CVE bugs found in libxml2 for nokogiri, rexml, kramdown

fastai / fastpages

An easy to use blogging platform, with enhanced support for Jupyter Notebooks.

https://fastpages.fast.ai/

Apache License 2.0

3.53k stars 756 forks source link

CVE bugs found in libxml2 for nokogiri, rexml, kramdown #539

Closed byteshiva closed 3 years ago

byteshiva commented 3 years ago

Bump nokogiri from 1.11.1 to 1.11.5 More details available at:
- https://github.com/byteshiva/blog/pull/116
Bump rexml from 3.2.4 to 3.2.5 Details available at:
- https://github.com/byteshiva/blog/pull/112
Bump kramdown from 2.3.0 to 2.3.1 Details at
- https://github.com/byteshiva/blog/pull/107

github-actions[bot] commented 3 years ago

Thank you for opening an issue. If this issue is related to a bug, please follow the steps and provide the information outlined in the Troubleshooting Guide. Failure to follow these instructions may result in automatic closing of this issue.

byteshiva commented 3 years ago

Closing since there is PR against the issues mentioned above

puja108 commented 3 years ago

The rexml PR got closed after having been approved without merging or comment (https://github.com/fastai/fastpages/pull/518) and the nokogiri one is still open (https://github.com/fastai/fastpages/pull/538).

Is there a plan to fix this or does closing this issue (and at least now one of the PRs) mean "this is not gonna be fixed"?

byteshiva commented 3 years ago

The rexml PR got closed after having been approved without merging or comment (#518) and the nokogiri one is still open (#538).

Is there a plan to fix this or does closing this issue (and at least now one of the PRs) mean "this is not gonna be fixed"?

@puja108 - I've opened a new PR(https://github.com/fastai/fastpages/pull/545) to bump rexml to 3.2.5