Path to this page:
Subject: CVS commit: pkgsrc/textproc/ruby-nokogiri
From: Izumi Tsutsui
Date: 2021-10-01 20:54:25
Message id: 20211001185425.ED603FA97@cvs.NetBSD.org
Log Message:
ruby-nokogiri: update to 1.12.5.
Upstream changes:
https://github.com/sparklemotion/nokogiri/releases/tag/v1.12.5
1.12.5 / 2021-09-27
Security
[JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve
external entities (XXE) by default. This fix turns off
entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX
parsers' behavior.
CRuby users are not affected by this CVE.
Fixed
* [CRuby] Document#to_xhtml properly serializes self-closing tags in libxml >
2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting
start and and tags (e.g., <br></br>) instead of a self-closing \
tag (e.g.,
<br/>) in previous Nokogiri versions. [#2324]
Files: