Releases: sparklemotion/nokogiri
1.14.1 / 2023-01-30
1.14.1 / 2023-01-30
Fixed
- Serializing documents now works again with pseudo-IO objects that don't support IO's encoding API (like rubyzip's
Zip::OutputStream
). This was a regression in v1.14.0 due to the fix for #752 in #2434, and was not completely fixed by #2753. [#2773] - [CRuby] Address compiler warnings about
void*
casting and old-style C function definitions.
sha256 checksums:
99594e8b94f576644ac640a223d74c79e840218948e963aa635f0254927bff10 nokogiri-1.14.1-aarch64-linux.gem
1dc9b7821e1fa1f3fda40659662e51a4b3692acc4ee6342ee34a6a537fc1d5d8 nokogiri-1.14.1-arm-linux.gem
1a693df86da8c4c97b01d614470f9c3e10b9c755de8803fbfcfffe0f9dff522a nokogiri-1.14.1-arm64-darwin.gem
c1f87a8f7bc56028deb2aecbb29e9b318405f7c468b29047aede78b41bc735a2 nokogiri-1.14.1-java.gem
2463a1ae0be5f06a10f3f3b374c2b743bff6280db993d488511a19bb7bc7cb7c nokogiri-1.14.1-x64-mingw-ucrt.gem
f3a2b0ceedf51d776b39dc759ce191a4df842d7d4f5900c64f33d4753db39877 nokogiri-1.14.1-x64-mingw32.gem
f395d6c28c822b0877cfb0c71781f05243c034b4823359ab25b3288a73b9fc82 nokogiri-1.14.1-x86-linux.gem
be34b32fe74e82bffca5b1f3df8727c8fdc828762b6dddab53a11cd8f8515785 nokogiri-1.14.1-x86-mingw32.gem
9b14091f77086c4f0f09451ba3acd1b5f7e0076fb34fc536682170fa9f1a5074 nokogiri-1.14.1-x86_64-darwin.gem
21d234c51582b292e2e1e02e6c30eea9188894348985d6910aa8e993749c0aff nokogiri-1.14.1-x86_64-linux.gem
b2db3af7769c29cd77d5f39cd3d0b65ab10975bdecf04be71d683f9c9abe2663 nokogiri-1.14.1.gem
1.14.0 / 2023-01-12
1.14.0 / 2023-01-12
Notable Changes
Ruby
This release introduces native gem support for Ruby 3.2. (Also see "Technical note" under "Changed" below.)
This release ends support for:
- Ruby 2.6, for which upstream support ended 2022-04-12.
- JRuby 9.3, which is not fully compatible with Ruby 2.7+
Faster, more reliable installation: Native Gem for aarch64-linux
(aka linux/arm64/v8
)
This version of Nokogiri ships official native gem support for the aarch64-linux
platform, which should support AWS Graviton and other ARM64 Linux platforms. Please note that glibc >= 2.29 is required for aarch64-linux systems, see Supported Platforms for more information.
Faster, more reliable installation: Native Gem for arm-linux
(aka linux/arm/v7
)
This version of Nokogiri ships experimental native gem support for the arm-linux
platform. Please note that glibc >= 2.29 is required for arm-linux systems, see Supported Platforms for more information.
Pattern matching
This version introduces an experimental pattern matching API for XML::Attr
, XML::Document
, XML::DocumentFragment
, XML::Namespace
, XML::Node
, and XML::NodeSet
(and their subclasses).
Some documentation on what can be matched:
XML::Attr#deconstruct_keys
XML::Document#deconstruct_keys
XML::Namespace#deconstruct_keys
XML::Node#deconstruct_keys
XML::DocumentFragment#deconstruct
XML::NodeSet#deconstruct
We welcome feedback on this API at #2360.
Dependencies
CRuby
- Vendored libiconv is updated to v1.17
JRuby
- This version of Nokogiri uses
jar-dependencies
to manage most of the vendored Java dependencies.nokogiri -v
now outputs maven metadata for all Java dependencies, andNokogiri::VERSION_INFO
also contains this metadata. [#2432] - HTML parsing is now provided by
net.sourceforge.htmlunit:neko-htmlunit:2.61.0
(previously Nokogiri used a fork oforg.cyberneko.html:nekohtml
) - Vendored Jing is updated from
com.thaiopensource:jing:20091111
tonu.validator:jing:20200702VNU
. - New dependency on
net.sf.saxon:Saxon-HE:9.6.0-4
(vianu.validator:jing:20200702VNU
).
Added
Node#wrap
andNodeSet#wrap
now also accept aNode
type argument, which will bedup
ed for each wrapper. For cases where many nodes are being wrapped, creating aNode
once usingDocument#create_element
and passing thatNode
multiple times is significantly faster than re-parsing markup on each call. [#2657]- [CRuby] Invocation of custom XPath or CSS handler functions may now use the
nokogiri
namespace prefix. Historically, the JRuby implementation required this namespace but the CRuby implementation did not support it. It's recommended that all XPath and CSS queries use thenokogiri
namespace going forward. Invocation without the namespace is planned for deprecation in v1.15.0 and removal in a future release. [#2147] HTML5::Document#quirks_mode
andHTML5::DocumentFragment#quirks_mode
expose the quirks mode used by the parser.
Improved
Functional
- HTML5 parser update to reflect changes to the living specification:
Performance
- Serialization of HTML5 documents and fragments has been re-implemented and is ~10x faster than previous versions. [#2596, #2569]
- Parsing of HTML5 documents is ~90% faster thanks to additional compiler optimizations being applied. [#2639]
- Compare
Encoding
objects rather than compare their names. This is a slight performance improvement and is future-proof. [#2454] (Thanks, @casperisfine!)
Error handling
Document#canonicalize
now raises an exception ifinclusive_namespaces
is non-nil and the mode is inclusive, i.e.XML_C14N_1_0
orXML_C14N_1_1
.inclusive_namespaces
can only be passed with exclusive modes, and previously this silently failed.- Empty CSS selectors now raise a clearer
Nokogiri::CSS::SyntaxError
message, "empty CSS selector". Previously the exception raised from the bowels ofracc
was "unexpected '$' after ''". [#2700] - [CRuby]
XML::Reader
parsing errors encountered duringReader#attribute_hash
andReader#namespaces
now raise anXML::SyntaxError
. Previously these methods would returnnil
and users would generally experienceNoMethodErrors
from elsewhere in the code. - Prefer
ruby_xmalloc
tomalloc
within the C extension. [#2480] (Thanks, @Garfield96!)
Installation
- Avoid compile-time conflict with system-installed
gumbo.h
on OpenBSD. [#2464] - Remove calls to
vasprintf
in favor of platform-independentrb_vsprintf
- Installation from source on systems missing libiconv will once again generate a helpful error message (broken since v1.11.0). [#2505]
- [CRuby+OSX] Compiling from source on MacOS will use the clang option
-Wno-unknown-warning-option
to avoid errors when Ruby injects options that clang doesn't know about. [#2689]
Fixed
SAX::Parser
'sencoding
attribute will not be clobbered when an alternative encoding is passed intoSAX::Parser#parse_io
. [#1942] (Thanks, @kp666!)- Serialized
HTML4::DocumentFragment
will now be properly encoded. Previously this empty string was encoded asUS-ASCII
. [#2649] Node#wrap
now uses the parent as the context node for parsing wrapper markup, falling back to the document for unparented nodes. Previously the document was always used.- [CRuby] UTF-16-encoded documents longer than ~4000 code points now serialize properly. Previously the serialized document was corrupted when it exceeded the length of libxml2's internal string buffer. [#752]
- [CRuby] The HTML5 parser now correctly handles text at the end of
form
elements. - [CRuby]
HTML5::Document#fragment
now always usesbody
as the parsing context. Previously, fragments were parsed in the context of the associated document's root node, which allowed for inconsistent parsing. [#2553] - [CRuby]
Nokogiri::HTML5::Document#url
now correctly returns the URL passed to the constructor method. Previously it always returnednil
. [#2583] - [CRuby]
HTML5
encoding detection is now case-insensitive with respect tometa
tag charset declaration. [#2693] - [CRuby]
HTML5
fragment parsing in context of an annotation-xml node now works. Previously this rarely-used path invoked rb_funcall with incorrect parameters, resulting in an exception, a fatal error, or potentially a segfault. [#2692] - [CRuby]
HTML5
quirks mode during fragment parsing more closely matches document parsing. [#2646] - [JRuby] Fixed a bug with adding the same namespace to multiple nodes via
#add_namespace_definition
. [#1247] - [JRuby]
NodeSet#[]
now raises a TypeError if passed an invalid parameter type. [#2211]
Deprecated
Nokogiri.install_default_aliases
is deprecated in favor ofNokogiri::EncodingHandler.install_default_aliases
. This is part of a private API and is probably not called by anybody, but we'll go through a deprecation cycle before removal anyway. [#2643, #2446]
Changed
- [CRuby+OSX] Technical note: On MacOS Ruby 3.2, the symbols from libxml2 and libxslt are no longer exported. Ruby 3.2 adopted new features from the Darwin toolchain that make it challenging to continue to support this rarely-used binary API. A future minor release of Nokogiri may remove these sy...
1.14.0.rc1 / 2022-12-29
1.14.0.rc1 / 2022-12-29
This is a prerelease.
- Please provide feedback on it at #2747
- Full details on this release are at https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md
Notable changes:
- Introduces native gem support for Ruby 3.2.
- Ends support for Ruby 2.6 and JRuby 9.3
- Official native gem support for
aarch64-linux
- Experimental native gem support for
arm-linux
- Pattern matching API
Please note that Ruby 3.2 changes how symbols are resolved on MacOS, so we're particularly interested in hearing feedback from MacOS users about the native (precompiled) gem packages for Ruby 3.2.
We're waiting for the following to do a final release:
- a final release of rake-compiler-dock that supports Ruby 3.2
- Windows CI environment that runs Ruby 3.2.0, and green tests
- feedback to build confidence that our approach to Darwin symbol resolution in the precompiled extension works for everyone
sha256 checksums:
9cb5140f400c3599ba9da92a338d2384976179a05e15267d5bda27ce5ab5294a nokogiri-1.14.0.rc1-aarch64-linux.gem
70946d652626925f0e7d8cb0f03e45b81423496e8f0db30dce7aecccc33336c6 nokogiri-1.14.0.rc1-arm-linux.gem
8562ed2a3765f2020e340d4cbde72c582843191b20114eb24bcc313307483873 nokogiri-1.14.0.rc1-arm64-darwin.gem
6359f13cccc526936913bac3515a3d3d7d1ffde5dffff4eadaaf3cad126fc753 nokogiri-1.14.0.rc1-java.gem
c83050f34b78690bd13398ad91cace3c32957614fd7b6e5ce7098386340cd23d nokogiri-1.14.0.rc1-x64-mingw-ucrt.gem
4d2edec4b79735b648eca12c5d52b52d03f4ffd300ccacf8fda9169227eb6a4d nokogiri-1.14.0.rc1-x64-mingw32.gem
55d334f128d86a20497a3fa4e24c67098199dc9428a44b77284cff6c95104c35 nokogiri-1.14.0.rc1-x86-linux.gem
79e1b2f25a26a9a4a87d3af64a47be27ee3cc4ec0d02eef681b64cd8b610e2a6 nokogiri-1.14.0.rc1-x86-mingw32.gem
c359c27e275da0f82d09c25f6efafd116546d2c7c43c91e9393567f00aa3064a nokogiri-1.14.0.rc1-x86_64-darwin.gem
e15e2c0f844bd113e1b409dfb534b7e2c727b10812734064c05a732b6342f28c nokogiri-1.14.0.rc1-x86_64-linux.gem
9d527b0b6eeb88f48bc90648df11824f247019e08b95f5a75b6ea02cefcf499a nokogiri-1.14.0.rc1.gem
1.13.10 / 2022-12-07
1.13.10 / 2022-12-07
Security
- [CRuby] Address CVE-2022-23476, unchecked return value from
xmlTextReaderExpand
. See GHSA-qv4q-mr5r-qprj for more information.
Improvements
- [CRuby]
XML::Reader#attribute_hash
now returnsnil
on parse errors. This restores the behavior of#attributes
from v1.13.7 and earlier. [#2715]
sha256 checksums:
777ce2e80f64772e91459b943e531dfef387e768f2255f9bc7a1655f254bbaa1 nokogiri-1.13.10-aarch64-linux.gem
b432ff47c51386e07f7e275374fe031c1349e37eaef2216759063bc5fa5624aa nokogiri-1.13.10-arm64-darwin.gem
73ac581ddcb680a912e92da928ffdbac7b36afd3368418f2cee861b96e8c830b nokogiri-1.13.10-java.gem
916aa17e624611dddbf2976ecce1b4a80633c6378f8465cff0efab022ebc2900 nokogiri-1.13.10-x64-mingw-ucrt.gem
0f85a1ad8c2b02c166a6637237133505b71a05f1bb41b91447005449769bced0 nokogiri-1.13.10-x64-mingw32.gem
91fa3a8724a1ce20fccbd718dafd9acbde099258183ac486992a61b00bb17020 nokogiri-1.13.10-x86-linux.gem
d6663f5900ccd8f72d43660d7f082565b7ffcaade0b9a59a74b3ef8791034168 nokogiri-1.13.10-x86-mingw32.gem
81755fc4b8130ef9678c76a2e5af3db7a0a6664b3cba7d9fe8ef75e7d979e91b nokogiri-1.13.10-x86_64-darwin.gem
51d5246705dedad0a09b374d09cc193e7383a5dd32136a690a3cd56e95adf0a3 nokogiri-1.13.10-x86_64-linux.gem
d3ee00f26c151763da1691c7fc6871ddd03e532f74f85101f5acedc2d099e958 nokogiri-1.13.10.gem
1.13.9 / 2022-10-18
1.13.9 / 2022-10-18
Security
- [CRuby] Vendored libxml2 is updated to address CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for more information.
- [CRuby] Vendored zlib is updated to address CVE-2022-37434. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see #2626 for more information.
Dependencies
- [CRuby] Vendored libxml2 is updated to v2.10.3 from v2.9.14.
- [CRuby] Vendored libxslt is updated to v1.1.37 from v1.1.35.
- [CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
Fixed
- [CRuby]
Nokogiri::XML::Namespace
objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [#2658] (Thanks, @eightbitraptor and @peterzhu2118!) - [CRuby]
Document#remove_namespaces!
now defers freeing the underlyingxmlNs
struct until theDocument
is GCed. Previously, maintaining a reference to aNamespace
object that was removed in this way could lead to a segfault. [#2658]
sha256 checksums:
9b69829561d30c4461ea803baeaf3460e8b145cff7a26ce397119577a4083a02 nokogiri-1.13.9-aarch64-linux.gem
e76ebb4b7b2e02c72b2d1541289f8b0679fb5984867cf199d89b8ef485764956 nokogiri-1.13.9-arm64-darwin.gem
15bae7d08bddeaa898d8e3f558723300137c26a2dc2632a1f89c8574c4467165 nokogiri-1.13.9-java.gem
f6a1dbc7229184357f3129503530af73cc59ceba4932c700a458a561edbe04b9 nokogiri-1.13.9-x64-mingw-ucrt.gem
36d935d799baa4dc488024f71881ff0bc8b172cecdfc54781169c40ec02cbdb3 nokogiri-1.13.9-x64-mingw32.gem
ebaf82aa9a11b8fafb67873d19ee48efb565040f04c898cdce8ca0cd53ff1a12 nokogiri-1.13.9-x86-linux.gem
11789a2a11b28bc028ee111f23311461104d8c4468d5b901ab7536b282504154 nokogiri-1.13.9-x86-mingw32.gem
01830e1646803ff91c0fe94bc768ff40082c6de8cfa563dafd01b3f7d5f9d795 nokogiri-1.13.9-x86_64-darwin.gem
8e93b8adec22958013799c8690d81c2cdf8a90b6f6e8150ab22e11895844d781 nokogiri-1.13.9-x86_64-linux.gem
96f37c1baf0234d3ae54c2c89aef7220d4a8a1b03d2675ff7723565b0a095531 nokogiri-1.13.9.gem
1.13.8 / 2022-07-23
1.13.8 / 2022-07-23
Deprecated
XML::Reader#attribute_nodes
is deprecated due to incompatibility between libxml2'sxmlReader
memory semantics and Ruby's garbage collector. Although this method continues to exist for backwards compatibility, it is unsafe to call and may segfault. This method will be removed in a future version of Nokogiri, and callers should use#attribute_hash
instead. [#2598]
Improvements
XML::Reader#attribute_hash
is a new method to safely retrieve the attributes of a node fromXML::Reader
. [#2598, #2599]
Fixed
- [CRuby] Calling
XML::Reader#attributes
is now safe to call. In Nokogiri <= 1.13.7 this method may segfault. [#2598, #2599]
sha256 checksums:
d6b2c45a57738f12fe27783939fe1394e7049246288c7770d3b1fee7f49432a6 nokogiri-1.13.8-aarch64-linux.gem
00217e48a6995e81dd83014325c0ea0b015023a8922c7bdb2ef1416aa87c1f43 nokogiri-1.13.8-arm64-darwin.gem
9d04c616900e2b5118e501436ebb9bc48520d08f3695d012a314006e28082f72 nokogiri-1.13.8-java.gem
98f7dac7583f07a84ec3fcc01dc03a66fce10f412cd363fce7de749acdb2a42d nokogiri-1.13.8-x64-mingw-ucrt.gem
117a71b37f2e1d774a9f031d393e72d5d04b92af8036e0c1a8dd509c247b2013 nokogiri-1.13.8-x64-mingw32.gem
6d04342456edfb8fbc041d0c2cf5a59baaa7aacdda414b2333100b02f85d441d nokogiri-1.13.8-x86-linux.gem
0529d558b4280a55bc7af500d3d4d590b7c059c814a0cea52e4e18cb30c25d15 nokogiri-1.13.8-x86-mingw32.gem
8966d79e687b271df87a4b240456597c43cd98584e3f783fc35de4f066486421 nokogiri-1.13.8-x86_64-darwin.gem
344f1bc66feac787e5b2053c6e9095d1f33605083e58ddf2b8d4eef257bccc5f nokogiri-1.13.8-x86_64-linux.gem
79c279298b2f22fd4e760f49990c7930436bac1b1cfeff7bacff192f30edea3c nokogiri-1.13.8.gem
1.13.7 / 2022-07-12
1.13.7 / 2022-07-12
Fixed
XML::Node
objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [#2578] (Thanks, @eightbitraptor!)
sha256 checksums:
16facd06367325b75bba1575ee87ee4c695e017ab7d447106ed2c00d6211db43 nokogiri-1.13.7-aarch64-linux.gem
69a1705a1f2be838bd0a778c1ff04ea58f847a41c3b5159de012617abba53f86 nokogiri-1.13.7-arm64-darwin.gem
6f26c7ed388406541ddc10cf7ea670cebe8f08a37e69be60503687374f835e1a nokogiri-1.13.7-java.gem
3952cb78db8d107942ec7f3096d417f4d5d77bf44ae812c488bc49269d1dde6a nokogiri-1.13.7-x64-mingw-ucrt.gem
e836c387eae9c6c93d4870db0d50e4d9505edd28100eef80c38a70d4481c09ed nokogiri-1.13.7-x64-mingw32.gem
194484866cd0d100ee6e207a69611a63ece9e0cf305e42d449f244526e102f63 nokogiri-1.13.7-x86-linux.gem
f75903e7a1fbb896b8bd6e4ed895a0fc1760e7334b9c7faf2593f491907a9e26 nokogiri-1.13.7-x86-mingw32.gem
d41b8c9f609b3eecb129da52b9605bc833e464b9b9132c29a0c2115e5ea0ab57 nokogiri-1.13.7-x86_64-darwin.gem
dcb36fd4e75782e7b1b3315f464a0942b230497cd21d296a24d90b0d3620a9d0 nokogiri-1.13.7-x86_64-linux.gem
6ca1d753334418e749beb9bb69515a906451c9abfb9a5b060a36650419b61052 nokogiri-1.13.7.gem
1.13.6 / 2022-05-08
1.13.6 / 2022-05-08
Security
- [CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for more information.
Improvements
{HTML4,XML}::SAX::{Parser,ParserContext}
constructor methods now raiseTypeError
instead of segfaulting when an incorrect type is passed.
sha256:
58417c7c10f78cd1c0e1984f81538300d4ea98962cfd3f46f725efee48f9757a nokogiri-1.13.6-aarch64-linux.gem
a2b04ec3b1b73ecc6fac619b41e9fdc70808b7a653b96ec97d04b7a23f158dbc nokogiri-1.13.6-arm64-darwin.gem
4437f2d03bc7da8854f4aaae89e24a98cf5c8b0212ae2bc003af7e65c7ee8e27 nokogiri-1.13.6-java.gem
99d3e212bbd5e80aa602a1f52d583e4f6e917ec594e6aa580f6aacc253eff984 nokogiri-1.13.6-x64-mingw-ucrt.gem
a04f6154a75b6ed4fe2d0d0ff3ac02f094b54e150b50330448f834fa5726fbba nokogiri-1.13.6-x64-mingw32.gem
a13f30c2863ef9e5e11240dd6d69ef114229d471018b44f2ff60bab28327de4d nokogiri-1.13.6-x86-linux.gem
63a2ca2f7a4f6bd9126e1695037f66c8eb72ed1e1740ef162b4480c57cc17dc6 nokogiri-1.13.6-x86-mingw32.gem
2b266e0eb18030763277b30dc3d64337f440191e2bd157027441ac56a59d9dfe nokogiri-1.13.6-x86_64-darwin.gem
3fa37b0c3b5744af45f9da3e4ae9cbd89480b35e12ae36b5e87a0452e0b38335 nokogiri-1.13.6-x86_64-linux.gem
b1512fdc0aba446e1ee30de3e0671518eb363e75fab53486e99e8891d44b8587 nokogiri-1.13.6.gem
1.13.5 / 2022-05-04
1.13.5 / 2022-05-04
Security
- [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See GHSA-cgx6-hpwq-fhv5 for more information.
Dependencies
- [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.
Improvements
- [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare
<
characters.
Changed
- [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence
<![CDATA[
and incorrectly-opened comments will result in HTML text nodes starting with<!
instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are intest/html4/test_comments.rb
.
sha256sum:
aa1bfd0fd0b33110729d4a063b7b02de9419c559eb48a1f8940b74fc638d60ea nokogiri-1.13.5-aarch64-linux.gem
d0b872786d6c2b44c10a389e585a77c07274a2b5e7211a470f76909c0711f218 nokogiri-1.13.5-arm64-darwin.gem
3f1434c198f0daf46d24c4696a53504beb69b8c15efe0548a7aa17a8378be21d nokogiri-1.13.5-java.gem
0e60dc107c7e289dd3817acff14a12c9f4447a994a2411f772d6dd1220a35ae6 nokogiri-1.13.5-x64-mingw-ucrt.gem
c9897dd7236738d260b66ac99ea93950fd3a6375f11a9927bf345eec4ec1fde6 nokogiri-1.13.5-x64-mingw32.gem
a81586845f99a16a85586717b0051ce1508a68722a56486582ab09b3255d3b17 nokogiri-1.13.5-x86-linux.gem
e2abaef3af396adee3b0995693d5e690eb826782f7ecddf8b1b6a5a706075cff nokogiri-1.13.5-x86-mingw32.gem
19360ba28f31562691926d1c542c783fc0ed5f2a145f1329206f8c09e46a85ea nokogiri-1.13.5-x86_64-darwin.gem
a598598163233ee907472808c0bc7ae4354999e77409e1711b61406066a7afb4 nokogiri-1.13.5-x86_64-linux.gem
e15570ec6d46921a3de5f5b057b027cc0c4f32775353c00e8c8dfbe443741e78 nokogiri-1.13.5.gem
1.13.4 / 2022-04-11
1.13.4 / 2022-04-11
Security
- Address CVE-2022-24836, a regular expression denial-of-service vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
- [CRuby] Vendored zlib is updated to address CVE-2018-25032. See GHSA-v6gp-9mmm-c6p5 for more information.
- [JRuby] Vendored Xerces-J (
xerces:xercesImpl
) is updated to address CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information. - [JRuby] Vendored nekohtml (
org.cyberneko.html
) is updated to address CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.
Dependencies
- [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
- [JRuby] Vendored Xerces-J (
xerces:xercesImpl
) is updated from 2.12.0 to 2.12.2. - [JRuby] Vendored nekohtml (
org.cyberneko.html
) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml
sha256sum:
095ff1995ed3dda3ea98a5f08bdc54bef02be1ce4e7c81034c4812e5e7c6e7e3 nokogiri-1.13.4-aarch64-linux.gem
7ebfc7415c819bcd4e849627e879cef2fb328bec90e802e50d74ccd13a60ec75 nokogiri-1.13.4-arm64-darwin.gem
41efd87c121991de26ef0393ac713d687e539813c3b79e454a2e3ffeecd107ea nokogiri-1.13.4-java.gem
ab547504692ada0cec9d2e4e15afab659677c3f4c1ac3ea639bf5212b65246a1 nokogiri-1.13.4-x64-mingw-ucrt.gem
fa5c64cfdb71642ed647428e4d0d75ee0f4d189cfb63560c66fd8bdf99eb146b nokogiri-1.13.4-x64-mingw32.gem
d6f07cbcbc28b75e8ac5d6e729ffba3602dffa0ad16ffac2322c9b4eb9b971fc nokogiri-1.13.4-x86-linux.gem
0f7a4fd13e25abe3f98663fef0d115d58fdeff62cf23fef12d368e42adad2ce6 nokogiri-1.13.4-x86-mingw32.gem
3eef282f00ad360304fbcd5d72eb1710ff41138efda9513bb49eec832db5fa3e nokogiri-1.13.4-x86_64-darwin.gem
3978610354ec67b59c128d23259c87b18374ee1f61cb9ed99de7143a88e70204 nokogiri-1.13.4-x86_64-linux.gem
0d46044eb39271e3360dae95ed6061ce17bc0028d475651dc48db393488c83bc nokogiri-1.13.4.gem