GMS-2022-5550: Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Please note that this advisory only applies to the CRuby implementation of Nokogiri < 1.13.9, and only if the packaged libraries are being used. If you’ve overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro’s libxml2 release announcements.
References
Detect and mitigate GMS-2022-5550 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →