Skip to content

[Security] Require nokogiri 1.12.5 or greater#795

Merged
YiMysty merged 1 commit intogithub:masterfrom
jmaitrehenry:patch-1
Oct 13, 2021
Merged

[Security] Require nokogiri 1.12.5 or greater#795
YiMysty merged 1 commit intogithub:masterfrom
jmaitrehenry:patch-1

Conversation

@jmaitrehenry
Copy link
Copy Markdown
Contributor

@jmaitrehenry jmaitrehenry commented Oct 12, 2021
edited
Loading

Address CVE-2021-41098
GHSA-2rr5-8q37-2w7h

In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default.

Fix #796

@YiMysty YiMysty merged commit c00b72d into github:master Oct 13, 2021
@jmaitrehenry jmaitrehenry deleted the patch-1 branch October 14, 2021 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@parkr parkr parkr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Upgrade nokogiri to version 1.12.5 or later

3 participants

@jmaitrehenry @parkr @YiMysty