3.0.2)
|
||||
pyu-ruby-sasl (0.0.3.3)
|
||||
rack (1.6.8)
|
||||
rack (1.6.9)
|
||||
rack-accept (0.4.5)
|
||||
rack (>= 0.4)
|
||||
rack-attack (4.4.1)
|
||||
|
|
@ -804,7 +804,7 @@ GEM
|
|||
crack (~> 0.4)
|
||||
ruby-prof (0.17.0)
|
||||
ruby-progressbar (1.9.0)
|
||||
ruby-saml (1.4.1)
|
||||
ruby-saml (1.7.2)
|
||||
nokogiri (>= 1.5.10)
|
||||
ruby_parser (3.9.0)
|
||||
sexp_processor (~> 4.1)
|
||||
|
|
@ -1122,7 +1122,7 @@ DEPENDENCIES
|
|||
omniauth-google-oauth2 (~> 0.5.2)
|
||||
omniauth-kerberos (~> 0.3.0)
|
||||
omniauth-oauth2-generic (~> 0.2.2)
|
||||
omniauth-saml (~> 1.7.0)
|
||||
omniauth-saml (~> 1.10.0)
|
||||
omniauth-shibboleth (~> 1.2.0)
|
||||
omniauth-twitter (~> 1.2.0)
|
||||
omniauth_crowd (~> 2.2.0)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0
|
||||
merge_request: 17734
|
||||
author: Takuya Noguchi
|
||||
type: security
|
||||
Loading…
Reference in a new issue