https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292017-06-18T04:00:15ZRedmineRedmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=792662017-06-18T04:00:15ZGo MAEDA
<ul><li><strong>Target version</strong> set to <i>3.2.7</i></li></ul> Redmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=793012017-06-19T06:22:59ZToshi MARUYAMA
<ul><li><strong>Project</strong> changed from <i>2</i> to <i>Redmine</i></li><li><strong>Subject</strong> changed from <i>Use Nokogiri 1.7.2 if possible</i> to <i>Nokogiri 1.7.2</i></li><li><strong>Category</strong> set to <i>Security</i></li></ul> Redmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=793022017-06-19T06:23:44ZToshi MARUYAMA
<ul></ul><p>Backport USN-3235-1 to 1.6.8.x stream<br /><a class="external" href="https://github.com/sparklemotion/nokogiri/pull/1640">https://github.com/sparklemotion/nokogiri/pull/1640</a></p> Redmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=793042017-06-19T06:25:33ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/25538">Feature #25538</a>: Drop support for Ruby 2.2.1 and ealier, 2.2.2+ is now required</i> added</li></ul> Redmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=793142017-06-19T11:26:20ZToshi MARUYAMA
<ul></ul><p>Nokogiri team refused to maintain old release for old Ruby.<br /><a class="external" href="https://github.com/sparklemotion/nokogiri/pull/1640#issuecomment-309409944">https://github.com/sparklemotion/nokogiri/pull/1640#issuecomment-309409944</a></p> Redmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=793172017-06-19T13:01:18ZHolger Just
<ul></ul><p>In that case, there is not much we can do, besides advising people that it might be a good idea to use a more modern Ruby. People who still require the use of older Rubies (e.g. because they can't or are not allowed to install newer versions) have to deal with the security implications this might bring. They can still use nokogiri 1.6.8 securely if they use a (patched) libxml version from their OS.</p>
<p>As for removing the support for older ruby versions: my comments in <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: Drop support for Ruby 2.2.1 and ealier, 2.2.2+ is now required (Closed)" href="https://www.redmine.org/issues/25538">#25538</a> still stand.</p> Redmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=794392017-06-25T08:37:56ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Subject</strong> changed from <i>Nokogiri 1.7.2</i> to <i>Use Nokogiri 1.7.2</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul> Redmine - Defect #26183: Use Nokogiri 1.7.2https://www.redmine.org/issues/26183?journal_id=822642017-11-25T19:43:19ZToshi MARUYAMA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/27505">Defect #27505</a>: Cannot install nokogiri 1.7 on Windows Ruby 2.4</i> added</li></ul>