Nokogiri v1.8.3 Release Notes
Release Date: 2018-06-16 // almost 6 years ago-
๐ Security
โช [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here:
and more information is available about this commit and its impact here:
๐ This release simply reverts the libxml2 commit in question to protect users of Nokogiri's vendored libraries from similar vulnerabilities.
If you're offended by what happened here, I'd kindly ask that you comment on the upstream bug report here:
๐ More Security
โฌ๏ธ [MRI] Vendored libxml2 upgraded to v2.9.8 which addresses CVE-2016-9318 [#1582].
Dependencies
- โก๏ธ [MRI] libxml2 is updated from 2.9.7 to 2.9.8
โ Added
Node#classes
,#add_class
,#append_class
, and#remove_class
are added.NodeSet#append_class
is added.- ๐
NodeSet#remove_attribute
is a new alias forNodeSet#remove_attr
. NodeSet#each
now returns anEnumerator
when no block is passed (Thanks, @park53kr!)- ๐ [JRuby] General improvements in JRuby implementation (Thanks, @kares!)
๐ Fixed
- CSS attribute selectors now gracefully handle queries using integers. [#711]
- ๐ Handle ASCII-8BIT encoding on fragment input [#553]
- ๐ Handle non-string return values within
Reader
[#898] - ๐ [JRuby] Allow
Node#replace
to insert Comment and CDATA nodes. [#1666] - ๐ [JRuby] Stability and speed improvements to
Node
,Sax::PushParser
, and the JRuby implementation [#1708, #1710, #1501]