ยซ Changelog History


Nokogiri v1.8.3 Release Notes

Release Date: 2018-06-16 // almost 6 years ago

  • ๐Ÿ”’ Security

    โช [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here:

    https://github.com/GNOME/libxml2/commit/960f0e2

    and more information is available about this commit and its impact here:

    https://github.com/flavorjones/loofah/issues/144

    ๐Ÿš€ This release simply reverts the libxml2 commit in question to protect users of Nokogiri's vendored libraries from similar vulnerabilities.

    If you're offended by what happened here, I'd kindly ask that you comment on the upstream bug report here:

    https://bugzilla.gnome.org/show_bug.cgi?id=769760

    ๐Ÿ”’ More Security

    โฌ†๏ธ [MRI] Vendored libxml2 upgraded to v2.9.8 which addresses CVE-2016-9318 [#1582].

    Dependencies

    • โšก๏ธ [MRI] libxml2 is updated from 2.9.7 to 2.9.8

    โž• Added

    • Node#classes, #add_class, #append_class, and #remove_class are added.
    • NodeSet#append_class is added.
    • ๐Ÿšš NodeSet#remove_attribute is a new alias for NodeSet#remove_attr.
    • NodeSet#each now returns an Enumerator when no block is passed (Thanks, @park53kr!)
    • ๐Ÿ’Ž [JRuby] General improvements in JRuby implementation (Thanks, @kares!)

    ๐Ÿ›  Fixed

    • CSS attribute selectors now gracefully handle queries using integers. [#711]
    • ๐Ÿ– Handle ASCII-8BIT encoding on fragment input [#553]
    • ๐Ÿ– Handle non-string return values within Reader [#898]
    • ๐Ÿ’Ž [JRuby] Allow Node#replace to insert Comment and CDATA nodes. [#1666]
    • ๐Ÿ“œ [JRuby] Stability and speed improvements to Node, Sax::PushParser, and the JRuby implementation [#1708, #1710, #1501]