version bump to v1.13.6

sparklemotion · May 8, 2022 · b7817b6 · b7817b6
1 parent 61b1a39
commit b7817b6
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,18 @@ Nokogiri follows [Semantic Versioning](https://semver.org/), please see the [REA
 
 ---
 
+## 1.13.6 / 2022-05-08
+
+### Security
+
+* [CRuby] Address [CVE-2022-29181](https://nvd.nist.gov/vuln/detail/CVE-2022-29181), improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See [GHSA-xh29-r2w5-wx8m](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m) for more information.
+
+
+### Improvements
+
+* `{HTML4,XML}::SAX::{Parser,ParserContext}` constructor methods now raise `TypeError` instead of segfaulting when an incorrect type is passed.
+
+
 ## 1.13.5 / 2022-05-04
 
 ### Security

diff --git a/lib/nokogiri/version/constant.rb b/lib/nokogiri/version/constant.rb
@@ -2,5 +2,5 @@
 
 module Nokogiri
   # The version of Nokogiri you are using
-  VERSION = "1.13.5"
+  VERSION = "1.13.6"
 end