Hi Praveen, I'm currently working on an LTS update for ruby-saml to fix the CVEs mentioned in #1100441 for Bullseye. For Sid, the issue could be fixed by an upload of version 1.18.0. Gitlab and ruby-omniauth-saml seem to be the only reverse-dependencies. The upgrade of ruby-saml would require to upload v2.2.3 of ruby-omniauth-saml as well. And that would also fix the same set of CVEs in ruby-omniauth-saml [1]. After that, I would like to prep a PU for ruby-saml in Bookworm.
[1] https://github.com/omniauth/omniauth-saml/blob/master/CHANGELOG.md Are there any reasons against uploading these versions of ruby-saml and ruby-omniauth-saml? Do you have any objections to these plans? Regards, Daniel
signature.asc
Description: This is a digitally signed message part
