Sourced from nokogiri's\r\nreleases.
\r\n\r\n\r\nv1.16.5 / 2024-05-13
\r\nSecurity
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\nGHSA-r95h-9x8f-r3f7\r\nfor more information.
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.7\r\nfrom v2.12.6. (
\r\n@flavorjones
)
\r\nsha256 checksums:
\r\n\r\n\r\naf0f44fa3e664dfb2aa10de8b551447d720c1e8d1f0aa3f35783dcc43e40a874\r\nnokogiri-1.16.5-aarch64-linux.gem\r\n23dc2357b26409a5c33b7e32a82902f0e9995305420f16d1a03ab3ea1a482fec\r\nnokogiri-1.16.5-arm-linux.gem\r\n950d037530edb49f75ad35de0b8038b970a7dda57e2b6326895b0e49fadf6214\r\nnokogiri-1.16.5-arm64-darwin.gem\r\nb7aefc94370c62476b8528e8d8abb6160203abd84a1f4eceda8f1aa8974d9989\r\nnokogiri-1.16.5-java.gem\r\nec2167160df8fec3137bf95d574ed80ebc1d002bb3b281546b60b4aa9002466e\r\nnokogiri-1.16.5-x64-mingw-ucrt.gem\r\n6984200491fac69974005ecfa2de129d61843d345eafa5d6f58e8b908d1cf107\r\nnokogiri-1.16.5-x64-mingw32.gem\r\nabdc389ab1ec6604492da16bd9d06ad746fdb6bd6a1bd274c400d61ffcadb3c4\r\nnokogiri-1.16.5-x86-linux.gem\r\n63d24981345856f2baf7f4089870a62d3042fb8d3021b280fb04fc052532e3c4\r\nnokogiri-1.16.5-x86-mingw32.gem\r\n71b5f54e378c433d13df67c3b71acc4716129da62402d8181f310c4216a63279\r\nnokogiri-1.16.5-x86_64-darwin.gem\r\n0ca238da870066bed2f7837af6f35791bb9b76c4c5638999c46aac44818a6a97\r\nnokogiri-1.16.5-x86_64-linux.gem\r\nec36162c68984fa0a90a5c4ae7ab7759460639e716cc1ce75f34c3cb54158ad2\r\nnokogiri-1.16.5.gem\r\n
v1.16.4 / 2024-04-10
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored zlib in the precompiled native gems is updated to\r\nv1.3.1 from v1.3. Nokogiri\r\nis not affected by the minizip CVE patched in this version, but this\r\nupdate may satisfy some security scanners. Related, see this\r\ndiscussion about removing the compression libraries altogether in a\r\nfuture version of Nokogiri.
\r\n
\r\nsha256 checksums:
\r\n\r\n\r\nbdb1dc4378ebcf3ade8f440c7df68f6d76946a1a96c4823a2b4c53c01a320cd5\r\nnokogiri-1.16.4-aarch64-linux.gem\r\n0c994b9996d5576eddcc3201a94ef2bff6fc3627c4ae4d2708b0ec9b9743ec6a\r\nnokogiri-1.16.4-arm-linux.gem\r\n8e86abb64c93c06d3c588042a0e757279e8f1dc88b5210a00be892a9a7a27196\r\nnokogiri-1.16.4-arm64-darwin.gem\r\nbf84fa28be4943692bd64772186e0832fb1061f80714ccb93e111e9d72b1cadc\r\nnokogiri-1.16.4-java.gem\r\na46808467c1f63a2031e1ca0715cd5336bb4ec759e9c0e2f4c951c1cc30994ae\r\nnokogiri-1.16.4-x64-mingw-ucrt.gem\r\n4cdf64bc5e9443ec3e0b595347ecc8affe21968d9ae934c0825d26630ef96468\r\nnokogiri-1.16.4-x64-mingw32.gem\r\nd86d21bae47dd9f6f5223055e45d33fae08b0b89aad94cbc0ece4f4274fa7af5\r\nnokogiri-1.16.4-x86-linux.gem\r\nd488b872884844686780fda7cf5da44ee884d32faa713a55aeb4736d76718168\r\nnokogiri-1.16.4-x86-mingw32.gem\r\na896e52a56951ffb0e6a9279afbf485d683e357a053d27f4cfcb2a73b0824628\r\nnokogiri-1.16.4-x86_64-darwin.gem\r\n92ff4f09910255fec84b3bc4c4b182e94cada3ed12b9f7a6ea058e0af186fb31\r\nnokogiri-1.16.4-x86_64-linux.gem\r\n</tr></table> \r\n
... (truncated)
\r\nSourced from nokogiri's\r\nchangelog.
\r\n\r\n\r\nv1.16.5
\r\nSecurity
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to address CVE-2024-34459. See\r\nGHSA-r95h-9x8f-r3f7\r\nfor more information.
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.7\r\nfrom v2.12.6. (
\r\n@flavorjones
)v1.16.4 / 2024-04-10
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored zlib in the precompiled native gems is updated to\r\nv1.3.1 from v1.3. Nokogiri\r\nis not affected by the minizip CVE patched in this version, but this\r\nupdate may satisfy some security scanners. Related, see this\r\ndiscussion about removing the compression libraries altogether in a\r\nfuture version of Nokogiri.
\r\nv1.16.3 / 2024-03-15
\r\nDependencies
\r\n\r\n
\r\n- [CRuby] Vendored libxml2 is updated to v2.12.6\r\nfrom v2.12.5. (
\r\n@flavorjones
)Changed
\r\n\r\n
\r\n- [CRuby]
\r\nXML::Reader
sets the@encoding
\r\ninstance variable during reading if it is not passed into the\r\ninitializer. Previously, it would remainnil
. The behavior\r\nofReader#encoding
has not changed. This works around\r\nchanges to how libxml2 reports the encoding used in v2.12.6.
cd70bd3
\r\nversion bump to v1.16.5afc36de
\r\ndep: update vendored libxml2 to v2.12.7 (#3191)41b4f08
\r\nci: add arm64-darwin coverage using macos-1467b9e86
\r\ndep: update libxml2 to v2.12.717c0362
\r\nversion bump to v1.16.41c329e9
\r\ndep: update to zlib 1.3.1 (v1.16.x) (#3175)edeac07
\r\ndep: update to zlib 1.3.180fb608
\r\nversion bump to v1.16.3710bd96
\r\ndep: update libxml 2.12.6 (branch v1.16.x) (#3151)461a96e
\r\nfix: Reader#read sets @encoding
if it is\r\nunset