Skip to content

Commit

Permalink
dep: update packaged libxml2 to v2.12.9
Browse files Browse the repository at this point in the history
Addresses CVE-2024-40896 which Nokogiri maintainers believe does not
affect Nokogiri users.
  • Loading branch information
flavorjones committed Jul 27, 2024
1 parent fb833ea commit ca92e48
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA

---

## v1.16.next / unreleased

## Dependencies

* [CRuby] Vendored libxml2 is updated to [v2.12.9](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.9), which the upstream release notes state is a security release to address CVE-2024-40896. Nokogiri's maintainers believe this vulnerability does not affect users of Nokogiri, but we advise upgrading at your earliest convenience anyway.


## v1.16.6 / 2024-06-13

## Dependencies
Expand Down
6 changes: 3 additions & 3 deletions dependencies.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
libxml2:
version: "2.12.8"
sha256: "43ad877b018bc63deb2468d71f95219c2fac196876ef36d1bee51d226173ec93"
# sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.8.sha256sum
version: "2.12.9"
sha256: "59912db536ab56a3996489ea0299768c7bcffe57169f0235e7f962a91f483590"
# sha-256 hash provided in https://download.gnome.org/sources/libxml2/2.12/libxml2-2.12.9.sha256sum

libxslt:
version: "1.1.39"
Expand Down

0 comments on commit ca92e48

Please sign in to comment.