Nokogiri v1.12.5 Release Notes
Release Date: 2021-09-27 // over 2 years ago-
๐ Security
๐ [JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).
0๏ธโฃ In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.
๐ CRuby users are not affected by this CVE.
๐ Fixed
- ๐ [CRuby]
Document#to_xhtml
properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g.,<br></br>
) instead of a self-closing tag (e.g.,<br/>
) in previous Nokogiri versions. [#2324]
- ๐ [CRuby]