All Versions
Latest Version
Avg Release Cycle
28 days
Latest Release
351 days ago

Changelog History
Page 6

  • v1.7.1 Changes

    March 19, 2017

    ๐Ÿ”’ Security

    [MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which address CVE-2016-4658 and CVE-2016-5131.

    For more information:

  • v1.7.0 Changes

    December 26, 2016

    โž• Added

    • โœ‚ Remove deprecation warnings in Ruby 2.4.0 (#1545) (Thanks, @matthewd!)
    • ๐Ÿ‘Œ Support egcc compiler on OpenBSD (#1543) (Thanks, @frenkel and @knu!)


    ๐Ÿš€ This release ends support for:

  • v1.7.0.1 Changes

    January 04, 2017

    ๐Ÿ›  Fixed

    • ๐Ÿ›  Fix OpenBSD support. (#1569) (related to #1543)
  • v1.6.8 Changes

    June 06, 2016

    ๐Ÿ”’ Security

    ๐Ÿ”’ [MRI] Bundled libxml2 is upgraded to 2.9.4, which fixes many security issues. Many of these had previously been patched in the vendored libxml 2.9.2 in the 1.6.7.x branch, but some are newer.

    ๐Ÿ‘€ See these libxml2 email posts for more:

    ๐Ÿ”’ For a more detailed analysis, you may care to read Canonical's take on these security issues:

    ๐Ÿ”’ [MRI] Bundled libxslt is upgraded to 1.1.29, which fixes a security issue as well as many long-known outstanding bugs, some features, some portability improvements, and general cleanup.

    ๐Ÿ‘€ See this libxslt email post for more:

    โž• Added

    ๐ŸŽ Several changes were made to improve performance:

    • [MRI] Simplify NodeSet#to_a with a minor speed-up. (#1397)
    • XML::Node#ancestors optimization. (#1297) (Thanks, Bruno Sutic!)
    • ๐Ÿ‘‰ Use Symbol#to_proc where we weren't previously. (#1296) (Thanks, Bruno Sutic!)
    • XML::DTD#each uses implicit block calls. (Thanks, @glaucocustodio!)
    • Fall back to the pkg-config gem if we're having trouble finding the system libxml2. This should help many FreeBSD users. (#1417)
    • Set document encoding appropriately even on blank document. (#1043) (Thanks, @batter!)

    ๐Ÿ›  Fixed

    • ๐Ÿ’Ž [JRuby] fix slow add_child (#692)
    • ๐Ÿš€ [JRuby] fix load errors when deploying to JRuby/Torquebox (#1114) (Thanks, @atambo and @jvshahid!)
    • ๐Ÿ’Ž [JRuby] fix NPE when inspecting nodes returned by NodeSet#drop (#1042) (Thanks, @mkristian!)
    • ๐Ÿ’Ž [JRuby] fix nil attriubte node's namespace in reader (#1327) (Thanks, @codekitchen!)
    • ๐Ÿ’Ž [JRuby] fix Nokogiri munging unicode characters that require more than 2 bytes (#1113) (Thanks, @mkristian!)
    • ๐Ÿ’Ž [JRuby] allow unlinking an unparented node (#1112, #1152) (Thanks, @esse!)
    • ๐Ÿ“œ [JRuby] allow Fragment parsing on a frozen string (#444, #1077)
    • ๐Ÿ’… [JRuby] HTML style tags are no longer encoded (#1316) (Thanks, @tbeauvais!)
    • [MRI] fix assertion failure while accessing attribute node's namespace in reader (#843) (Thanks, @2potatocakes!)
    • [MRI] fix issue with GCing namespace nodes returned in an xpath query. (#1155)
    • [MRI] Ensure C strings are null-terminated. (#1381)
    • ๐Ÿ’Ž [MRI] Ensure Rubygems is loaded before using mini_portile2 at installation. (#1393, #1411) (Thanks, @JonRowe!)
    • โœ… [MRI] Handling another edge case where the libxml-ruby gem's global callbacks were smashing the heap. (#1426). (Thanks to @bbergstrom for providing an isolated test case!)
    • ๐Ÿ“œ [MRI] Ensure encodings are passed to Sax::Parser xmldecl callback. (#844)
    • 0๏ธโƒฃ [MRI] Ensure default ns prefix is applied correctly when reparenting nodes to another document. (#391) (Thanks, @ylecuyer!)
    • [MRI] Ensure Reader handles non-existent attributes as expected. (#1254) (Thanks, @ccutrer!)
    • [MRI] Cleanup around namespace handling when reparenting nodes. (#1332, #1333, #1444) (Thanks, @cuttrer and @bradleybeddoes!)
    • unescape special characters in CSS queries (#1303) (Thanks, @twalpole!)
    • consistently handle empty documents (#1349)
    • โšก๏ธ Update to mini_portile2 2.1.0 to address whitespace-handling during patching. (#1402)
    • ๐Ÿ›  Fix encoding of xml node namespaces.
    • ๐Ÿณ Work around issue installing Nokogiri on overlayfs (commonly used in Docker containers). (#1370, #1405)


    • โœ‚ Removed legacy code remaining from Ruby 1.8.x support.
    • โœ‚ Removed legacy code remaining from REE support.
    • โ†ช Removing hacky workarounds for bugs in some older versions of libxml2.
    • Handling C strings in a forward-compatible manner, see
  • v1.6.8.1 Changes

    October 03, 2016

    Dependency License Notes

    โœ‚ Removes required dependency on the pkg-config gem. This dependency was introduced in v1.6.8 and, because it's distributed under LGPL, was objectionable to many Nokogiri users (#1488, #1496).

    This version makes pkg-config an optional dependency. If it's installed, it's used; but otherwise Nokogiri will attempt to work around its absence.

  • v1.6.7 Changes

    November 29, 2015

    โž• Added

    ๐Ÿ This version supports native builds on Windows using the RubyInstaller ๐Ÿ DevKit. It also supports Ruby 2.2.x on Windows, as well as making several other improvements to the installation process on various platforms.

    ๐Ÿ”’ Security

    ๐Ÿ”’ This version also includes the security patches already applied in v1.6.6.3 and v1.6.6.4 to the vendored libxml2 and libxslt source. ๐Ÿ‘€ See #1374 and #1376 for details.

    โž• Added

    • ๐Ÿ’Ž Cross-built gems now have a proper ruby version requirement. (#1266)
    • ๐Ÿ Ruby 2.2.x is supported on Windows.
    • ๐Ÿ Native build is supported on Windows.
    • [MRI] libxml2 and libxslt config.guess files brought up to date. (#1326) (Thanks, @hernan-erasmo!)
    • ๐Ÿ’Ž [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, @twalpole!)
    • [MRI, OSX] Patch to handle nonstandard location of iconv.h. (#1206, #1210, #1218, #1345) (Thanks, @neonichu!)

    ๐Ÿ›  Fixed

    • ๐Ÿ’Ž [JRuby] reset the namespace cache when replacing the document's innerHtml (#1265) (Thanks, @mkristian!)
    • ๐Ÿ“œ [JRuby] Document#parse should support IO objects that respond to #read. (#1124) (Thanks, Jake Byman!)
    • [MRI] Duplicate-id errors when setting the id attribute on HTML documents are now silenced. (#1262)
    • ๐Ÿ“œ [JRuby] SAX parser cuts texts in pieces when square brackets exist. (#1261)
    • ๐Ÿšš [JRuby] Namespaced attributes aren't removed by remove_attribute. (#1299)
  • v1.6.7.2 Changes

    January 20, 2016

    This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:


    Ubuntu classifies this as "Priority: Low", RedHat classifies this as "Impact: Moderate", and NIST classifies this as "Severity: 5.0 (MEDIUM)".

    MITRE record is

  • v1.6.7.1 Changes

    December 16, 2015

    This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

    CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317

    ๐Ÿ‘€ See also

  • v1.6.6.4 Changes

    November 19, 2015

    This version pulls in an upstream patch to the vendored libxml2 to address:

    • unclosed comment uninitialized access issue (#1376)

    ๐Ÿ‘€ This issue was assigned CVE-2015-8710 after the fact. See for details.

  • v1.6.6.3 Changes

    November 16, 2015

    This version pulls in several upstream patches to the vendored libxml2 and libxslt to address:

    • CVE-2015-1819
    • CVE-2015-7941_1
    • CVE-2015-7941_2
    • CVE-2015-7942
    • CVE-2015-7942-2
    • CVE-2015-8035
    • CVE-2015-7995

    ๐Ÿ‘€ See #1374 for details.