Nokogiri v1.13.5 Release Notes
Release Date: 2022-05-04 // almost 2 years ago-
๐ Security
- โก๏ธ [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See GHSA-cgx6-hpwq-fhv5 for more information.
Dependencies
- ๐ [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.
๐ Improvements
- ๐ [CRuby] The libxml2 HTML parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare
<
characters.
๐ Changed
- โ
[CRuby] The libxml2 HTML parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence
<![CDATA[
and incorrectly-opened comments will result in HTML text nodes starting with<!
instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are intest/html4/test_comments.rb
.