|
|
|
|
Changelog for ruby3.1-rubygem-nokogiri-1.11-1.11.7-lp155.1.11.x86_64.rpm :
* Thu Jun 24 2021 Stephan Kulow updated to version 1.11.7 no changelog found * Tue Jun 01 2021 Manuel Schnitzer - updated to version 1.11.6 [#]# 1.11.6 / 2021-05-26 [#]## Fixed * [CRuby] `DocumentFragment#path` now does proper error-checking to handle behavior introduced in libxml > 2.9.10. In v1.11.4 and v1.11.5, calling `DocumentFragment#path` could result in a segfault. [#]# 1.11.5 / 2021-05-19 [#]## Fixed [Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs. libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see [libxml/!66](https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66)). Early testing caught this segfault on non-Windows platforms (see [#2059](https://github.com/sparklemotion/nokogiri/issues/2059) and [libxmlAATT956534e](https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac04e107f23c5d)) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs. We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby\'s memory management functions. `Nokogiri::VERSION_INFO[\"libxml\"][\"memory_management\"]` will allow you to verify when the default memory management functions are being used. [[#2241](https://github.com/sparklemotion/nokogiri/issues/2241)] [#]## Added `Nokogiri::VERSION_INFO[\"libxml\"]` now contains the key `\"memory_management\"` to declare whether libxml2 is using its `default` memory management functions, or whether it uses the memory management functions from `ruby`. See above for more details. [#]# 1.11.4 / 2021-05-14 [#]## Security [CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses: - [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388) - [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977) - [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517) - [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518) - [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537) - [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541) Note that two additional CVEs were addressed upstream but are not relevant to this release. [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516) via `xmllint` is not present in Nokogiri, and [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595) has been patched in Nokogiri since v1.10.8 (see [#1992](https://github.com/sparklemotion/nokogiri/issues/1992)). Please see [nokogiri/GHSA-7rrm-v45f-jp64 ](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64) or [#2233](https://github.com/sparklemotion/nokogiri/issues/2233) for a more complete analysis of these CVEs and patches. [#]## Dependencies * [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.) * Tue Apr 20 2021 Manuel Schnitzer - updated to version 1.11.3 [#]## Fixed * [CRuby] Passing non-`Node` objects to `Document#root=` now raises an `ArgumentError` exception. Previously this likely segfaulted. [[#1900](https://github.com/sparklemotion/nokogiri/issues/1900)] * [JRuby] Passing non-`Node` objects to `Document#root=` now raises an `ArgumentError` exception. Previously this raised a `TypeError` exception. * [CRuby] arm64/aarch64 systems (like Apple\'s M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience) * Mon Mar 15 2021 Manuel Schnitzer - updated to version 1.11.2 see CHANGELOG.md * Thu Jan 07 2021 Manuel Schnitzer - updated to version 1.11.1 see CHANGELOG.md * Mon Jan 04 2021 Marcus Rueckert - Update to version 1.11.0 https://nokogiri.org/CHANGELOG.html#v1110-2021-01-03 * Mon Jul 13 2020 Manuel Schnitzer - updated to version 1.10.10 * Features - [MRI] Cross-built Windows gems now support Ruby 2.7 [#2029]. Note that prior to this release, the v1.11.x prereleases provided this support. * Mon Jun 08 2020 Marcus Rueckert - Switch to the proper directory so it actually finds the patched gem. * Mon Jun 08 2020 Marcus Rueckert - add fix so we no longer need mini_portile2. This is only needed when not building against system libraries (boo#1171881) https://github.com/sparklemotion/nokogiri/issues/2033 * Tue Mar 03 2020 Manuel Schnitzer - updated to version 1.10.9 [#] Fixed * [MRI] Raise an exception when Nokogiri detects a specific libxml2 edge case involving blank Schema nodes wrapped by Ruby objects that would cause a segfault. Currently no fix is available upstream, so we\'re preventing a dangerous operation and informing users to code around it if possible. [#1985, #2001] * [JRuby] Change NodeSet#to_a to return a RubyArray instead of Object, for compilation under JRuby 9.2.9 and later. [#1968, #1969] (Thanks, AATTheadius!) * Tue Feb 11 2020 Marcus Rueckert - update to 1.10.8 [MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml. * Sat Dec 14 2019 Manuel Schnitzer - updated to version 1.10.7 [#]## Bug * [MRI] Ensure the patch applied in v1.10.6 works with GNU `patch`. [#1954] [#]# 1.10.6 / 2019-12-03 [#]## Bug * [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, AATTnurse!) * Tue Nov 12 2019 Manuel Schnitzer - updated to version 1.10.5 [#]## Dependencies * [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10 * [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34 * Mon Aug 12 2019 Manuel Schnitzer - updated to version 1.10.4 (CVE-2019-5477) A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby\'s `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being passed untrusted user input. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. This CVE\'s public notice is https://github.com/sparklemotion/nokogiri/issues/1915 * Wed Apr 24 2019 Marcus Rueckert - updated to version 1.10.3 - [MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt. * Fri Mar 29 2019 Stephan Kulow - updated to version 1.10.2 no changelog found * Sat Jan 19 2019 Marcus Rueckert - rb_build_ruby_abi needs to be rb_build_ruby_abis * Fri Jan 18 2019 Marcus Rueckert - use rb_build_ruby_abi instead of rb_default_ruby_abi * Mon Jan 14 2019 Marcus Rueckert - limit to ruby 2.5 and above * Mon Jan 14 2019 mschnitzerAATTsuse.com- updated to version 1.10.1 [#]## Features * [MRI] During installation, handle Xcode 10\'s new library path. [#1801, #1851] (Thanks, AATTmlj and AATTdeepj!) * Avoid unnecessary creation of `Proc`s in many methods. [#1776] (Thanks, AATTchopraanmol1!) [#]## Bug fixes * CSS selector `:has()` now correctly matches against any descendant. Previously this selector matched against only direct children). [#350] (Thanks, AATTPhrogz!) * `NodeSet#attr` now returns `nil` if it\'s empty. Previously this raised a NoMethodError. * [MRI] XPath errors are no longer suppressed during `XSLT::Stylesheet#transform`. Previously these errors were suppressed which led to silent failures and a subsequent segfault. [#1802] * Wed Dec 19 2018 Stephan Kulow - updated to version 1.9.1 CHANGELOG.md removed upstream * Mon Oct 29 2018 mschnitzerAATTsuse.com- updated to version 1.8.5 [#]# Security Notes [MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and CVE-2018-14567. Full details are available in [#1785](https://github.com/sparklemotion/nokogiri/issues/1785). Note that these patches are not yet (as of 2018-10-04) in an upstream release of libxml2. [#]# Bug fixes * [MRI] Fix regression in installation when building against system libraries, where some systems would not be able to find libxml2 or libxslt when present. (Regression introduced in v1.8.3.) [#1722] * [JRuby] Fix node reparenting when the destination doc is empty. [#1773] * Wed Jul 04 2018 factory-autoAATTkulow.org- updated to version 1.8.4 see installed CHANGELOG.md [#] 1.8.4 / 2018-07-03 [#]# Bug fixes * [MRI] Fix memory leak when creating nodes with namespaces. (Introduced in v1.5.7) [#1771] * Sat Jun 16 2018 factory-autoAATTkulow.org- updated to version 1.8.3 see installed CHANGELOG.md [#] 1.8.3 / 2018-06-16 [#]# Security Notes [MRI] Behavior in libxml2 has been reverted which caused CVE-2018-8048 (loofah gem), CVE-2018-3740 (sanitize gem), and CVE-2018-3741 (rails-html-sanitizer gem). The commit in question is here: > https://github.com/GNOME/libxml2/commit/960f0e2 and more information is available about this commit and its impact here: > https://github.com/flavorjones/loofah/issues/144 This release simply reverts the libxml2 commit in question to protect users of Nokogiri\'s vendored libraries from similar vulnerabilities. If you\'re offended by what happened here, I\'d kindly ask that you comment on the upstream bug report here: > https://bugzilla.gnome.org/show_bug.cgi?id=769760 [#]# Dependencies * [MRI] libxml2 is updated from 2.9.7 to 2.9.8 [#]# Features * Node#classes, #add_class, #append_class, and #remove_class are added. * NodeSet#append_class is added. * NodeSet#remove_attribute is a new alias for NodeSet#remove_attr. * NodeSet#each now returns an Enumerator when no block is passed (Thanks, AATTpark53kr!) * [JRuby] General improvements in JRuby implementation (Thanks, AATTkares!) [#]# Bug fixes * CSS attribute selectors now gracefully handle queries using integers. [#711] * Handle ASCII-8BIT encoding on fragment input [#553] * Handle non-string return values within `Reader` [#898] * [JRuby] Allow Node#replace to insert Comment and CDATA nodes. [#1666] * [JRuby] Stability and speed improvements to `Node`, `Sax::PushParser`, and the JRuby implementation [#1708, #1710, #1501] * Thu Feb 08 2018 cooloAATTsuse.com- updated to version 1.8.2 see installed CHANGELOG.md [#] 1.8.2 / 2018-01-29 [#]# Security Notes [MRI] The update of vendored libxml2 from 2.9.5 to 2.9.7 addresses at least one published vulnerability, CVE-2017-15412. [#1714 has complete details] [#]# Dependencies * [MRI] libxml2 is updated from 2.9.5 to 2.9.7 * [MRI] libxml2 is updated from 1.1.30 to 1.1.32 [#]# Features * [MRI] OpenBSD installation should be a bit easier now. [#1685] (Thanks, AATTjeremyevans!) * [MRI] Cross-built Windows gems now support Ruby 2.5 [#]# Bug fixes * Node#serialize once again returns UTF-8-encoded strings. [#1659] * [JRuby] made SAX parsing of characters consistent with C implementation [#1676] (Thanks, AATTandrew-aladev!) * [MRI] Predefined entities, when inspected, no longer cause a segfault. [#1238] * Wed Sep 20 2017 bgeukenAATTsuse.com- Updated to version 1.8.1 From the upstream changelog: Dependencies [MRI] libxml2 is updated from 2.9.4 to 2.9.5. [MRI] libxslt is updated from 1.1.29 to 1.1.30. [MRI] optional dependency on the pkg-config gem has had its constraint loosened to ~> 1.1 (from ~> 1.1.7). [#1660] [MRI] Upgrade mini_portile2 dependency from ~> 2.2.0 to ~> 2.3.0, which will validate checksums on the vendored libxml2 and libxslt tarballs before using them. Bugs NodeSet#first with an integer argument longer than the length of the NodeSet now correctly clamps the length of the returned NodeSet to the original length. [#1650] (Thanks, AATTDerenge!) [MRI] Ensure CData.new raises TypeError if the content argument is not implicitly convertible into a string. [#1669] * Mon Sep 18 2017 mrueckertAATTsuse.de- make gem2rpm.yaml match the gemspec with regards to BR: mini_portile2 * Tue Jun 06 2017 cooloAATTsuse.com- updated to version 1.8.0 see installed CHANGELOG.md [#] 1.8.0 / 2017-06-04 [#]# Backwards incompatibilities This release ends support for Ruby 2.1 on Windows in the `x86-mingw32` and `x64-mingw32` platform gems (containing pre-compiled DLLs). Official support ended for Ruby 2.1 on 2017-04-01. Please note that this deprecation note only applies to the precompiled Windows gems. Ruby 2.1 continues to be supported (for now) in the default gem when compiled on installation. [#]# Dependencies * [Windows] Upgrade iconv from 1.14 to 1.15 (unless --use-system-libraries) * [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries) * [MRI] Upgrade rake-compiler dependency from 0.9.2 to 1.0.3 * [MRI] Upgrade mini-portile2 dependency from `~> 2.1.0` to `~> 2.2.0` [#]# Compatibility notes * [JRuby] Removed support for `jruby --1.8` code paths. [#1607] (Thanks, AATTkares!) * [MRI Windows] Retrieve zlib source from http://zlib.net/fossils to avoid deprecation issues going forward. See #1632 for details around this problem. [#]# Features * NodeSet#clone is not an alias for NodeSet#dup [#1503] (Thanks, AATTstephankaag!) * Allow Processing Instructions and Comments as children of a document root. [#1033] (Thanks, AATTwindwiny!) * [MRI] PushParser#replace_entities and #replace_entities= will control whether entities are replaced or not. [#1017] (Thanks, AATTspraints!) * [MRI] SyntaxError#to_s now includes line number, column number, and log level if made available by the parser. [#1304, #1637] (Thanks, AATTspk and AATTccarruitero!) * [MRI] Cross-built Windows gems now support Ruby 2.4 * [MRI] Support for frozen string literals. [#1413] * [MRI] Support for installing Nokogiri on a machine in FIPS-enabled mode [#1544] * [MRI] Vendored libraries are verified with SHA-256 hashes (formerly some MD5 hashes were used) [#1544] * [JRuby] (performance) remove unnecessary synchronization of class-cache [#1563] (Thanks, AATTkares!) * [JRuby] (performance) remove unnecessary cloning of objects in XPath searches [#1563] (Thanks, AATTkares!) * [JRuby] (performance) more performance improvements, particularly in XPath, Reader, XmlNode, and XmlNodeSet [#1597] (Thanks, AATTkares!) [#]# Bugs * HTML::SAX::Parser#parse_io now correctly parses HTML and not XML [#1577] (Thanks for the test case, AATTgregors!) * Support installation on systems with a `lib64` site config. [#1562] * [MRI] on OpenBSD, do not require gcc if using system libraries [#1515] (Thanks, AATTjeremyevans!) * [MRI] XML::Attr.new checks type of Document arg to prevent segfaults. [#1477] * [MRI] Prefer xmlCharStrdup (and friends) to strdup (and friends), which can cause problems on some platforms. [#1517] (Thanks, AATTjeremy!) * [JRuby] correctly append a text node before another text node [#1318] (Thanks, AATTjkraemer!) * [JRuby] custom xpath functions returning an integer now work correctly [#1595] (Thanks, AATTkares!) * [JRuby] serializing (`#to_html`, `#to_s`, et al) a document with explicit encoding now works correctly. [#1281, #1440] (Thanks, AATTkares!) * [JRuby] XML::Reader now returns parse errors [#1586] (Thanks, AATTkares!) * [JRuby] Empty NodeSets are now decorated properly. [#1319] (Thanks, AATTkares!) * [JRuby] Merged nodes no longer results in Java exceptions during XPath queries. [#1320] (Thanks, AATTkares!) * Tue May 23 2017 cooloAATTsuse.com- updated to version 1.7.2 see installed CHANGELOG.md [#] 1.7.2 / 2017-05-09 [#]# Security Notes [MRI] Upstream libxslt patches are applied to the vendored libxslt 1.1.29 which address CVE-2017-5029 and CVE-2016-4738. For more information: * https://github.com/sparklemotion/nokogiri/issues/1634 * http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5029.html * http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4738.html * Mon Mar 20 2017 cooloAATTsuse.com- updated to version 1.7.1 see installed CHANGELOG.md [#] 1.7.1 / unreleased [#]# Security Notes [MRI] Upstream libxml2 patches are applied to the vendored libxml 2.9.4 which address CVE-2016-4658 and CVE-2016-5131. For more information: * https://github.com/sparklemotion/nokogiri/issues/1615 * http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html * http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html [#]# Dependencies * [Windows] Upgrade zlib from 1.2.8 to 1.2.11 (unless --use-system-libraries) * Sat Jan 14 2017 cooloAATTsuse.com- updated to version 1.7.0.1 see installed CHANGELOG.md [#] 1.7.0.1 / 2017-01-04 [#]# Bugs * Fix OpenBSD support. (#1569) (related to #1543) * Tue Dec 27 2016 cooloAATTsuse.com- updated to version 1.7.0 CHANGELOG.rdoc removed upstream * Tue Oct 04 2016 cooloAATTsuse.com- updated to version 1.6.8.1 see installed CHANGELOG.rdoc * Tue Jun 07 2016 cooloAATTsuse.com- updated to version 1.6.8 ==== Features Several changes were made to improve performance: * [MRI] Simplify NodeSet#to_a with a minor speed-up. (#1397) * XML::Node#ancestors optimization. (#1297) (Thanks, Bruno Sutic!) * Use Symbol#to_proc where we weren\'t previously. (#1296) (Thanks, Bruno Sutic!) * XML::DTD#each uses implicit block calls. (Thanks, AATTglaucocustodio!) * Fall back to the `pkg-config` gem if we\'re having trouble finding the system libxml2. This should help many FreeBSD users. (#1417) * Set document encoding appropriately even on blank document. (#1043) (Thanks, AATTbatter!) ==== Bug Fixes * [JRuby] fix slow add_child (#692) * [JRuby] fix load errors when deploying to JRuby/Torquebox (#1114) (Thanks, AATTatambo and AATTjvshahid!) * [JRuby] fix NPE when inspecting nodes returned by NodeSet#drop (#1042) (Thanks, AATTmkristian!) * [JRuby] fix nil attriubte node\'s namespace in reader (#1327) (Thanks, AATTcodekitchen!) * [JRuby] fix Nokogiri munging unicode characters that require more than 2 bytes (#1113) (Thanks, AATTmkristian!) * [JRuby] allow unlinking an unparented node (#1112, #1152) (Thanks, AATTesse!) * [JRuby] allow Fragment parsing on a frozen string (#444, #1077) * [JRuby] HTML `style` tags are no longer encoded (#1316) (Thanks, AATTtbeauvais!) * [MRI] fix assertion failure while accessing attribute node\'s namespace in reader (#843) (Thanks, AATT2potatocakes!) * [MRI] fix issue with GCing namespace nodes returned in an xpath query. (#1155) * [MRI] Ensure C strings are null-terminated. (#1381) * [MRI] Ensure Rubygems is loaded before using mini_portile2 at installation. (#1393, #1411) (Thanks, AATTJonRowe!) * [MRI] Handling another edge case where the `libxml-ruby` gem\'s global callbacks were smashing the heap. (#1426). (Thanks to AATTbbergstrom for providing an isolated test case!) * [MRI] Ensure encodings are passed to Sax::Parser xmldecl callback. (#844) * [MRI] Ensure default ns prefix is applied correctly when reparenting nodes to another document. (#391) (Thanks, AATTylecuyer!) * [MRI] Ensure Reader handles non-existent attributes as expected. (#1254) (Thanks, AATTccutrer!) * [MRI] Cleanup around namespace handling when reparenting nodes. (#1332, #1333, #1444) (Thanks, AATTcuttrer and AATTbradleybeddoes!) * unescape special characters in CSS queries (#1303) (Thanks, AATTtwalpole!) * consistently handle empty documents (#1349) * Update to mini_portile2 2.1.0 to address whitespace-handling during patching. (#1402) * Fix encoding of xml node namespaces. * Work around issue installing Nokogiri on overlayfs (commonly used in Docker containers). (#1370, #1405) ==== Other Notes * Removed legacy code remaining from Ruby 1.8.x support. * Removed legacy code remaining from REE support. * Removing hacky workarounds for bugs in some older versions of libxml2. * Handling C strings in a forward-compatible manner, see https://github.com/ruby/ruby/blob/v2_2_0/NEWS#L319- remove nokogiri-1.6.7.2_mini_portile2_version.diff as upstreamed * Wed Mar 23 2016 olafAATTaepfle.de- Force fixed timestamps for patched gems (bsc#916047) * Tue Jan 26 2016 mrueckertAATTsuse.de- lockdown mini_portile2 to 2.0 * Mon Jan 25 2016 mrueckertAATTsuse.de- update to version 1.6.7.2 This version pulls in several upstream patches to the vendored libxml2 and libxslt to address: CVE-2015-7499 Ubuntu classifies this as \"Priority: Low\", RedHat classifies this as \"Impact: Moderate\", and NIST classifies this as \"Severity: 5.0 (MEDIUM)\". MITRE record is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499 This is not effecting us as we are using the system copy.- refresh mini_portile patch to apply cleanly again old: nokogiri-1.6.7.diff new: nokogiri-1.6.7.2_mini_portile2_version.diff * Thu Jan 21 2016 mrueckertAATTsuse.de- fix buildrequires for mini_portile * Thu Dec 17 2015 cooloAATTsuse.com- updated to version 1.6.7.1 see installed CHANGELOG.rdoc === 1.6.7.1 / 2015-12-16 This version pulls in several upstream patches to the vendored libxml2 and libxslt to address: CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 See also http://www.ubuntu.com/usn/usn-2834-1/ * Tue Dec 15 2015 cooloAATTsuse.com- add nokogiri-1.6.7.diff to fix the mini_portile2 dependency * Tue Dec 01 2015 cooloAATTsuse.com- updated to version 1.6.7 see installed CHANGELOG.rdoc === 1.6.7 / 2015-11-29 ==== Notes This version supports native builds on Windows using the RubyInstaller DevKit. It also supports Ruby 2.2.x on Windows, as well as making several other improvements to the installation process on various platforms. This version also includes the security patches already applied in v1.6.6.3 and v1.6.6.4 to the vendored libxml2 and libxslt source. See #1374 and #1376 for details. ==== Features * Cross-built gems now have a proper ruby version requirement. (#1266) * Ruby 2.2.x is supported on Windows. * Native build is supported on Windows. * [MRI] libxml2 and libxslt `config.guess` files brought up to date. (#1326) (Thanks, AATThernan-erasmo!) * [JRuby] fix error in validating files with jruby (#1355, #1361) (Thanks, AATTtwalpole!) * [MRI, OSX] Patch to handle nonstandard location of `iconv.h`. (#1206, #1210, #1218, #1345) (Thanks, AATTneonichu!) ==== Bug Fixes * [JRuby] reset the namespace cache when replacing the document\'s innerHtml (#1265) (Thanks, AATTmkristian!) * [JRuby] Document#parse should support IO objects that respond to #read. (#1124) (Thanks, Jake Byman!) * [MRI] Duplicate-id errors when setting the `id` attribute on HTML documents are now silenced. (#1262) * [JRuby] SAX parser cuts texts in peices when quare brackets exist. (#1261) * [JRuby] Namespaced attributes aren\'t removed by remove_attribute. (#1299) * Tue Nov 24 2015 cooloAATTsuse.com- updated to version 1.6.6.4 see installed CHANGELOG.rdoc === 1.6.6.4 / 2015-11-19 This version pulls in an upstream patche to the vendored libxml2 to address: * unclosed comment uninitialized access issue (#1376) This issue does not have a CVE assigned to it as this time. * Tue Nov 17 2015 cooloAATTsuse.com- updated to version 1.6.6.3 see installed CHANGELOG.rdoc === 1.6.6.3 / 2015-11-16 This version pulls in several upstream patches to the vendored libxml2 and libxslt to address: * CVE-2015-1819 * CVE-2015-7941_1 * CVE-2015-7941_2 * CVE-2015-7942 * CVE-2015-7942-2 * CVE-2015-8035 * CVE-2015-7995 See #1374 for details. * Wed Feb 04 2015 hvogelAATTsuse.com- Update to 1.6.6.2 * Fixed installation issue affecting compiler arguments. (#1230) * Unified Node and NodeSet implementations of #search, #xpath and #css. * Added Node#lang and Node#lang=. * bin/nokogiri passes the URI to parse() if an HTTP URL is given. * bin/nokogiri now loads ~/.nokogirirc so user can define helper methods, etc. * bin/nokogiri can be configured to use Pry instead of IRB by adding a couple of lines to ~/.nokogirirc. (#1198) * bin/nokogiri can better handle urls from STDIN (aiding use of xargs). (#1065) * DocumentFragment#search now matches against root nodes. (#1205) * (MRI) More fixes related to handling libxml2 parse errors during DocumentFragment#dup. (#1196) * `XML::Comment.new` argument types are now consistent and safe (and documented) across MRI and JRuby. (#1224) * Check if `zlib` is available before building `libxml2`. (#1188) * Implement Slop#respond_to_missing?. (#1176) * Optimized the XPath query generated by an `an+b` CSS query. * Capture non-parse errors from Document#dup in Document#errors. (#1196) * (MRI) Fix a bug where CFLAGS passed in are dropped. (#1188) * Fix a bug where CSS selector :nth(n) did not work. (#1187) * (MRI) Bundled Libxml2 is upgraded to 2.9.2. * (MRI) `nokogiri --version` will include a list of applied patches. * (MRI) Nokogiri no longer prints messages directly to TTY while building the extension. * (MRI) Improve the iconv detection for building libxml2. * (MRI) Fix DocumentFragment#element_children (#1138). * Fix a bug with CSS attribute selector without any prefix where \"foo [bar]\" was treated as \"foo[bar]\". (#1174) * Wed Oct 15 2014 cooloAATTsuse.com- adapt to new rubygem packaging
|
|
|