Nokogiri v1.13.10 has been released with a security update for CRuby users.
The release notes[1] are reproduced here for your convenience.
[1]: Release 1.13.10 / 2022-12-07 · sparklemotion/nokogiri · GitHub
···
---
1.13.10 / 2022-12-07Security
- [CRuby] Address CVE-2022-23476, unchecked return value from
xmlTextReaderExpand. See GHSA-qv4q-mr5r-qprj
<https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj>
for
more information.
Improvements
- [CRuby] XML::Reader#attribute_hash now returns nil on parse errors.
This restores the behavior of #attributes from v1.13.7 and earlier. [
#2715 <Issues · sparklemotion/nokogiri · GitHub]
------------------------------
sha256 checksums:
777ce2e80f64772e91459b943e531dfef387e768f2255f9bc7a1655f254bbaa1
nokogiri-1.13.10-aarch64-linux.gem
b432ff47c51386e07f7e275374fe031c1349e37eaef2216759063bc5fa5624aa
nokogiri-1.13.10-arm64-darwin.gem
73ac581ddcb680a912e92da928ffdbac7b36afd3368418f2cee861b96e8c830b
nokogiri-1.13.10-java.gem
916aa17e624611dddbf2976ecce1b4a80633c6378f8465cff0efab022ebc2900
nokogiri-1.13.10-x64-mingw-ucrt.gem
0f85a1ad8c2b02c166a6637237133505b71a05f1bb41b91447005449769bced0
nokogiri-1.13.10-x64-mingw32.gem
91fa3a8724a1ce20fccbd718dafd9acbde099258183ac486992a61b00bb17020
nokogiri-1.13.10-x86-linux.gem
d6663f5900ccd8f72d43660d7f082565b7ffcaade0b9a59a74b3ef8791034168
nokogiri-1.13.10-x86-mingw32.gem
81755fc4b8130ef9678c76a2e5af3db7a0a6664b3cba7d9fe8ef75e7d979e91b
nokogiri-1.13.10-x86_64-darwin.gem
51d5246705dedad0a09b374d09cc193e7383a5dd32136a690a3cd56e95adf0a3
nokogiri-1.13.10-x86_64-linux.gem
d3ee00f26c151763da1691c7fc6871ddd03e532f74f85101f5acedc2d099e958
nokogiri-1.13.10.gem