Skip to content

Commit

Permalink
fix: Update omniauth gem to 1.3.2 or later 1.3.x
Browse files Browse the repository at this point in the history 
CVE-2017-18076 describes a bug in omniauth prior to version 1.3.2 (https://nvd.nist.gov/vuln/detail/CVE-2017-18076). This pull request upgrades the version of omniauth to 1.3.2 or later.
  • Loading branch information
@lowellrex @md5
lowellrex authored and md5 committed Jan 31, 2018
1 parent 0594259 commit b6bb425
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion omniauth-saml.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ Gem::Specification.new do |gem|

gem.required_ruby_version = '>= 2.1'

gem.add_runtime_dependency 'omniauth', '~> 1.3'
gem.add_runtime_dependency 'omniauth', '~> 1.3', '>= 1.3.2'
gem.add_runtime_dependency 'ruby-saml', '~> 1.4', '>= 1.4.3'

gem.add_development_dependency 'rake', '>= 10', '< 12'
Expand Down

0 comments on commit b6bb425

Please sign in to comment.