Hey, I have updated the package ruby-doorkeeper-openid-connect. This fixes CVE-2019-9837, #924747.
Since this is an RC bug, hence requesting you to please review and upload the same at the earliest :) The changes can be found at: https://salsa.debian.org/ruby-team/ruby-doorkeeper-openid-connect Best, Utkarsh
