Project

General

Profile

Actions
Copy link

Patch #32294

closed

Update ruby-openid to 2.9.2

Added by Go MAEDA over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
Gems support
Target version:
3.4.12
Start date:
Due date:
% Done:

0%

Estimated time:

Description

We have to update ruby-openid to the latest version because a vulnerability CVE-2019-11027 has been reported. The attached patch updates ruby-openid to 2.9.2.

https://nvd.nist.gov/vuln/detail/CVE-2019-11027
https://github.com/openid/ruby-openid/issues/122

I have confirmed with ruby-openid 2.9.2 that:

  • succeeded in signing in to Redmine with Yahoo OpenID
  • passes all test with Redmine 3.4-stable, 4.0-stable, and trunk

Files

update-ruby-openid.patch (315 Bytes) update-ruby-openid.patch Go MAEDA, 2019-10-18 05:22
Actions
Copy link
 #1

Updated by Jean-Philippe Lang over 4 years ago

  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 3.4.12
Actions
Copy link
 #2

Updated by Jean-Philippe Lang over 4 years ago

  • Status changed from New to Closed

Committed, thanks.

Actions
Copy link

Also available in: Atom PDF