1.14.1 / 2023-01-30

1.14.1 / 2023-01-30

Fixed

• Serializing documents now works again with pseudo-IO objects that don't support IO's encoding API (like rubyzip's Zip::OutputStream). This was a regression in v1.14.0 due to the fix for #752 in #2434, and was not completely fixed by #2753. [#2773]
• [CRuby] Address compiler warnings about void* casting and old-style C function definitions.

---

sha256 checksums:

99594e8b94f576644ac640a223d74c79e840218948e963aa635f0254927bff10  nokogiri-1.14.1-aarch64-linux.gem
1dc9b7821e1fa1f3fda40659662e51a4b3692acc4ee6342ee34a6a537fc1d5d8  nokogiri-1.14.1-arm-linux.gem
1a693df86da8c4c97b01d614470f9c3e10b9c755de8803fbfcfffe0f9dff522a  nokogiri-1.14.1-arm64-darwin.gem
c1f87a8f7bc56028deb2aecbb29e9b318405f7c468b29047aede78b41bc735a2  nokogiri-1.14.1-java.gem
2463a1ae0be5f06a10f3f3b374c2b743bff6280db993d488511a19bb7bc7cb7c  nokogiri-1.14.1-x64-mingw-ucrt.gem
f3a2b0ceedf51d776b39dc759ce191a4df842d7d4f5900c64f33d4753db39877  nokogiri-1.14.1-x64-mingw32.gem
f395d6c28c822b0877cfb0c71781f05243c034b4823359ab25b3288a73b9fc82  nokogiri-1.14.1-x86-linux.gem
be34b32fe74e82bffca5b1f3df8727c8fdc828762b6dddab53a11cd8f8515785  nokogiri-1.14.1-x86-mingw32.gem
9b14091f77086c4f0f09451ba3acd1b5f7e0076fb34fc536682170fa9f1a5074  nokogiri-1.14.1-x86_64-darwin.gem
21d234c51582b292e2e1e02e6c30eea9188894348985d6910aa8e993749c0aff  nokogiri-1.14.1-x86_64-linux.gem
b2db3af7769c29cd77d5f39cd3d0b65ab10975bdecf04be71d683f9c9abe2663  nokogiri-1.14.1.gem

1.14.0 / 2023-01-12

1.14.0 / 2023-01-12

Notable Changes

Ruby

This release introduces native gem support for Ruby 3.2. (Also see "Technical note" under "Changed" below.)

This release ends support for:

• Ruby 2.6, for which upstream support ended 2022-04-12.
• JRuby 9.3, which is not fully compatible with Ruby 2.7+

Faster, more reliable installation: Native Gem for aarch64-linux (aka linux/arm64/v8)

This version of Nokogiri ships official native gem support for the aarch64-linux platform, which should support AWS Graviton and other ARM64 Linux platforms. Please note that glibc >= 2.29 is required for aarch64-linux systems, see Supported Platforms for more information.

Faster, more reliable installation: Native Gem for arm-linux (aka linux/arm/v7)

This version of Nokogiri ships experimental native gem support for the arm-linux platform. Please note that glibc >= 2.29 is required for arm-linux systems, see Supported Platforms for more information.

Pattern matching

This version introduces an experimental pattern matching API for XML::Attr, XML::Document, XML::DocumentFragment, XML::Namespace, XML::Node, and XML::NodeSet (and their subclasses).

Some documentation on what can be matched:

• XML::Attr#deconstruct_keys
• XML::Document#deconstruct_keys
• XML::Namespace#deconstruct_keys
• XML::Node#deconstruct_keys
• XML::DocumentFragment#deconstruct
• XML::NodeSet#deconstruct

We welcome feedback on this API at #2360.

Dependencies

CRuby

• Vendored libiconv is updated to v1.17

JRuby

• This version of Nokogiri uses jar-dependencies to manage most of the vendored Java dependencies. nokogiri -v now outputs maven metadata for all Java dependencies, and Nokogiri::VERSION_INFO also contains this metadata. [#2432]
• HTML parsing is now provided by net.sourceforge.htmlunit:neko-htmlunit:2.61.0 (previously Nokogiri used a fork of org.cyberneko.html:nekohtml)
• Vendored Jing is updated from com.thaiopensource:jing:20091111 to nu.validator:jing:20200702VNU.
• New dependency on net.sf.saxon:Saxon-HE:9.6.0-4 (via nu.validator:jing:20200702VNU).

Added

• Node#wrap and NodeSet#wrap now also accept a Node type argument, which will be duped for each wrapper. For cases where many nodes are being wrapped, creating a Node once using Document#create_element and passing that Node multiple times is significantly faster than re-parsing markup on each call. [#2657]
• [CRuby] Invocation of custom XPath or CSS handler functions may now use the nokogiri namespace prefix. Historically, the JRuby implementation required this namespace but the CRuby implementation did not support it. It's recommended that all XPath and CSS queries use the nokogiri namespace going forward. Invocation without the namespace is planned for deprecation in v1.15.0 and removal in a future release. [#2147]
• HTML5::Document#quirks_mode and HTML5::DocumentFragment#quirks_mode expose the quirks mode used by the parser.

Improved

Functional

• HTML5 parser update to reflect changes to the living specification:
  • Add the <search> element by domenic · whatwg/html
  • Remove parse error for <template><tr></tr> </template> by zcorpan · whatwg/html

Performance

• Serialization of HTML5 documents and fragments has been re-implemented and is ~10x faster than previous versions. [#2596, #2569]
• Parsing of HTML5 documents is ~90% faster thanks to additional compiler optimizations being applied. [#2639]
• Compare Encoding objects rather than compare their names. This is a slight performance improvement and is future-proof. [#2454] (Thanks, @casperisfine!)

Error handling

• Document#canonicalize now raises an exception if inclusive_namespaces is non-nil and the mode is inclusive, i.e. XML_C14N_1_0 or XML_C14N_1_1. inclusive_namespaces can only be passed with exclusive modes, and previously this silently failed.
• Empty CSS selectors now raise a clearer Nokogiri::CSS::SyntaxError message, "empty CSS selector". Previously the exception raised from the bowels of racc was "unexpected '$' after ''". [#2700]
• [CRuby] XML::Reader parsing errors encountered during Reader#attribute_hash and Reader#namespaces now raise an XML::SyntaxError. Previously these methods would return nil and users would generally experience NoMethodErrors from elsewhere in the code.
• Prefer ruby_xmalloc to malloc within the C extension. [#2480] (Thanks, @Garfield96!)

Installation

• Avoid compile-time conflict with system-installed gumbo.h on OpenBSD. [#2464]
• Remove calls to vasprintf in favor of platform-independent rb_vsprintf
• Installation from source on systems missing libiconv will once again generate a helpful error message (broken since v1.11.0). [#2505]
• [CRuby+OSX] Compiling from source on MacOS will use the clang option -Wno-unknown-warning-option to avoid errors when Ruby injects options that clang doesn't know about. [#2689]

Fixed

• SAX::Parser's encoding attribute will not be clobbered when an alternative encoding is passed into SAX::Parser#parse_io. [#1942] (Thanks, @kp666!)
• Serialized HTML4::DocumentFragment will now be properly encoded. Previously this empty string was encoded as US-ASCII. [#2649]
• Node#wrap now uses the parent as the context node for parsing wrapper markup, falling back to the document for unparented nodes. Previously the document was always used.
• [CRuby] UTF-16-encoded documents longer than ~4000 code points now serialize properly. Previously the serialized document was corrupted when it exceeded the length of libxml2's internal string buffer. [#752]
• [CRuby] The HTML5 parser now correctly handles text at the end of form elements.
• [CRuby] HTML5::Document#fragment now always uses body as the parsing context. Previously, fragments were parsed in the context of the associated document's root node, which allowed for inconsistent parsing. [#2553]
• [CRuby] Nokogiri::HTML5::Document#url now correctly returns the URL passed to the constructor method. Previously it always returned nil. [#2583]
• [CRuby] HTML5 encoding detection is now case-insensitive with respect to meta tag charset declaration. [#2693]
• [CRuby] HTML5 fragment parsing in context of an annotation-xml node now works. Previously this rarely-used path invoked rb_funcall with incorrect parameters, resulting in an exception, a fatal error, or potentially a segfault. [#2692]
• [CRuby] HTML5 quirks mode during fragment parsing more closely matches document parsing. [#2646]
• [JRuby] Fixed a bug with adding the same namespace to multiple nodes via #add_namespace_definition. [#1247]
• [JRuby] NodeSet#[] now raises a TypeError if passed an invalid parameter type. [#2211]

Deprecated

• Nokogiri.install_default_aliases is deprecated in favor of Nokogiri::EncodingHandler.install_default_aliases. This is part of a private API and is probably not called by anybody, but we'll go through a deprecation cycle before removal anyway. [#2643, #2446]

Changed

• [CRuby+OSX] Technical note: On MacOS Ruby 3.2, the symbols from libxml2 and libxslt are no longer exported. Ruby 3.2 adopted new features from the Darwin toolchain that make it challenging to continue to support this rarely-used binary API. A future minor release of Nokogiri may remove these sy...

1.14.0.rc1 / 2022-12-29

1.14.0.rc1 / 2022-12-29

This is a prerelease.

• Please provide feedback on it at #2747
• Full details on this release are at https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md

Notable changes:

• Introduces native gem support for Ruby 3.2.
• Ends support for Ruby 2.6 and JRuby 9.3
• Official native gem support for aarch64-linux
• Experimental native gem support for arm-linux
• Pattern matching API

Please note that Ruby 3.2 changes how symbols are resolved on MacOS, so we're particularly interested in hearing feedback from MacOS users about the native (precompiled) gem packages for Ruby 3.2.

We're waiting for the following to do a final release:

• a final release of rake-compiler-dock that supports Ruby 3.2
• Windows CI environment that runs Ruby 3.2.0, and green tests
• feedback to build confidence that our approach to Darwin symbol resolution in the precompiled extension works for everyone

---

sha256 checksums:

9cb5140f400c3599ba9da92a338d2384976179a05e15267d5bda27ce5ab5294a  nokogiri-1.14.0.rc1-aarch64-linux.gem
70946d652626925f0e7d8cb0f03e45b81423496e8f0db30dce7aecccc33336c6  nokogiri-1.14.0.rc1-arm-linux.gem
8562ed2a3765f2020e340d4cbde72c582843191b20114eb24bcc313307483873  nokogiri-1.14.0.rc1-arm64-darwin.gem
6359f13cccc526936913bac3515a3d3d7d1ffde5dffff4eadaaf3cad126fc753  nokogiri-1.14.0.rc1-java.gem
c83050f34b78690bd13398ad91cace3c32957614fd7b6e5ce7098386340cd23d  nokogiri-1.14.0.rc1-x64-mingw-ucrt.gem
4d2edec4b79735b648eca12c5d52b52d03f4ffd300ccacf8fda9169227eb6a4d  nokogiri-1.14.0.rc1-x64-mingw32.gem
55d334f128d86a20497a3fa4e24c67098199dc9428a44b77284cff6c95104c35  nokogiri-1.14.0.rc1-x86-linux.gem
79e1b2f25a26a9a4a87d3af64a47be27ee3cc4ec0d02eef681b64cd8b610e2a6  nokogiri-1.14.0.rc1-x86-mingw32.gem
c359c27e275da0f82d09c25f6efafd116546d2c7c43c91e9393567f00aa3064a  nokogiri-1.14.0.rc1-x86_64-darwin.gem
e15e2c0f844bd113e1b409dfb534b7e2c727b10812734064c05a732b6342f28c  nokogiri-1.14.0.rc1-x86_64-linux.gem
9d527b0b6eeb88f48bc90648df11824f247019e08b95f5a75b6ea02cefcf499a  nokogiri-1.14.0.rc1.gem

1.13.10 / 2022-12-07

1.13.10 / 2022-12-07

Security

• [CRuby] Address CVE-2022-23476, unchecked return value from xmlTextReaderExpand. See GHSA-qv4q-mr5r-qprj for more information.

Improvements

• [CRuby] XML::Reader#attribute_hash now returns nil on parse errors. This restores the behavior of #attributes from v1.13.7 and earlier. [#2715]

---

sha256 checksums:

777ce2e80f64772e91459b943e531dfef387e768f2255f9bc7a1655f254bbaa1  nokogiri-1.13.10-aarch64-linux.gem
b432ff47c51386e07f7e275374fe031c1349e37eaef2216759063bc5fa5624aa  nokogiri-1.13.10-arm64-darwin.gem
73ac581ddcb680a912e92da928ffdbac7b36afd3368418f2cee861b96e8c830b  nokogiri-1.13.10-java.gem
916aa17e624611dddbf2976ecce1b4a80633c6378f8465cff0efab022ebc2900  nokogiri-1.13.10-x64-mingw-ucrt.gem
0f85a1ad8c2b02c166a6637237133505b71a05f1bb41b91447005449769bced0  nokogiri-1.13.10-x64-mingw32.gem
91fa3a8724a1ce20fccbd718dafd9acbde099258183ac486992a61b00bb17020  nokogiri-1.13.10-x86-linux.gem
d6663f5900ccd8f72d43660d7f082565b7ffcaade0b9a59a74b3ef8791034168  nokogiri-1.13.10-x86-mingw32.gem
81755fc4b8130ef9678c76a2e5af3db7a0a6664b3cba7d9fe8ef75e7d979e91b  nokogiri-1.13.10-x86_64-darwin.gem
51d5246705dedad0a09b374d09cc193e7383a5dd32136a690a3cd56e95adf0a3  nokogiri-1.13.10-x86_64-linux.gem
d3ee00f26c151763da1691c7fc6871ddd03e532f74f85101f5acedc2d099e958  nokogiri-1.13.10.gem

1.13.9 / 2022-10-18

1.13.9 / 2022-10-18

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2022-2309, CVE-2022-40304, and CVE-2022-40303. See GHSA-2qc6-mcvw-92cw for more information.
• [CRuby] Vendored zlib is updated to address CVE-2022-37434. Nokogiri was not affected by this vulnerability, but this version of zlib was being flagged up by some vulnerability scanners, see #2626 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.10.3 from v2.9.14.
• [CRuby] Vendored libxslt is updated to v1.1.37 from v1.1.35.
• [CRuby] Vendored zlib is updated from 1.2.12 to 1.2.13. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)

Fixed

• [CRuby] Nokogiri::XML::Namespace objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [#2658] (Thanks, @eightbitraptor and @peterzhu2118!)
• [CRuby] Document#remove_namespaces! now defers freeing the underlying xmlNs struct until the Document is GCed. Previously, maintaining a reference to a Namespace object that was removed in this way could lead to a segfault. [#2658]

---

sha256 checksums:

9b69829561d30c4461ea803baeaf3460e8b145cff7a26ce397119577a4083a02  nokogiri-1.13.9-aarch64-linux.gem
e76ebb4b7b2e02c72b2d1541289f8b0679fb5984867cf199d89b8ef485764956  nokogiri-1.13.9-arm64-darwin.gem
15bae7d08bddeaa898d8e3f558723300137c26a2dc2632a1f89c8574c4467165  nokogiri-1.13.9-java.gem
f6a1dbc7229184357f3129503530af73cc59ceba4932c700a458a561edbe04b9  nokogiri-1.13.9-x64-mingw-ucrt.gem
36d935d799baa4dc488024f71881ff0bc8b172cecdfc54781169c40ec02cbdb3  nokogiri-1.13.9-x64-mingw32.gem
ebaf82aa9a11b8fafb67873d19ee48efb565040f04c898cdce8ca0cd53ff1a12  nokogiri-1.13.9-x86-linux.gem
11789a2a11b28bc028ee111f23311461104d8c4468d5b901ab7536b282504154  nokogiri-1.13.9-x86-mingw32.gem
01830e1646803ff91c0fe94bc768ff40082c6de8cfa563dafd01b3f7d5f9d795  nokogiri-1.13.9-x86_64-darwin.gem
8e93b8adec22958013799c8690d81c2cdf8a90b6f6e8150ab22e11895844d781  nokogiri-1.13.9-x86_64-linux.gem
96f37c1baf0234d3ae54c2c89aef7220d4a8a1b03d2675ff7723565b0a095531  nokogiri-1.13.9.gem

1.13.8 / 2022-07-23

1.13.8 / 2022-07-23

Deprecated

• XML::Reader#attribute_nodes is deprecated due to incompatibility between libxml2's xmlReader memory semantics and Ruby's garbage collector. Although this method continues to exist for backwards compatibility, it is unsafe to call and may segfault. This method will be removed in a future version of Nokogiri, and callers should use #attribute_hash instead. [#2598]

Improvements

• XML::Reader#attribute_hash is a new method to safely retrieve the attributes of a node from XML::Reader. [#2598, #2599]

Fixed

• [CRuby] Calling XML::Reader#attributes is now safe to call. In Nokogiri <= 1.13.7 this method may segfault. [#2598, #2599]

---

sha256 checksums:

d6b2c45a57738f12fe27783939fe1394e7049246288c7770d3b1fee7f49432a6  nokogiri-1.13.8-aarch64-linux.gem
00217e48a6995e81dd83014325c0ea0b015023a8922c7bdb2ef1416aa87c1f43  nokogiri-1.13.8-arm64-darwin.gem
9d04c616900e2b5118e501436ebb9bc48520d08f3695d012a314006e28082f72  nokogiri-1.13.8-java.gem
98f7dac7583f07a84ec3fcc01dc03a66fce10f412cd363fce7de749acdb2a42d  nokogiri-1.13.8-x64-mingw-ucrt.gem
117a71b37f2e1d774a9f031d393e72d5d04b92af8036e0c1a8dd509c247b2013  nokogiri-1.13.8-x64-mingw32.gem
6d04342456edfb8fbc041d0c2cf5a59baaa7aacdda414b2333100b02f85d441d  nokogiri-1.13.8-x86-linux.gem
0529d558b4280a55bc7af500d3d4d590b7c059c814a0cea52e4e18cb30c25d15  nokogiri-1.13.8-x86-mingw32.gem
8966d79e687b271df87a4b240456597c43cd98584e3f783fc35de4f066486421  nokogiri-1.13.8-x86_64-darwin.gem
344f1bc66feac787e5b2053c6e9095d1f33605083e58ddf2b8d4eef257bccc5f  nokogiri-1.13.8-x86_64-linux.gem
79c279298b2f22fd4e760f49990c7930436bac1b1cfeff7bacff192f30edea3c  nokogiri-1.13.8.gem

1.13.7 / 2022-07-12

1.13.7 / 2022-07-12

Fixed

XML::Node objects, when compacted, update their internal struct's reference to the Ruby object wrapper. Previously, with GC compaction enabled, a segmentation fault was possible after compaction was triggered. [#2578] (Thanks, @eightbitraptor!)

---

sha256 checksums:

16facd06367325b75bba1575ee87ee4c695e017ab7d447106ed2c00d6211db43  nokogiri-1.13.7-aarch64-linux.gem
69a1705a1f2be838bd0a778c1ff04ea58f847a41c3b5159de012617abba53f86  nokogiri-1.13.7-arm64-darwin.gem
6f26c7ed388406541ddc10cf7ea670cebe8f08a37e69be60503687374f835e1a  nokogiri-1.13.7-java.gem
3952cb78db8d107942ec7f3096d417f4d5d77bf44ae812c488bc49269d1dde6a  nokogiri-1.13.7-x64-mingw-ucrt.gem
e836c387eae9c6c93d4870db0d50e4d9505edd28100eef80c38a70d4481c09ed  nokogiri-1.13.7-x64-mingw32.gem
194484866cd0d100ee6e207a69611a63ece9e0cf305e42d449f244526e102f63  nokogiri-1.13.7-x86-linux.gem
f75903e7a1fbb896b8bd6e4ed895a0fc1760e7334b9c7faf2593f491907a9e26  nokogiri-1.13.7-x86-mingw32.gem
d41b8c9f609b3eecb129da52b9605bc833e464b9b9132c29a0c2115e5ea0ab57  nokogiri-1.13.7-x86_64-darwin.gem
dcb36fd4e75782e7b1b3315f464a0942b230497cd21d296a24d90b0d3620a9d0  nokogiri-1.13.7-x86_64-linux.gem
6ca1d753334418e749beb9bb69515a906451c9abfb9a5b060a36650419b61052  nokogiri-1.13.7.gem

1.13.6 / 2022-05-08

1.13.6 / 2022-05-08

Security

• [CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for more information.

Improvements

• {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise TypeError instead of segfaulting when an incorrect type is passed.

---

sha256:

58417c7c10f78cd1c0e1984f81538300d4ea98962cfd3f46f725efee48f9757a  nokogiri-1.13.6-aarch64-linux.gem
a2b04ec3b1b73ecc6fac619b41e9fdc70808b7a653b96ec97d04b7a23f158dbc  nokogiri-1.13.6-arm64-darwin.gem
4437f2d03bc7da8854f4aaae89e24a98cf5c8b0212ae2bc003af7e65c7ee8e27  nokogiri-1.13.6-java.gem
99d3e212bbd5e80aa602a1f52d583e4f6e917ec594e6aa580f6aacc253eff984  nokogiri-1.13.6-x64-mingw-ucrt.gem
a04f6154a75b6ed4fe2d0d0ff3ac02f094b54e150b50330448f834fa5726fbba  nokogiri-1.13.6-x64-mingw32.gem
a13f30c2863ef9e5e11240dd6d69ef114229d471018b44f2ff60bab28327de4d  nokogiri-1.13.6-x86-linux.gem
63a2ca2f7a4f6bd9126e1695037f66c8eb72ed1e1740ef162b4480c57cc17dc6  nokogiri-1.13.6-x86-mingw32.gem
2b266e0eb18030763277b30dc3d64337f440191e2bd157027441ac56a59d9dfe  nokogiri-1.13.6-x86_64-darwin.gem
3fa37b0c3b5744af45f9da3e4ae9cbd89480b35e12ae36b5e87a0452e0b38335  nokogiri-1.13.6-x86_64-linux.gem
b1512fdc0aba446e1ee30de3e0671518eb363e75fab53486e99e8891d44b8587  nokogiri-1.13.6.gem

1.13.5 / 2022-05-04

1.13.5 / 2022-05-04

Security

• [CRuby] Vendored libxml2 is updated to address CVE-2022-29824. See GHSA-cgx6-hpwq-fhv5 for more information.

Dependencies

• [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.

Improvements

• [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare < characters.

Changed

• [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and incorrectly-opened comments will result in HTML text nodes starting with <! instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are in test/html4/test_comments.rb.

---

sha256sum:

aa1bfd0fd0b33110729d4a063b7b02de9419c559eb48a1f8940b74fc638d60ea  nokogiri-1.13.5-aarch64-linux.gem
d0b872786d6c2b44c10a389e585a77c07274a2b5e7211a470f76909c0711f218  nokogiri-1.13.5-arm64-darwin.gem
3f1434c198f0daf46d24c4696a53504beb69b8c15efe0548a7aa17a8378be21d  nokogiri-1.13.5-java.gem
0e60dc107c7e289dd3817acff14a12c9f4447a994a2411f772d6dd1220a35ae6  nokogiri-1.13.5-x64-mingw-ucrt.gem
c9897dd7236738d260b66ac99ea93950fd3a6375f11a9927bf345eec4ec1fde6  nokogiri-1.13.5-x64-mingw32.gem
a81586845f99a16a85586717b0051ce1508a68722a56486582ab09b3255d3b17  nokogiri-1.13.5-x86-linux.gem
e2abaef3af396adee3b0995693d5e690eb826782f7ecddf8b1b6a5a706075cff  nokogiri-1.13.5-x86-mingw32.gem
19360ba28f31562691926d1c542c783fc0ed5f2a145f1329206f8c09e46a85ea  nokogiri-1.13.5-x86_64-darwin.gem
a598598163233ee907472808c0bc7ae4354999e77409e1711b61406066a7afb4  nokogiri-1.13.5-x86_64-linux.gem
e15570ec6d46921a3de5f5b057b027cc0c4f32775353c00e8c8dfbe443741e78  nokogiri-1.13.5.gem

1.13.4 / 2022-04-11

1.13.4 / 2022-04-11

Security

• Address CVE-2022-24836, a regular expression denial-of-service vulnerability. See GHSA-crjr-9rc5-ghw8 for more information.
• [CRuby] Vendored zlib is updated to address CVE-2018-25032. See GHSA-v6gp-9mmm-c6p5 for more information.
• [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated to address CVE-2022-23437. See GHSA-xxx9-3xcr-gjj3 for more information.
• [JRuby] Vendored nekohtml (org.cyberneko.html) is updated to address CVE-2022-24839. See GHSA-gx8x-g87m-h5q6 for more information.

Dependencies

• [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
• [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to 2.12.2.
• [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml

---

sha256sum:

095ff1995ed3dda3ea98a5f08bdc54bef02be1ce4e7c81034c4812e5e7c6e7e3  nokogiri-1.13.4-aarch64-linux.gem
7ebfc7415c819bcd4e849627e879cef2fb328bec90e802e50d74ccd13a60ec75  nokogiri-1.13.4-arm64-darwin.gem
41efd87c121991de26ef0393ac713d687e539813c3b79e454a2e3ffeecd107ea  nokogiri-1.13.4-java.gem
ab547504692ada0cec9d2e4e15afab659677c3f4c1ac3ea639bf5212b65246a1  nokogiri-1.13.4-x64-mingw-ucrt.gem
fa5c64cfdb71642ed647428e4d0d75ee0f4d189cfb63560c66fd8bdf99eb146b  nokogiri-1.13.4-x64-mingw32.gem
d6f07cbcbc28b75e8ac5d6e729ffba3602dffa0ad16ffac2322c9b4eb9b971fc  nokogiri-1.13.4-x86-linux.gem
0f7a4fd13e25abe3f98663fef0d115d58fdeff62cf23fef12d368e42adad2ce6  nokogiri-1.13.4-x86-mingw32.gem
3eef282f00ad360304fbcd5d72eb1710ff41138efda9513bb49eec832db5fa3e  nokogiri-1.13.4-x86_64-darwin.gem
3978610354ec67b59c128d23259c87b18374ee1f61cb9ed99de7143a88e70204  nokogiri-1.13.4-x86_64-linux.gem
0d46044eb39271e3360dae95ed6061ce17bc0028d475651dc48db393488c83bc  nokogiri-1.13.4.gem