Actions
Patch #32294
closedUpdate ruby-openid to 2.9.2
Start date:
Due date:
% Done:
0%
Estimated time:
Description
We have to update ruby-openid to the latest version because a vulnerability CVE-2019-11027 has been reported. The attached patch updates ruby-openid to 2.9.2.
https://nvd.nist.gov/vuln/detail/CVE-2019-11027
https://github.com/openid/ruby-openid/issues/122
I have confirmed with ruby-openid 2.9.2 that:
- succeeded in signing in to Redmine with Yahoo OpenID
- passes all test with Redmine 3.4-stable, 4.0-stable, and trunk
Files
Actions