Hello,
Nokogiri 1.6.6.3 and 1.6.6.4 were recently cut, with patches to the vendored libxml2/libxslt addressing a handful of CVEs and one nasty bug that doesn't have a CVE assigned.
Some links if you care to dig in:
If you're on Ubuntu and using system libraries, you may want to consider using Nokogiri's vendored libxml2 for the patch in 1.6.6.4 which is not yet in Canonical's backports.
-m