Nokogiri v1.13.6 has been released with a security update for CRuby users.
The release notes
<Release 1.13.6 / 2022-05-08 · sparklemotion/nokogiri · GitHub> are
reproduced here for your convenience, and interested readers are encouraged
to click through to the security advisory
<Improper Handling of Unexpected Data Type in Nokogiri · Advisory · sparklemotion/nokogiri · GitHub>
for details.
···
---
1.13.6 / 2022-05-08Security
- [CRuby] Address CVE-2022-29181
<NVD - CVE-2022-29181>, improper handling of
unexpected data types, related to untrusted inputs to the SAX parsers. See
GHSA-xh29-r2w5-wx8m
<Improper Handling of Unexpected Data Type in Nokogiri · Advisory · sparklemotion/nokogiri · GitHub>
for
more information.
Improvements
- {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise
TypeError instead of segfaulting when an incorrect type is passed.
---
sha256:
58417c7c10f78cd1c0e1984f81538300d4ea98962cfd3f46f725efee48f9757a
nokogiri-1.13.6-aarch64-linux.gem
a2b04ec3b1b73ecc6fac619b41e9fdc70808b7a653b96ec97d04b7a23f158dbc
nokogiri-1.13.6-arm64-darwin.gem
4437f2d03bc7da8854f4aaae89e24a98cf5c8b0212ae2bc003af7e65c7ee8e27
nokogiri-1.13.6-java.gem
99d3e212bbd5e80aa602a1f52d583e4f6e917ec594e6aa580f6aacc253eff984
nokogiri-1.13.6-x64-mingw-ucrt.gem
a04f6154a75b6ed4fe2d0d0ff3ac02f094b54e150b50330448f834fa5726fbba
nokogiri-1.13.6-x64-mingw32.gem
a13f30c2863ef9e5e11240dd6d69ef114229d471018b44f2ff60bab28327de4d
nokogiri-1.13.6-x86-linux.gem
63a2ca2f7a4f6bd9126e1695037f66c8eb72ed1e1740ef162b4480c57cc17dc6
nokogiri-1.13.6-x86-mingw32.gem
2b266e0eb18030763277b30dc3d64337f440191e2bd157027441ac56a59d9dfe
nokogiri-1.13.6-x86_64-darwin.gem
3fa37b0c3b5744af45f9da3e4ae9cbd89480b35e12ae36b5e87a0452e0b38335
nokogiri-1.13.6-x86_64-linux.gem
b1512fdc0aba446e1ee30de3e0671518eb363e75fab53486e99e8891d44b8587
nokogiri-1.13.6.gem