Merge branch 'update-omniauth-saml' into 'master'

Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951 (cherry picked from commit c3a8b252)

Merge branch 'update-omniauth-saml' into 'master'
Update omniauth-saml to 1.6.0 to address a security vulnerability in ruby-saml Updates `omniauth-saml` to bring in the new `ruby-saml` dependency that addresses [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697) Fixes #19206 See merge request !4951 (cherry picked from commit c3a8b252)
5297d111 · Stan Hu · Robert Speicher · ef30f669 · 5297d111 · 5297d111
Commit 5297d111 authored Jun 27, 2016 by Stan Hu Committed by Robert Speicher Jun 27, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 12 deletions

CHANGELOG CHANGELOG +3 -0

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +5 -11

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.
+v 8.7.8
+  - Update omniauth-saml to 1.6.0. !4951
 v 8.7.7
  - Prevent unauthorized access to other projects build traces
  - Forbid scripting for wiki files

--- a/Gemfile
+++ b/Gemfile
@@ -31,7 +31,7 @@ gem 'omniauth-github',        '~> 1.1.1'
 gem 'omniauth-gitlab',        '~> 1.0.0'
 gem 'omniauth-google-oauth2', '~> 0.2.0'
 gem 'omniauth-kerberos',      '~> 0.3.0', group: :kerberos
-gem 'omniauth-saml',          '~> 1.5.0'
+gem 'omniauth-saml',          '~> 1.6.0'
 gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -459,8 +459,6 @@ GEM
      rb-inotify (>= 0.9)
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
-    macaddr (1.7.1)
-      systemu (~> 2.6.2)
    mail (2.6.4)
      mime-types (>= 1.16, < 4)
    mail_room (0.6.1)
@@ -531,9 +529,9 @@ GEM
    omniauth-oauth2 (1.3.1)
      oauth2 (~> 1.0)
      omniauth (~> 1.2)
-    omniauth-saml (1.5.0)
+    omniauth-saml (1.6.0)
      omniauth (~> 1.3)
-      ruby-saml (~> 1.1, >= 1.1.1)
+      ruby-saml (~> 1.3)
    omniauth-shibboleth (1.2.1)
      omniauth (>= 1.0.0)
    omniauth-twitter (1.2.1)
@@ -692,9 +690,8 @@ GEM
    ruby-fogbugz (0.2.1)
      crack (~> 0.4)
    ruby-progressbar (1.7.5)
-    ruby-saml (1.1.2)
+    ruby-saml (1.3.0)
      nokogiri (>= 1.5.10)
-      uuid (~> 2.3)
    ruby2ruby (2.3.0)
      ruby_parser (~> 3.1)
      sexp_processor (~> 4.0)
@@ -793,7 +790,6 @@ GEM
      activerecord (~> 4.1)
      state_machines-activemodel (>= 0.3.0)
    stringex (2.5.2)
-    systemu (2.6.5)
    task_list (1.0.2)
      html-pipeline
    teaspoon (1.1.5)
@@ -848,8 +844,6 @@ GEM
      get_process_mem (~> 0)
      unicorn (>= 4, < 6)
    uniform_notifier (1.9.0)
-    uuid (2.3.8)
-      macaddr (~> 1.0)
    version_sorter (2.0.0)
    virtus (1.0.5)
      axiom-types (~> 0.1)
@@ -982,7 +976,7 @@ DEPENDENCIES
  omniauth-gitlab (~> 1.0.0)
  omniauth-google-oauth2 (~> 0.2.0)
  omniauth-kerberos (~> 0.3.0)
-  omniauth-saml (~> 1.5.0)
+  omniauth-saml (~> 1.6.0)
  omniauth-shibboleth (~> 1.2.0)
  omniauth-twitter (~> 1.2.0)
  omniauth_crowd (~> 2.2.0)
@@ -1058,4 +1052,4 @@ DEPENDENCIES
  wikicloth (= 0.8.1)
 BUNDLED WITH
-   1.11.2
+   1.12.5