diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e2039f600..a07c8fb075 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Nothing should go in this section, please add to the latest unreleased version (and update the corresponding date), or add a new version. +## [1.17.7] - 2022-05-19 + +### Security +- Update nokogiri to 1.13.6 to resolve un-numbered libxml CVEs (both in main + Gemfile.lock and in docs/Gemfile.lock) + [cyberark/conjur#2558](https://github.com/cyberark/conjur/pull/2558) + ## [1.17.6] - 2022-04-07 ### Changed diff --git a/Gemfile.lock b/Gemfile.lock index f6a8a3303d..f7dbaf0b81 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -270,9 +270,9 @@ GEM net-ssh (6.1.0) netrc (0.11.0) nio4r (2.5.8) - nokogiri (1.13.4-x86_64-darwin) + nokogiri (1.13.6-x86_64-darwin) racc (~> 1.4) - nokogiri (1.13.4-x86_64-linux) + nokogiri (1.13.6-x86_64-linux) racc (~> 1.4) openid_connect (1.3.0) activemodel diff --git a/NOTICES.txt b/NOTICES.txt index ef8f175dea..20f96d09f1 100644 --- a/NOTICES.txt +++ b/NOTICES.txt @@ -42,7 +42,7 @@ Section 4: MIT >>> https://rubygems.org/gems/listen/versions/3.7.0 >>> https://rubygems.org/gems/loofah/versions/2.13.0 >>> https://rubygems.org/gems/net-ldap/versions/0.17.0 ->>> https://rubygems.org/gems/nokogiri/versions/1.13.4 +>>> https://rubygems.org/gems/nokogiri/versions/1.13.6 >>> https://rubygems.org/gems/openid_connect/versions/1.3.0 >>> https://rubygems.org/gems/rack-rewrite/versions/1.5.1 >>> https://rubygems.org/gems/rails/versions/6.1.5.1 @@ -680,7 +680,7 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ->>> https://rubygems.org/gems/nokogiri/versions/1.13.4 +>>> https://rubygems.org/gems/nokogiri/versions/1.13.6 Copyright 2008 -- 2018 by Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada, Akinori MUSHA, John Shahid, Lars Kanis diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index 6046e5dd35..e3781c2fcc 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -234,7 +234,7 @@ GEM jekyll-seo-tag (~> 2.1) minitest (5.15.0) multipart-post (2.1.1) - nokogiri (1.13.4) + nokogiri (1.13.6) mini_portile2 (~> 2.8.0) racc (~> 1.4) octokit (4.22.0)