[ruby-talk:444407] [ANN] nokogiri security update v1.16.2

ruby-talk
1

Nokogiri v1.16.2 has been released with a security update for CRuby users.

The release notes [1] are reproduced here for your convenience.

  [1]: Release v1.16.2 / 2024-02-04 · sparklemotion/nokogiri · GitHub

···

---

v1.16.2 / 2024-02-04Security

   - [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See
   GHSA-xc9x-jj77-9p9j
   <https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j&gt;
for
   more information.

Dependencies

   - [CRuby] Vendored libxml2 is updated to v2.12.5
   <https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5&gt; from
   v2.12.4. (@flavorjones <https://github.com/flavorjones&gt;\)

------------------------------

sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d
nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57
nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8
nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310
nokogiri-1.16.2-java.gem
7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074
nokogiri-1.16.2-x64-mingw-ucrt.gem
a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd
nokogiri-1.16.2-x64-mingw32.gem
833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323
nokogiri-1.16.2-x86-linux.gem
e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53
nokogiri-1.16.2-x86-mingw32.gem
5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539
nokogiri-1.16.2-x86_64-darwin.gem
5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe
nokogiri-1.16.2-x86_64-linux.gem
68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c
nokogiri-1.16.2.gem

2

At the request of Nokogiri users, this CVE fix has also been backported to
the unsupported v1.15.x branch and released in v1.15.6.

The v1.15.x branch is still unsupported, and no future support should be
inferred. No further releases on this branch are planned.

···

On Sun, Feb 4, 2024 at 11:59 AM Mike Dalessio <mike.dalessio@gmail.com> wrote:

Nokogiri v1.16.2 has been released with a security update for CRuby users.

The release notes [1] are reproduced here for your convenience.

  [1]: Release v1.16.2 / 2024-02-04 · sparklemotion/nokogiri · GitHub

---

v1.16.2 / 2024-02-04Security

   - [CRuby] Vendored libxml2 is updated to address CVE-2024-25062. See
   GHSA-xc9x-jj77-9p9j
   <https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j&gt; for
   more information.

Dependencies

   - [CRuby] Vendored libxml2 is updated to v2.12.5
   <https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5&gt; from
   v2.12.4. (@flavorjones <https://github.com/flavorjones&gt;\)

------------------------------

sha256 checksums:

69ba15d2a2498324489ed63850997f0b8f684260114ea81116d3082f16551d2d nokogiri-1.16.2-aarch64-linux.gem
6a05ce42e3587a40cf8936ece0beaa5d32922254215d2e8cf9ad40588bb42e57 nokogiri-1.16.2-arm-linux.gem
c957226c8e36b31be6a3afb8602e2128282bf8b40ea51016c4cd21aa2608d3f8 nokogiri-1.16.2-arm64-darwin.gem
122652bfc338cd8a54a692ac035e245e41fd3b8283299202ca26e7a7d50db310 nokogiri-1.16.2-java.gem
7344b5072ca69fc5bedb61cb01a3b765b93a27aae5a2a845c2ba7200e4345074 nokogiri-1.16.2-x64-mingw-ucrt.gem
a2a5e184a424111a0d5b77947986484920ad708009c667f061e8d02035c562dd nokogiri-1.16.2-x64-mingw32.gem
833efddeb51a6c2c9f6356295623c2b2e0d50050d468695c59bd929162953323 nokogiri-1.16.2-x86-linux.gem
e67fc0418dffaff9dc8b1dc65f0605282c3fee9488832d0223b620b4319e0b53 nokogiri-1.16.2-x86-mingw32.gem
5def799e5f139f21a79d7cf71172313a7b6fb0e4b2a31ab9bd5d4ad305994539 nokogiri-1.16.2-x86_64-darwin.gem
5b146240ac6ec6c40fd4367623e74442bca45a542bd3282b1d4d18b07b8e5dfe nokogiri-1.16.2-x86_64-linux.gem
68922ee5cde27497d995c46f2821957bae961947644eed2822d173daf7567f9c nokogiri-1.16.2.gem