1.10.1 / 2019-01-13 Features [MRI] During installation, handle Xcode 10's new library pathOS. [#1801, #1851] (Thanks, @mlj and @deepj!) Avoid unnecessary creation of Procs in many methods. [#1776] (Thanks, @chopraanmol1!) Bug fixes CSS selector :has() now correctly matches against any descendant. Previously this selector matched against only direct children). [#350] (Thanks, @Phrogz!) NodeSet#attr now returns nil if it's empty. Previously this raised a NoMethodError. [MRI] XPath errors are no longer suppressed during XSLT::Stylesheet#transform. Previously these errors were suppressed which led to silent failures and a subsequent segfault. [#1802] 1.10.0 / 2019-01-04 Features [MRI] Cross-built Windows gems now support Ruby 2.6 [#1842, #1850] Backwards incompatibilities This release ends support for: Ruby 2.2, for which official support ended on 2018-03-31 [#1841] JRuby 1.7, for which official support ended on 2017-11-21 [#1741] Dependencies [MRI] libxml2 is updated from 2.9.8 to 2.9.9 [MRI] libxslt is updated from 1.1.32 to 1.1.33
1.10.3 / 2019-04-22 Security Notes [MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.
(In reply to Jeroen Roovers from comment #1) > 1.10.3 / 2019-04-22 > Security Notes > [MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. > Full details are available in #1892. Note that this patch is not yet (as of > 2019-04-22) in an upstream release of libxslt. We use unbundled libxml2 and libxslt in Gentoo. I have filed a bug for libxslt.
graaff: dev-libs/libxslt-1.1.33-r1 now in the tree with the vuln fixed.
dev-ruby/nokogiri-1.10.3 has been added.