[ANN] nokogiri security update 1.8.2 released

38 views

Skip to first unread message

Mike Dalessio

unread,

Jan 29, 2018, 8:19:52 AM1/29/18

to nokogiri-talk, ruby-talk, ruby-sec...@googlegroups.com

nokogiri version 1.8.2 has been released.

This release contains a few new features and bugfixes in addition to the security update, wherein the vendored libxml2 and libxslt versions have been updated:

* libxml2 is updated from 2.9.5 to 2.9.7

* libxslt is updated from 1.1.30 to 1.1.32

which addresses at least one published vulnerability, [CVE-2017-15412][], which rates a "priority:medium" from Canonical. Github Issue [#1714][] has more information on this CVE.

If you're using your distro's system libraries, rather than Nokogiri's vendored libraries, there's no security need to upgrade at this time. Full details about the security update are available in Github Issue [#1714][].

One other notable change in this version is support for Ruby 2.5 on Windows in the "fat binary" gems. Special thanks goes to Lars Kanis for his continuing work to help support Windows users.

[CVE-2017-15412]: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html

[#1714]: https://github.com/sparklemotion/nokogiri/issues/1714

-----

Full changelog entry:

# 1.8.2 / 2018-01-29

## Security Notes

[MRI] The update of vendored libxml2 from 2.9.5 to 2.9.7 addresses at least one published vulnerability, CVE-2017-15412. [#1714 has complete details]

## Dependencies

* [MRI] libxml2 is updated from 2.9.5 to 2.9.7

* [MRI] libxml2 is updated from 1.1.30 to 1.1.32

## Features

* [MRI] OpenBSD installation should be a bit easier now. [#1685] (Thanks, @jeremyevans!)

* [MRI] Cross-built Windows gems now support Ruby 2.5

## Bug fixes

* Node#serialize once again returns UTF-8-encoded strings. [#1659]

* [JRuby] made SAX parsing of characters consistent with C implementation [#1676] (Thanks, @andrew-aladev!)

* [MRI] Predefined entities, when inspected, no longer cause a segfault. [#1238]

-----

sha-256 checksums:

fc94d0c13357cedf94a0b518036eb9881ae04be96972ec434ae2d34ac95d2063 gems/nokogiri-1.8.2-java.gem

11ce39c03953737081da17d78689352f71adc9811dadc3f6915a0ae4aaac9367 gems/nokogiri-1.8.2-x64-mingw32.gem

e036aede0c72dcd2b58a9a66b4412bccc8b33237b90f6413c28e3f7c1e5e1251 gems/nokogiri-1.8.2-x86-mingw32.gem

382af505a11b735e97f52ec6279ea484be7a7560d5599e81def40943601fd515 gems/nokogiri-1.8.2.gem

Reply all

Reply to author

Forward

0 new messages