diff --git a/CHANGELOG.md b/CHANGELOG.md index 5371d13af24..1e73ed4a5d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,12 +4,20 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA --- -## 1.13.2 / unreleased +## 1.13.2 / 2022-02-21 + +### Security + +* [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses [CVE-2022-23308](https://nvd.nist.gov/vuln/detail/CVE-2022-23308). +* [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses [CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560). + +Please see [GHSA-fq42-c5rg-92c2](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2) for more information about these CVEs. + ### Dependencies -* [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses [CVE-2022-23308](https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12). Full changelog is available at https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news -* [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses [CVE-2021-30560](https://nvd.nist.gov/vuln/detail/CVE-2021-30560). Full changelog is available at https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news +* [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. Full changelog is available at https://download.gnome.org/sources/libxml2/2.9/libxml2-2.9.13.news +* [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. Full changelog is available at https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.news ## 1.13.1 / 2022-01-13 diff --git a/lib/nokogiri/version/constant.rb b/lib/nokogiri/version/constant.rb index de41e6162a2..ab6f8f5d926 100644 --- a/lib/nokogiri/version/constant.rb +++ b/lib/nokogiri/version/constant.rb @@ -2,5 +2,5 @@ module Nokogiri # The version of Nokogiri you are using - VERSION = "1.13.1" + VERSION = "1.13.2" end