Security alert on Github due to usage of omniauth gem

[NicoSa]

Hi there, first of all, thanks for your awesome work on this.

The issue I currently see is a security alert from Github due to the requirement of the omniauth gem in omniauth-facebook. Now according to this thread the maintainers of that gem see the responsibility to handle the cause of that security issue with the gem requiring their gem which would be omniauth-facebook. I might have misunderstood something though. Now my question I suppose is, do you have a strategy on how to fix this vulnerability when using your gem? Or a plan on how to combat the issue? We are running omniauth-facebook 5.0.0 with rails 2.5.3.

Any feedback is appreciated! Maybe we can even help?

Cheers

[simi]

You need to update omniauth via bundle update omniauth in your project.

[NicoSa]

Hey @simi, the problem is that does not actually help since all versions of omniauth are flagged as having this vulnerability. See https://rubygems.org/gems/omniauth and @

[simi]

Please reach omniauth to fix that on their side then. There's nothing we can do about it in here.

see https://github.com/omniauth/omniauth/issues/960 and https://github.com/omniauth/omniauth/pull/809