Upgrade doorkeeper / doorkeeper-openid_connect to fix open redirect vulnerability
The gem doorkeeper-openid_connect
has a (low-risk) open redirect vulnerability which was fixed in version 1.5.4, and was assigned CVE-2019-9837.
The upgrade also requires upgrading Doorkeeper to version 5.x, I saw there's an old MR upgrading to 4.4.3.
/cc gitlab-ce~2779335
Edited by Markus Koller