All Versions
107
Latest Version
Avg Release Cycle
36 days
Latest Release
55 days ago

Changelog History
Page 5

  • v1.8.5 Changes

    October 05, 2018

    ๐Ÿ”’ Security

    ๐Ÿš€ [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in #1785. Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2.

    ๐Ÿ›  Fixed

    • ๐Ÿ— [MRI] Fix regression in installation when building against system libraries, where some systems would not be able to find libxml2 or libxslt when present. (Regression introduced in v1.8.3.) [#1722]
    • ๐Ÿ’Ž [JRuby] Fix node reparenting when the destination doc is empty. [#1773]
  • v1.8.4 Changes

    July 03, 2018

    ๐Ÿ›  Fixed

    • [MRI] Fix memory leak when creating nodes with namespaces. (Introduced in v1.5.7) [#1771]
  • v1.8.3 Changes

    June 16, 2018

    ๐Ÿ”’ Security

    โช [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here:

    https://github.com/GNOME/libxml2/commit/960f0e2

    and more information is available about this commit and its impact here:

    https://github.com/flavorjones/loofah/issues/144

    ๐Ÿš€ This release simply reverts the libxml2 commit in question to protect users of Nokogiri's vendored libraries from similar vulnerabilities.

    If you're offended by what happened here, I'd kindly ask that you comment on the upstream bug report here:

    https://bugzilla.gnome.org/show_bug.cgi?id=769760

    ๐Ÿ”’ More Security

    โฌ†๏ธ [MRI] Vendored libxml2 upgraded to v2.9.8 which addresses CVE-2016-9318 [#1582].

    Dependencies

    • โšก๏ธ [MRI] libxml2 is updated from 2.9.7 to 2.9.8

    โž• Added

    • Node#classes, #add_class, #append_class, and #remove_class are added.
    • NodeSet#append_class is added.
    • ๐Ÿšš NodeSet#remove_attribute is a new alias for NodeSet#remove_attr.
    • NodeSet#each now returns an Enumerator when no block is passed (Thanks, @park53kr!)
    • ๐Ÿ’Ž [JRuby] General improvements in JRuby implementation (Thanks, @kares!)

    ๐Ÿ›  Fixed

    • CSS attribute selectors now gracefully handle queries using integers. [#711]
    • ๐Ÿ– Handle ASCII-8BIT encoding on fragment input [#553]
    • ๐Ÿ– Handle non-string return values within Reader [#898]
    • ๐Ÿ’Ž [JRuby] Allow Node#replace to insert Comment and CDATA nodes. [#1666]
    • ๐Ÿ“œ [JRuby] Stability and speed improvements to Node, Sax::PushParser, and the JRuby implementation [#1708, #1710, #1501]
  • v1.8.2 Changes

    January 29, 2018

    ๐Ÿ”’ Security

    โšก๏ธ [MRI] The update of vendored libxml2 from 2.9.5 to 2.9.7 addresses at least one published vulnerability, CVE-2017-15412. [#1714 has complete details]

    Dependencies

    • โšก๏ธ [MRI] libxml2 is updated from 2.9.5 to 2.9.7
    • โšก๏ธ [MRI] libxslt is updated from 1.1.30 to 1.1.32

    โž• Added

    • [MRI] OpenBSD installation should be a bit easier now. [#1685] (Thanks, @jeremyevans!)
    • ๐Ÿ [MRI] Cross-built Windows gems now support Ruby 2.5

    ๐Ÿ›  Fixed

    • Node#serialize once again returns UTF-8-encoded strings. [#1659]
    • ๐Ÿ“œ [JRuby] made SAX parsing of characters consistent with C implementation [#1676] (Thanks, @andrew-aladev!)
    • [MRI] Predefined entities, when inspected, no longer cause a segfault. [#1238]
  • v1.8.1 Changes

    September 19, 2017

    Dependencies

    • โšก๏ธ [MRI] libxml2 is updated from 2.9.4 to 2.9.5.
    • โšก๏ธ [MRI] libxslt is updated from 1.1.29 to 1.1.30.
    • [MRI] optional dependency on the pkg-config gem has had its constraint loosened to ~> 1.1 (from ~> 1.1.7). [#1660]
    • โฌ†๏ธ [MRI] Upgrade mini_portile2 dependency from ~> 2.2.0 to ~> 2.3.0, which will validate checksums on the vendored libxml2 and libxslt tarballs before using them.

    ๐Ÿ›  Fixed

    • NodeSet#first with an integer argument longer than the length of the NodeSet now correctly clamps the length of the returned NodeSet to the original length. [#1650] (Thanks, @Derenge!)
    • [MRI] Ensure CData.new raises TypeError if the content argument is not implicitly convertible into a string. [#1669]
  • v1.8.0 Changes

    June 04, 2017

    Dependencies

    ๐Ÿš€ This release ends support for Ruby 2.1 on Windows in the x86-mingw32 and x64-mingw32 platform gems (containing pre-compiled DLLs). Official support ended for Ruby 2.1 on 2017-04-01.

    ๐Ÿ Please note that this deprecation note only applies to the precompiled Windows gems. Ruby 2.1 continues to be supported (for now) in the default gem when compiled on installation.

    Dependencies

    • โฌ†๏ธ [Windows] Upgrade iconv from 1.14 to 1.15 (unless --use-system-libraries)
    • โฌ†๏ธ [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries)
    • โฌ†๏ธ [MRI] Upgrade rake-compiler dependency from 0.9.2 to 1.0.3
    • โฌ†๏ธ [MRI] Upgrade mini-portile2 dependency from ~> 2.1.0 to ~> 2.2.0
    • ๐Ÿšš [JRuby] Removed support for jruby --1.8 code paths. [#1607] (Thanks, @kares!)
    • ๐Ÿ [MRI Windows] Retrieve zlib source from http://zlib.net/fossils to avoid deprecation issues going forward. See #1632 for details around this problem.

    โž• Added

    • ๐Ÿ‘ฏ NodeSet#clone is now an alias for NodeSet#dup [#1503] (Thanks, @stephankaag!)
    • ๐Ÿ‘ Allow Processing Instructions and Comments as children of a document root. [#1033] (Thanks, @windwiny!)
    • [MRI] PushParser#replace_entities and #replace_entities= will control whether entities are replaced or not. [#1017] (Thanks, @spraints!)
    • ๐Ÿ“œ [MRI] SyntaxError#to_s now includes line number, column number, and log level if made available by the parser. [#1304, #1637] (Thanks, @spk and @ccarruitero!)
    • ๐Ÿ [MRI] Cross-built Windows gems now support Ruby 2.4
    • ๐Ÿ‘ [MRI] Support for frozen string literals. [#1413]
    • ๐Ÿ‘ [MRI] Support for installing Nokogiri on a machine in FIPS-enabled mode [#1544]
    • [MRI] Vendored libraries are verified with SHA-256 hashes (formerly some MD5 hashes were used) [#1544]
    • ๐ŸŽ [JRuby] (performance) remove unnecessary synchronization of class-cache [#1563] (Thanks, @kares!)
    • ๐ŸŽ [JRuby] (performance) remove unnecessary cloning of objects in XPath searches [#1563] (Thanks, @kares!)
    • ๐ŸŽ [JRuby] (performance) more performance improvements, particularly in XPath, Reader, XmlNode, and XmlNodeSet [#1597] (Thanks, @kares!)

    ๐Ÿ›  Fixed

    • โœ… HTML::SAX::Parser#parse_io now correctly parses HTML and not XML [#1577] (Thanks for the test case, @gregors!)
    • ๐Ÿ‘Œ Support installation on systems with a lib64 site config. [#1562]
    • [MRI] on OpenBSD, do not require gcc if using system libraries [#1515] (Thanks, @jeremyevans!)
    • [MRI] XML::Attr.new checks type of Document arg to prevent segfaults. [#1477]
    • [MRI] Prefer xmlCharStrdup (and friends) to strdup (and friends), which can cause problems on some platforms. [#1517] (Thanks, @jeremy!)
    • ๐Ÿ’Ž [JRuby] correctly append a text node before another text node [#1318] (Thanks, @jkraemer!)
    • ๐Ÿ’Ž [JRuby] custom xpath functions returning an integer now work correctly [#1595] (Thanks, @kares!)
    • [JRuby] serializing (#to_html, #to_s, et al) a document with explicit encoding now works correctly. [#1281, #1440] (Thanks, @kares!)
    • ๐Ÿ“œ [JRuby] XML::Reader now returns parse errors [#1586] (Thanks, @kares!)
    • ๐Ÿ’Ž [JRuby] Empty NodeSets are now decorated properly. [#1319] (Thanks, @kares!)
    • ๐Ÿ”€ [JRuby] Merged nodes no longer results in Java exceptions during XPath queries. [#1320] (Thanks, @kares!)
  • v1.7.2 Changes

    May 09, 2017

    ๐Ÿ”’ Security

    [MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which address CVE-2017-5029 and CVE-2016-4738.

    For more information:

  • v1.7.1 Changes

    March 19, 2017

    ๐Ÿ”’ Security

    [MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which address CVE-2016-4658 and CVE-2016-5131.

    For more information:

  • v1.7.0 Changes

    December 26, 2016

    โž• Added

    • โœ‚ Remove deprecation warnings in Ruby 2.4.0 (#1545) (Thanks, @matthewd!)
    • ๐Ÿ‘Œ Support egcc compiler on OpenBSD (#1543) (Thanks, @frenkel and @knu!)

    Dependencies

    ๐Ÿš€ This release ends support for:

  • v1.7.0.1 Changes

    January 04, 2017

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix OpenBSD support. (#1569) (related to #1543)