Update ruby-saml to 1.7.2 and omniauth-saml to 1.10.0 (CVE-2017-11428, CVE-2017-11430)
What does this MR do?
Updates omniauth-saml to 1.10.0 (to address CVE-2017-11430) and ruby-saml to 1.7.2 (to address CVE-2017-11428)
Are there points in the code the reviewer needs to double check?
- omniauth-saml changelog: https://gitlab.com/gitlab-org/gitlab-ce/issues/43806#note_63095285
- ruby-saml changelog: https://gitlab.com/gitlab-org/gitlab-ce/issues/43806#note_63095836
Why was this MR needed?
To address two security vulnerabilities: CVE-2017-11428 and CVE-2017-11430.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary - [n/a] Documentation created/updated
- [n/a] API support added
- [n/a] Tests added for this feature/bug
- Review
- [n/a] Has been reviewed by UX
- [n/a] Has been reviewed by Frontend
-
Has been reviewed by Backend - [n/a] Has been reviewed by Database
-
Conform by the merge request performance guides -
Conform by the style guides -
Squashed related commits together - [n/a] Internationalization required/considered
- [n/a] End-to-end tests pass (
package-qamanual pipeline job)
What are the relevant issue numbers?
Closes #43806
Edited by Takuya Noguchi