<div dir="ltr"><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">For those of you who are in IETF, hope you are having good time. </p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Here is a vulnerability reported by Frans Rosén <a href="https://gitlab.com/gitlab-org/gitlab/-/issues/362394" style="background-color:transparent;box-sizing:border-box;color:rgb(17,158,77);text-decoration-line:none">https://gitlab.com/gitlab-org/gitlab/-/issues/362394</a></p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">and <a href="https://user-content.gitlab-static.net/36d11caeb269229319a2912b9719ed1d55ec1af9/68747470733a2f2f68312e7365632e6769746c61622e6e65742f612f35616565376137322d643935372d343265652d393631652d3362393436613564323538642f6769746c61622d68696a61636b2e6d7034" style="box-sizing:border-box;color:rgb(17,158,77);text-decoration-line:none;background-color:transparent">https://user-content.gitlab-static.net/36d11caeb269229319a2912b9719ed1d55ec1af9/68747470733a2f2f68312e7365632e6769746c61622e6e65742f612f35616565376137322d643935372d343265652d393631652d3362393436613564323538642f6769746c61622d68696a61636b2e6d7034</a></p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Maybe we should make nonce mandatory in OpenID Connect 1.1. </p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Also, stronger recommendations on the use of request objects. </p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Best, </p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px"><br></p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Nat Sakimura</p><p style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px"><br></p></div>