Skip to content

Commit ca92e48

Browse files
flavorjonesflavorjones
committed
dep: update packaged libxml2 to v2.12.9
Addresses CVE-2024-40896 which Nokogiri maintainers believe does not affect Nokogiri users.
1 parent fb833ea commit ca92e48

File tree

2 files changed

+10
-3
lines changed

2 files changed

+10
-3
lines changed

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,13 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA
44

55
---
66

7+
## v1.16.next / unreleased
8+
9+
## Dependencies
10+
11+
* [CRuby] Vendored libxml2 is updated to [v2.12.9](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.9), which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.
12+
13+
714
## v1.16.6 / 2024-06-13
815

916
## Dependencies

dependencies.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
---
22
libxml2:
3-
version: "2.12.8"
4-
sha256: "43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93"
5-
# sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.8.sha256sum
3+
version: "2.12.9"
4+
sha256: "59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590"
5+
# sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.9.sha256sum
66

77
libxslt:
88
version: "1.1.39"

0 commit comments

Comments
 (0)