Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

omniauth version has vuneralbilities #25

Closed
NeilH-CCS opened this issue Jul 17, 2019 · 4 comments · Fixed by #26
Closed

omniauth version has vuneralbilities #25

NeilH-CCS opened this issue Jul 17, 2019 · 4 comments · Fixed by #26

Comments

@NeilH-CCS
Copy link

NeilH-CCS commented Jul 17, 2019
edited
Loading

Github is reporting a venerability in versions of omniauth before 1.9.0, this gem appears to be tied to v1.3. Can this dependancy be bumped?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284
@m0n9oose
Copy link
Collaborator

@NeilH-CCS haven't heard about it despite this repo has enabled security alerts. Can you share a link to this vulnerability description?

@NeilH-CCS
Copy link
Author

@NeilH-CCS haven't heard about it despite this repo has enabled security alerts. Can you share a link to this vulnerability description?

I have added it my original post.

m0n9oose pushed a commit that referenced this issue Jul 20, 2019
Update omniauth dependency
68819d5 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284

fix #25
@m0n9oose
Copy link
Collaborator

@NeilH-CCS could you test this branch for regressions?

gem 'omniauth_openid_connect', git: 'https://github.com/m0n9oose/omniauth_openid_connect.git', branch: 'update_omniauth_dependency'

@m0n9oose m0n9oose mentioned this issue Jul 20, 2019
Merged
@NeilH-CCS
Copy link
Author

This branch seems to be fixed and works with our integration.

Please go ahead and release if you can.

m0n9oose added a commit that referenced this issue Aug 2, 2019
@m0n9oose
Update omniauth dependency (#26)
bd8b57f 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284

fix #25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update omniauth dependency omniauth/omniauth_openid_connect
2 participants
@m0n9oose @NeilH-CCS