Nokogiri v1.18.9 has been released with a security update for CRuby users.
The release notes [1] are reproduced here for your convenience. See
GHSA-353f-x4gh-cqq8 [2] for more information.
[1]: Release v1.18.9 / 2025-07-20 · sparklemotion/nokogiri · GitHub
[2]:
Nokogiri patches vendored libxml2 to resolve multiple CVEs · Advisory · sparklemotion/nokogiri · GitHub
···
---
## v1.18.9 / 2025-07-20
### Security
* [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021,
CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See
[GHSA-353f-x4gh-cqq8](
Nokogiri patches vendored libxml2 to resolve multiple CVEs · Advisory · sparklemotion/nokogiri · GitHub)
for more information.
### sha256 checksums
616817ac7b526a4d8695829f48df2169