[ANN] nokogiri security update v1.16.2

129 views
Skip to first unread message

Mike Dalessio

unread,
Feb 4, 2024, 12:00:11 PMFeb 4
to ruby-sec...@googlegroups.com, ruby-talk
Nokogiri v1.16.2 has been released with a security update for CRuby users.

The release notes [1] are reproduced here for your convenience.


---

v1.16.2 / 2024-02-04

Security

  • [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See GHSA-xc9x-jj77-9p9j for more information.

Dependencies

sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d  nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57  nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8  nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310  nokogiri-1.16.2-java.gem
7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074  nokogiri-1.16.2-x64-mingw-ucrt.gem
a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd  nokogiri-1.16.2-x64-mingw32.gem
833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323  nokogiri-1.16.2-x86-linux.gem
e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53  nokogiri-1.16.2-x86-mingw32.gem
5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539  nokogiri-1.16.2-x86_64-darwin.gem
5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe  nokogiri-1.16.2-x86_64-linux.gem
68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c  nokogiri-1.16.2.gem

Mike Dalessio

unread,
Mar 16, 2024, 9:34:37 AMMar 16
to ruby-sec...@googlegroups.com, ruby-talk
At the request of Nokogiri users, this CVE fix has also been backported to the unsupported v1.15.x branch and released in v1.15.6.

https://github.com/sparklemotion/nokogiri/releases/tag/v1.15.6

The v1.15.x branch is still unsupported, and no future support should be inferred. No further releases on this branch are planned.
Reply all
Reply to author
Forward
0 new messages