All Versions
79
Latest Version
Avg Release Cycle
52 days
Latest Release
55 days ago

Changelog History
Page 1

  • v1.10.7

    December 03, 2019

    1.10.7 / 2019-12-03

    🐛 Bug

    • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]
  • v1.10.6

    December 03, 2019

    1.10.6 / 2019-12-03

    🐛 Bug

    • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @nurse!)
  • v1.10.5

    October 31, 2019

    🔒 Security

    ⬆️ [MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

    • CVE-2019-13117
    • CVE-2019-13118
    • CVE-2019-18197

    More details are available at #1943.

    Dependencies

    • ⚡️ [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
    • ⚡️ [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34
  • v1.10.4

    August 11, 2019

    1.10.4 / 2019-08-11

    🔒 Security

    ➕ Address CVE-2019-5477 (#1915)

    💎 A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

    ⬆️ This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

    This CVE's public notice is #1915

  • v1.10.3

    April 22, 2019

    1.10.3 / 2019-04-22

    🔒 Security Notes

    🚀 [MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

  • v1.10.2

    March 25, 2019

    1.10.2 / 2019-03-24

    🔒 Security

    • 🚚 [MRI] Remove support from vendored libxml2 for future script macros. [#1871]
    • 🚚 [MRI] Remove support from vendored libxml2 for server-side includes within attributes. [#1877]

    🐛 Bug fixes

    • 💎 [JRuby] Fix node ownership in duplicated documents. [#1060]
    • 💎 [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @adjam!)
  • v1.10.1

    January 13, 2019

    1.10.1 / 2019-01-13

    🔋 Features

    • [MRI] During installation, handle Xcode 10's new library pathOS. [#1801, #1851] (Thanks, @mlj and @deepj!)
    • Avoid unnecessary creation of Procs in many methods. [#1776] (Thanks, @chopraanmol1!)

    🐛 Bug fixes

    • CSS selector :has() now correctly matches against any descendant. Previously this selector matched against only direct children). [#350] (Thanks, @Phrogz!)
    • NodeSet#attr now returns nil if it's empty. Previously this raised a NoMethodError.
    • 💅 [MRI] XPath errors are no longer suppressed during XSLT::Stylesheet#transform. Previously these errors were suppressed which led to silent failures and a subsequent segfault. [#1802]
  • v1.10.0

    January 04, 2019

    1.10.0 / 2019-01-04

    🔋 Features

    • 🏁 [MRI] Cross-built Windows gems now support Ruby 2.6 [#1842, #1850]

    Backwards incompatibilities

    🚀 This release ends support for:

    Dependencies

    • ⚡️ [MRI] libxml2 is updated from 2.9.8 to 2.9.9
    • ⚡️ [MRI] libxslt is updated from 1.1.32 to 1.1.33
  • v1.10.0.rc1

    January 03, 2019
  • v1.9.1

    December 18, 2018

    1.9.1 / 2018-12-17

    🐛 Bug fixes

    • 🛠 Fix a bug introduced in v1.9.0 where XML::DocumentFragment#dup no longer returned an instance of the callee's class, instead always returning an XML::DocumentFragment. This notably broke any subclass of XML::DocumentFragment including HTML::DocumentFragment as well as the Loofah gem's Loofah::HTML::DocumentFragment. [#1846]