[ANN] Nokogiri security update v1.13.10
35 views
Skip to first unread message
Mike Dalessio
Dec 7, 2022, 9:54:30 PM12/7/22
to ruby-sec...@googlegroups.com, ruby-talk
Nokogiri v1.13.10 has been released with a security update for CRuby users.
The release notes[1] are reproduced here for your convenience.
---
1.13.10 / 2022-12-07
Security
- [CRuby] Address CVE-2022-23476, unchecked return value from
xmlTextReaderExpand. See GHSA-qv4q-mr5r-qprj for more information.
Improvements
- [CRuby]
XML::Reader#attribute_hashnow returnsnilon parse errors. This restores the behavior of#attributesfrom v1.13.7 and earlier. [#2715]
sha256 checksums:
777ce2e80f64772e91459b943e531dfef387e768f2255f9bc7a1655f254bbaa1 nokogiri-1.13.10-aarch64-linux.gem
b432ff47c51386e07f7e275374fe031c1349e37eaef2216759063bc5fa5624aa nokogiri-1.13.10-arm64-darwin.gem
73ac581ddcb680a912e92da928ffdbac7b36afd3368418f2cee861b96e8c830b nokogiri-1.13.10-java.gem
916aa17e624611dddbf2976ecce1b4a80633c6378f8465cff0efab022ebc2900 nokogiri-1.13.10-x64-mingw-ucrt.gem
0f85a1ad8c2b02c166a6637237133505b71a05f1bb41b91447005449769bced0 nokogiri-1.13.10-x64-mingw32.gem
91fa3a8724a1ce20fccbd718dafd9acbde099258183ac486992a61b00bb17020 nokogiri-1.13.10-x86-linux.gem
d6663f5900ccd8f72d43660d7f082565b7ffcaade0b9a59a74b3ef8791034168 nokogiri-1.13.10-x86-mingw32.gem
81755fc4b8130ef9678c76a2e5af3db7a0a6664b3cba7d9fe8ef75e7d979e91b nokogiri-1.13.10-x86_64-darwin.gem
51d5246705dedad0a09b374d09cc193e7383a5dd32136a690a3cd56e95adf0a3 nokogiri-1.13.10-x86_64-linux.gem
d3ee00f26c151763da1691c7fc6871ddd03e532f74f85101f5acedc2d099e958 nokogiri-1.13.10.gemReply all
Reply to author
Forward
0 new messages