Nokogiri v1.11.4 Release Notes
Release Date: 2021-05-14 // almost 3 years ago-
๐ Security
โฌ๏ธ [CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:
- ๐ CVE-2019-20388
- ๐ CVE-2020-24977
- ๐ CVE-2021-3517
- ๐ CVE-2021-3518
- ๐ CVE-2021-3537
- ๐ CVE-2021-3541
๐ Note that two additional CVEs were addressed upstream but are not relevant to this release. CVE-2021-3516 via
xmllint
is not present in Nokogiri, and CVE-2020-7595 has been patched in Nokogiri since v1.10.8 (see #1992).๐ Please see nokogiri/GHSA-7rrm-v45f-jp64 or #2233 for a more complete analysis of these CVEs and patches.
Dependencies
- ๐ [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)