Hi
In your ruby gem that you maintain at omniauth-auth0 it makes use of a 3rd party library where a vulnerability fix has now been made to resolve CVE-2015-9284
As your the ruby gem ‘omniauth-auth0’ that you maintain makes use of the old version where the vulnerability is present and you provide a workaround by the way of using the ‘omniauth-rails_csrf_protection’ patch. Will you be updating your own gem so that it uses the new version of omniauth where the vulnerability is no longer present?
Further details of the vulnerability fix in omniauth can be seen at https://github.com/omniauth/omniauth/releases/tag/v2.0.0
Thanks
Scott