Subject: CVS commit: pkgsrc/textproc/ruby-rexml
From: Takahiro Kambe
Date: 2021-06-01 17:33:58
Message id: 20210601153358.E3F65FA95@cvs.NetBSD.org
Log Message:
textproc/ruby-rexml: update to 3.2.5

3.2.5 (2021-04-05)

Improvements

* Add more validations to XPath parser.
* require "rexml/document" by default. [GitHub#36][Patch by Koichi ITO]
* Don't add #dclone method to core classes globally. [GitHub#37][Patch by
  Akira Matsuda]
* Add more documentations. [Patch by Burdette Lamar]
* Added REXML::Elements#parent. [GitHub#52][Patch by Burdette Lamar]

Fixes

* Fixed a bug that REXML::DocType#clone doesn't copy external ID
  information.
* Fixed round-trip vulnerability bugs. See also:
  \ 
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
  [HackerOne#1104077][CVE-2021-28965][Reported by Juho Nurminen]

Thanks

* Koichi ITO
* Akira Matsuda
* Burdette Lamar
* Juho Nurminen
Files:
RevisionActionfile
1.14modifypkgsrc/textproc/ruby-rexml/Makefile
1.5modifypkgsrc/textproc/ruby-rexml/PLIST
1.7modifypkgsrc/textproc/ruby-rexml/distinfo