Patch #32294
Update ruby-openid to 2.9.2
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Jean-Philippe Lang | % Done: | 0% | |
| Category: | Gems support | |||
| Target version: | 3.4.12 |
Description
We have to update ruby-openid to the latest version because a vulnerability CVE-2019-11027 has been reported. The attached patch updates ruby-openid to 2.9.2.
https://nvd.nist.gov/vuln/detail/CVE-2019-11027
https://github.com/openid/ruby-openid/issues/122
I have confirmed with ruby-openid 2.9.2 that:
- succeeded in signing in to Redmine with Yahoo OpenID
- passes all test with Redmine 3.4-stable, 4.0-stable, and trunk
update-ruby-openid.patch 
(315 Bytes)
History
#1
Updated by Jean-Philippe Lang over 1 year ago
- Assignee set to Jean-Philippe Lang
- Target version changed from Candidate for next minor release to 3.4.12
#2
Updated by Jean-Philippe Lang over 1 year ago
- Status changed from New to Closed
Committed, thanks.