Patch #32294

Update ruby-openid to 2.9.2

Added by Go MAEDA about 1 month ago. Updated about 1 month ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Gems support
Target version:3.4.12

Description

We have to update ruby-openid to the latest version because a vulnerability CVE-2019-11027 has been reported. The attached patch updates ruby-openid to 2.9.2.

https://nvd.nist.gov/vuln/detail/CVE-2019-11027
https://github.com/openid/ruby-openid/issues/122

I have confirmed with ruby-openid 2.9.2 that:

  • succeeded in signing in to Redmine with Yahoo OpenID
  • passes all test with Redmine 3.4-stable, 4.0-stable, and trunk

update-ruby-openid.patch Magnifier (315 Bytes) Go MAEDA, 2019-10-18 05:22

Associated revisions

Revision 18746
Added by Jean-Philippe Lang about 1 month ago

Update ruby-openid to 2.9.2 (#32294).

Patch by Go MAEDA.

Revision 18747
Added by Jean-Philippe Lang about 1 month ago

Merged r18746 to 4.0-stable (#32294).

Revision 18748
Added by Jean-Philippe Lang about 1 month ago

Merged r18746 to 3.4-stable (#32294).

Revision 19076
Added by Jean-Philippe Lang 3 days ago

Merged r18746 to 3.3-stable (#32294).

History

#1 Updated by Jean-Philippe Lang about 1 month ago

  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 3.4.12

#2 Updated by Jean-Philippe Lang about 1 month ago

  • Status changed from New to Closed

Committed, thanks.

Also available in: Atom PDF