Patch #32294: Update ruby-openid to 2.9.2 - Redmine

Patch #32294

Update ruby-openid to 2.9.2

Added by Go MAEDA about 2 years ago. Updated about 2 years ago.

Status:

Closed

Start date:

Priority:

Normal

Due date:

Assignee:

Jean-Philippe Lang

% Done:

Category:

Gems support

Target version:

3.4.12

Description

We have to update ruby-openid to the latest version because a vulnerability CVE-2019-11027 has been reported. The attached patch updates ruby-openid to 2.9.2.

https://nvd.nist.gov/vuln/detail/CVE-2019-11027
https://github.com/openid/ruby-openid/issues/122

I have confirmed with ruby-openid 2.9.2 that:

succeeded in signing in to Redmine with Yahoo OpenID
passes all test with Redmine 3.4-stable, 4.0-stable, and trunk

update-ruby-openid.patch (315 Bytes) Go MAEDA, 2019-10-18 05:22

Associated revisions

Revision 18746
Added by Jean-Philippe Lang about 2 years ago

Update ruby-openid to 2.9.2 (#32294).

Patch by Go MAEDA.

Revision 18747
Added by Jean-Philippe Lang about 2 years ago

Merged r18746 to 4.0-stable (#32294).

Revision 18748
Added by Jean-Philippe Lang about 2 years ago

Merged r18746 to 3.4-stable (#32294).

Revision 19076
Added by Jean-Philippe Lang almost 2 years ago

Merged r18746 to 3.3-stable (#32294).

History

#1 Updated by Jean-Philippe Lang about 2 years ago

Assignee set to Jean-Philippe Lang
Target version changed from Candidate for next minor release to 3.4.12

#2 Updated by Jean-Philippe Lang about 2 years ago

Status changed from New to Closed

Committed, thanks.

Also available in: Atom PDF

Redmine

Issues