Tobias H. Michaelsen
Tobias H. Michaelsen
Okay, it seems that some parts of the code is dependent on the execution order. If anyone has the time to look into this and make a proposal for how...
The reason v2.8.0 is not on RubyGems is that I haven't been able to contact any of the people who have access to push there :( So if you want...
@lamby The part about RubyGems was in reply to the initial post by @rfrohl as clarification. I have read the linked CVE, but can't really figure out what the vulnerability...
Okay, I understand the confusion. Short answer: There are currently no version that contains a fix. Slightly longer: This is due to uncertainty about what the vulnerability actually is! The...
On a side note: The security notification here on GitHub is related to [the example Rails app](https://github.com/openid/ruby-openid/tree/master/examples/rails_openid), due to it being based on a very old version of Rails. It...
There's a [release v2.9.0](https://github.com/openid/ruby-openid/releases/tag/v2.9.0) which includes changes to some of issues discussed here. But it also seems that part of it has to do with how people choose to use...
@papaphil > Is there an ETA on when a fixed version will be released and pushed to rubygems.org? I currently don't have write access to the gem at rubygems.org, and...
@utkarsh2102 I'm not entirely sure what the CVE issue is exactly, so I cannot say if it has been fixed in the latest release. There are a couple of Yardis...
It's possible to extend with custom stores. See for example the [Redis store](https://github.com/RallySoftware/openid-store-redis). It shouldn't be too much work to implement it yourself. I'm not sure about the security implications,...
Yes, this seems to be quite wrong. Will take a look at it soon.