v1.7.2
This release patches a vulnerability reported to GitLab, where a malicious actor could craft a callback URL that displayed an arbitrary message to users without checking that the callback state matched omniauth's session state.
Thank you to the folks at GitLab for upstreaming this fix.