1.14.4 / 2023-05-11 #2876
flavorjones
announced in
Releases
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
1.14.4 / 2023-05-11
Dependencies
[JRuby] Vendored Xalan-J is updated to v2.7.3. This is the first Xalan release in nine years, and it was done to address CVE-2022-34169.
The Nokogiri maintainers wish to stress that Nokogiri users were not vulnerable to this CVE, as we explained in GHSA-qwq9-89rg-ww72, and so upgrading is really at the discretion of users.
This release was cut primarily so that JRuby users of v1.14.x can avoid vulnerability scanner alerts on earlier versions of Xalan-J.
sha256 checksums:
This discussion was created from the release 1.14.4 / 2023-05-11.
Beta Was this translation helpful? Give feedback.
All reactions