Project

General

Profile

Actions

Patch #32294

closed

Update ruby-openid to 2.9.2

Added by Go MAEDA about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Gems support
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

We have to update ruby-openid to the latest version because a vulnerability CVE-2019-11027 has been reported. The attached patch updates ruby-openid to 2.9.2.

https://nvd.nist.gov/vuln/detail/CVE-2019-11027
https://github.com/openid/ruby-openid/issues/122

I have confirmed with ruby-openid 2.9.2 that:

  • succeeded in signing in to Redmine with Yahoo OpenID
  • passes all test with Redmine 3.4-stable, 4.0-stable, and trunk

Files

update-ruby-openid.patch (315 Bytes) update-ruby-openid.patch Go MAEDA, 2019-10-18 05:22
Actions #1

Updated by Jean-Philippe Lang about 5 years ago

  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 3.4.12
Actions #2

Updated by Jean-Philippe Lang about 5 years ago

  • Status changed from New to Closed

Committed, thanks.

Actions

Also available in: Atom PDF