Nokogiri changelog

Changelog History

Page 6

• v1.7.1 Changes

  March 19, 2017

  🔒 Security

  [MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which address CVE-2016-4658 and CVE-2016-5131.

  For more information:

  • #1615
  • 🔒 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
  • 🔒 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html

• v1.7.0 Changes

  December 26, 2016

  ➕ Added

  • ✂ Remove deprecation warnings in Ruby 2.4.0 (#1545) (Thanks, @matthewd!)
  • 👌 Support egcc compiler on OpenBSD (#1543) (Thanks, @frenkel and @knu!)

  Dependencies

  🚀 This release ends support for:

  • 💎 Ruby 1.9.2, for which official support ended on 2014-07-31
  • 💎 Ruby 1.9.3, for which official support ended on 2015-02-23
  • 💎 Ruby 2.0.0, for which official support ended on 2016-02-24
  • 👀 MacRuby, which hasn't been actively supported since 2015-01-13 (see https://github.com/MacRuby/MacRuby/commit/f76b9d6e99c18236db617e8aceb12c27d593a483)

• v1.7.0.1 Changes

  January 04, 2017

  🛠 Fixed

  • 🛠 Fix OpenBSD support. (#1569) (related to #1543)

• v1.6.8 Changes

  June 06, 2016

  🔒 Security

  🔒 [MRI] Bundled libxml2 is upgraded to 2.9.4, which fixes many security issues. Many of these had previously been patched in the vendored libxml 2.9.2 in the 1.6.7.x branch, but some are newer.

  👀 See these libxml2 email posts for more:

  • https://mail.gnome.org/archives/xml/2015-November/msg00012.html
  • https://mail.gnome.org/archives/xml/2016-May/msg00023.html

  🔒 For a more detailed analysis, you may care to read Canonical's take on these security issues:

  • http://www.ubuntu.com/usn/usn-2994-1

  🔒 [MRI] Bundled libxslt is upgraded to 1.1.29, which fixes a security issue as well as many long-known outstanding bugs, some features, some portability improvements, and general cleanup.

  👀 See this libxslt email post for more:

  • https://mail.gnome.org/archives/xslt/2016-May/msg00004.html

  ➕ Added

  🐎 Several changes were made to improve performance:

  • [MRI] Simplify NodeSet#to_a with a minor speed-up. (#1397)
  • XML::Node#ancestors optimization. (#1297) (Thanks, Bruno Sutic!)
  • 👉 Use Symbol#to_proc where we weren't previously. (#1296) (Thanks, Bruno Sutic!)
  • XML::DTD#each uses implicit block calls. (Thanks, @glaucocustodio!)
  • Fall back to the pkg-config gem if we're having trouble finding the system libxml2. This should help many FreeBSD users. (#1417)
  • Set document encoding appropriately even on blank document. (#1043) (Thanks, @batter!)

  🛠 Fixed

  • 💎 [JRuby] fix slow add_child (#692)
  • 🚀 [JRuby] fix load errors when deploying to JRuby/Torquebox (#1114) (Thanks, @atambo and @jvshahid!)
  • 💎 [JRuby] fix NPE when inspecting nodes returned by NodeSet#drop (#1042) (Thanks, @mkristian!)
  • 💎 [JRuby] fix nil attriubte node's namespace in reader (#1327) (Thanks, @codekitchen!)
  • 💎 [JRuby] fix Nokogiri munging unicode characters that require more than 2 bytes (#1113) (Thanks, @mkristian!)
  • 💎 [JRuby] allow unlinking an unparented node (#1112, #1152) (Thanks, @esse!)
  • 📜 [JRuby] allow Fragment parsing on a frozen string (#444, #1077)
  • 💅 [JRuby] HTML style tags are no longer encoded (#1316) (Thanks, @tbeauvais!)
  • [MRI] fix assertion failure while accessing attribute node's namespace in reader (#843) (Thanks, @2potatocakes!)
  • [MRI] fix issue with GCing namespace nodes returned in an xpath query. (#1155)
  • [MRI] Ensure C strings are null-terminated. (#1381)
  • 💎 [MRI] Ensure Rubygems is loaded before using mini_portile2 at installation. (#1393, #1411) (Thanks, @JonRowe!)
  • ✅ [MRI] Handling another edge case where the libxml-ruby gem's global callbacks were smashing the heap. (#1426). (Thanks to @bbergstrom for providing an isolated test case!)
  • 📜 [MRI] Ensure encodings are passed to Sax::Parser xmldecl callback. (#844)
  • 0️⃣ [MRI] Ensure default ns prefix is applied correctly when reparenting nodes to another document. (#391) (Thanks, @ylecuyer!)
  • [MRI] Ensure Reader handles non-existent attributes as expected. (#1254) (Thanks, @ccutrer!)
  • [MRI] Cleanup around namespace handling when reparenting nodes. (#1332, #1333, #1444) (Thanks, @cuttrer and @bradleybeddoes!)
  • unescape special characters in CSS queries (#1303) (Thanks, @twalpole!)
  • consistently handle empty documents (#1349)
  • ⚡️ Update to mini_portile2 2.1.0 to address whitespace-handling during patching. (#1402)
  • 🛠 Fix encoding of xml node namespaces.
  • 🐳 Work around issue installing Nokogiri on overlayfs (commonly used in Docker containers). (#1370, #1405)

  Notes

  • ✂ Removed legacy code remaining from Ruby 1.8.x support.
  • ✂ Removed legacy code remaining from REE support.
  • ↪ Removing hacky workarounds for bugs in some older versions of libxml2.
  • Handling C strings in a forward-compatible manner, see https://github.com/ruby/ruby/blob/v2_2_0/NEWS#L319

• v1.6.8.1 Changes

  October 03, 2016

  Dependency License Notes

  ✂ Removes required dependency on the pkg-config gem. This dependency was introduced in v1.6.8 and, because it's distributed under LGPL, was objectionable to many Nokogiri users (#1488, #1496).

  This version makes pkg-config an optional dependency. If it's installed, it's used; but otherwise Nokogiri will attempt to work around its absence.

• v1.6.7 Changes

  November 29, 2015

  ➕ Added

  🏁 This version supports native builds on Windows using the RubyInstaller 🏁 DevKit. It also supports Ruby 2.2.x on Windows, as well as making several other improvements to the installation process on various platforms.

  🔒 Security

  🔒 This version also includes the security patches already applied in v1.6.6.3 and v1.6.6.4 to the vendored libxml2 and libxslt source. 👀 See #1374 and #1376 for details.

  ➕ Added

  • 💎 Cross-built gems now have a proper ruby version requirement. (#1266)
  • 🏁 Ruby 2.2.x is supported on Windows.
  • 🏁 Native build is supported on Windows.
  • [MRI] libxml2 and libxslt config.guess files brought up to date. (#1326) (Thanks, @hernan-erasmo!)
  • 💎 [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
  • [MRI, OSX] Patch to handle nonstandard location of iconv.h. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)

  🛠 Fixed

  • 💎 [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
  • 📜 [JRuby] Document#parse should support IO objects that respond to #read. (#1124) (Thanks, Jake Byman!)
  • [MRI] Duplicate-id errors when setting the id attribute on HTML documents are now silenced. (#1262)
  • 📜 [JRuby] SAX parser cuts texts in pieces when square brackets exist. (#1261)
  • 🚚 [JRuby] Namespaced attributes aren't removed by remove_attribute. (#1299)

• v1.6.7.2 Changes

  January 20, 2016

  This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

  CVE-2015-7499

  Ubuntu classifies this as "Priority: Low", RedHat classifies this as "Impact: Moderate", and NIST classifies this as "Severity: 5.0 (MEDIUM)".

  MITRE record is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

• v1.6.7.1 Changes

  December 16, 2015

  This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

  CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317

  👀 See also http://www.ubuntu.com/usn/usn-2834-1/

• v1.6.6.4 Changes

  November 19, 2015

  This version pulls in an upstream patch to the vendored libxml2 to address:

  • unclosed comment uninitialized access issue (#1376)

  👀 This issue was assigned CVE-2015-8710 after the fact. See http://seclists.org/oss-sec/2015/q4/616 for details.

• v1.6.6.3 Changes

  November 16, 2015

  This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

  • CVE-2015-1819
  • CVE-2015-7941_1
  • CVE-2015-7941_2
  • CVE-2015-7942
  • CVE-2015-7942-2
  • CVE-2015-8035
  • CVE-2015-7995

  👀 See #1374 for details.

• « First
• ‹ Prev
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• Next ›
• Last »