Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: sparklemotion/nokogiri
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.18.8
Choose a base ref
...
head repository: sparklemotion/nokogiri
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.18.9
Choose a head ref
  • 3 commits
  • 6 files changed
  • 1 contributor

Commits on Jul 20, 2025

  1. Apply upstream patches to address multiple vulnerabilities 

    - CVE-2025-6021 - 17d950ae "tree: Fix integer overflow in xmlBuildQName"
- CVE-2025-6170 - 5e9ec5c1 "Fix potential buffer overflows of interactive shell"
- CVE-2025-49794 - 81cef8c5 "schematron: Fix xmlSchematronReportOutput"
- CVE-2025-49795 - 62048278 "schematron: Fix null pointer dereference leading to DoS"
- CVE-2025-49796 - 81cef8c5 "schematron: Fix xmlSchematronReportOutput"
    @flavorjones
    flavorjones committed Jul 20, 2025
    Configuration menu
    Copy the full SHA
    947a55e View commit details
    Browse the repository at this point in the history

Commits on Jul 21, 2025

  1. Apply upstream patches to address multiple vulnerabilities (#3526) 

    **What problem is this PR intended to solve?**

Address multiple vulnerabilities that are patched in libxml 2.14.4 and
2.14.5 but do not appear in an official 2.13.x release.

- CVE-2025-6021 - 17d950ae "tree: Fix integer overflow in xmlBuildQName"
- CVE-2025-6170 - 5e9ec5c1 "Fix potential buffer overflows of
interactive shell"
- CVE-2025-49794 - 81cef8c5 "schematron: Fix xmlSchematronReportOutput"
- CVE-2025-49795 - 62048278 "schematron: Fix null pointer dereference
leading to DoS"
- CVE-2025-49796 - 81cef8c5 "schematron: Fix xmlSchematronReportOutput"

See related GHSA-353f-x4gh-cqq8 which will be published when these
patches appear in a release.
    @flavorjones
    flavorjones authored Jul 21, 2025
    Configuration menu
    Copy the full SHA
    a05d2b4 View commit details
    Browse the repository at this point in the history

  2. version bump to v1.18.9

    @flavorjones
    flavorjones committed Jul 21, 2025
    Configuration menu
    Copy the full SHA
    1dcd8ce View commit details
    Browse the repository at this point in the history
Loading
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy