GMS-2022-5550: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs

October 18, 2022

Please note that this advisory only applies to the CRuby implementation of Nokogiri < 1.13.9, and only if the packaged libraries are being used. If you’ve overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro’s libxml2 release announcements.

References

github.com/advisories/GHSA-2qc6-mcvw-92cw
github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Detect and mitigate GMS-2022-5550 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →