libruby2.7 has rexml 3.2.3.1 which has latest security fixes --- a/Gemfile +++ b/Gemfile @@ -54,7 +54,7 @@ gem 'bcrypt', '~> 3.1', '>= 3.1.14' gem 'doorkeeper', '~> 5.5' gem 'doorkeeper-openid_connect', '~> 1.8' -gem 'rexml', '~> 3.2','>= 3.2.5' +gem 'rexml', '~> 3.2','>= 3.2.3.1' gem 'ruby-saml', '~> 1.13' gem 'omniauth', '~> 2.1' gem 'omniauth-auth0', '~> 2.0'