Sourced from aws-sdk-s3's changelog.

1.208.0 (2025-12-16)

• Feature - Updates to the S3 Encryption Client. The V3 S3 Encryption Client now requires key committing algorithm suites by default.

1.207.0 (2025-12-15)

• Feature - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.

1.206.0 (2025-12-02)

• Feature - New S3 Storage Class FSX_ONTAP

1.205.0 (2025-11-20)

• Feature - Enable / Disable ABAC on a general purpose bucket.

1.204.0 (2025-11-19)

• Feature - Adds support for blocking SSE-C writes to general purpose buckets.

1.203.1 (2025-11-10)

• Issue - Deprecated :checksum_mode parameter in FileDownloader#download. When set to "DISABLED", a deprecation warning is issued and the parameter is ignored. Use :response_checksum_validation on the S3 client instead to control checksum validation behavior.

1.203.0 (2025-11-05)

• Feature - Launch IPv6 dual-stack support for S3 Express

1.202.0 (2025-10-28)

• Feature - Amazon Simple Storage Service / Features: Add conditional writes in CopyObject on destination key to prevent unintended object modifications.

1.201.0 (2025-10-21)

• Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's CHANGELOG.md for details.

• Issue - Fix multipart upload to respect request_checksum_calculation when_required mode.

1.200.0 (2025-10-15)

... (truncated)

• See full diff in compare view

Sourced from actionmailer's releases.

7.2.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Avoid regex backtracking in HTTP Token authentication

  [CVE-2024-47887]

• Avoid regex backtracking in query parameter filtering

  [CVE-2024-41128]

Active Job

• No changes.

Action Mailer

• Avoid regex backtracking in block_format helper

  [CVE-2024-47889]

Action Cable

• No changes.

Active Storage

• No changes.

... (truncated)

• a1f6a13 Preparing for 7.2.1.1 release
• de33c73 Update CHANGELOGs
• be898cc Avoid backtracking in ActionMailer block_format
• d7ab27b Merge pull request #52962 from rails/rm-releser
• See full diff in compare view

Sourced from actionpack's releases.

7.2.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Avoid regex backtracking in HTTP Token authentication

  [CVE-2024-47887]

• Avoid regex backtracking in query parameter filtering

  [CVE-2024-41128]

Active Job

• No changes.

Action Mailer

• Avoid regex backtracking in block_format helper

  [CVE-2024-47889]

Action Cable

• No changes.

Active Storage

• No changes.

... (truncated)

• a1f6a13 Preparing for 7.2.1.1 release
• de33c73 Update CHANGELOGs
• 27121e8 Avoid backtracking in filtered_query_string
• f4dc83d Avoid backtracking in Token#raw_params
• d7ab27b Merge pull request #52962 from rails/rm-releser
• See full diff in compare view

Sourced from actiontext's releases.

7.2.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Avoid regex backtracking in HTTP Token authentication

  [CVE-2024-47887]

• Avoid regex backtracking in query parameter filtering

  [CVE-2024-41128]

Active Job

• No changes.

Action Mailer

• Avoid regex backtracking in block_format helper

  [CVE-2024-47889]

Action Cable

• No changes.

Active Storage

• No changes.

... (truncated)

• a1f6a13 Preparing for 7.2.1.1 release
• de33c73 Update CHANGELOGs
• ba286c0 Avoid backtracing in plain_text_for_blockquote_node
• d7ab27b Merge pull request #52962 from rails/rm-releser
• See full diff in compare view

Sourced from activerecord's releases.

7.2.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Avoid regex backtracking in HTTP Token authentication

  [CVE-2024-47887]

• Avoid regex backtracking in query parameter filtering

  [CVE-2024-41128]

Active Job

• No changes.

Action Mailer

• Avoid regex backtracking in block_format helper

  [CVE-2024-47889]

Action Cable

• No changes.

Active Storage

• No changes.

... (truncated)

• a1f6a13 Preparing for 7.2.1.1 release
• d7ab27b Merge pull request #52962 from rails/rm-releser
• See full diff in compare view

Sourced from activestorage's releases.

7.2.1.1

Active Support

• No changes.

Active Model

• No changes.

Active Record

• No changes.

Action View

• No changes.

Action Pack

• Avoid regex backtracking in HTTP Token authentication

  [CVE-2024-47887]

• Avoid regex backtracking in query parameter filtering

  [CVE-2024-41128]

Active Job

• No changes.

Action Mailer

• Avoid regex backtracking in block_format helper

  [CVE-2024-47889]

Action Cable

• No changes.

Active Storage

• No changes.

... (truncated)

• a1f6a13 Preparing for 7.2.1.1 release
• d7ab27b Merge pull request #52962 from rails/rm-releser
• See full diff in compare view

Sourced from net-imap's releases.

v0.6.3

What's Changed

Added

• 🥅 Add parser state and #detailed_message to ResponseParseError by @​nevans in ruby/net-imap#599
  • 🥅💄 Support (monochrome) highlights in parse error details by @​nevans in ruby/net-imap#603
  • 🥅💄 Auto-highlight parse error detailed_message using TERM and FORCE_COLOR by @​nevans in ruby/net-imap#607
  • 🥅💄 Add color highlights to parse error details (default honors NO_COLOR) by @​nevans in ruby/net-imap#609
• 🔧 Add Config#overrides? (opposite of #inherited?) by @​nevans in ruby/net-imap#610
• 🔧 Add recursive Config#inherits_defaults? by @​nevans in ruby/net-imap#611

Fixed

• 🐛 Parse resp-text with invalid resp-text-code by @​nevans in ruby/net-imap#601
• 🐛 Config.version_defaults should be read only by @​nevans in ruby/net-imap#594

Other Changes

• 🥅 Only print parser debug for unhandled errors by @​nevans in ruby/net-imap#600
• ♻️ Don't hardcode parser deprecation warning uplevel by @​nevans in ruby/net-imap#602
• ♻️ Simplify Config::AttrAccessors a little by @​nevans in ruby/net-imap#606
• ♻️ Set Config[:default] as alias of Config[VERSION] by @​nevans in ruby/net-imap#608

Fixes for unreleased code:

• 🐛 Return ResponseText from resp-text fallback by @​nevans in ruby/net-imap#605
• 🐛 Fix parse error parser_backtrace (for ruby <= 3.3) by @​nevans in ruby/net-imap#604

Miscellaneous

• Delete test/net/imap/test_data_lite.rb by @​nobu in ruby/net-imap#593
• ⬆️ Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @​dependabot[bot] in ruby/net-imap#596
• Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @​dependabot[bot] in ruby/net-imap#598

Full Changelog: ruby/net-imap@v0.6.2...v0.6.3

v0.6.2

What's Changed

Fixed

• 🐛 Fix SequenceSet#delete?(num..num) to return set by @​nevans in ruby/net-imap#583
• 🐛 Fix #responses() freezing internal arrays by @​nevans in ruby/net-imap#587, reported by @​yurikoval in ruby/net-imap#581

Full Changelog: ruby/net-imap@v0.6.1...v0.6.2

v0.6.1

What's Changed

Fixed

• 🐛 Fix SequenceSet#max(n) when cardinality < n <= size by @​nevans in ruby/net-imap#580

... (truncated)

• 8c2fb18 🔖 Bump version to 0.6.3
• 853fd13 🔧 Add recursive Config#inherits_defaults?
• 094d616 🔀 Merge pull request #609 from ruby/response_parse_error-detailed_message-col...
• 8ed8949 🥅💄 Add more highlight types to parse error details
• 2288106 🥅💄♻️ Reset highlight with "closing tags"
• c4041d3 🥅💄 Add color highlights to parse error details
• 8ab4cdf ♻️ Set Config[:default] as alias of Config[VERSION]
• 59e49bb 🔧 Add Config#overrides? (opposite of #inherited?)
• 573a591 🥅💄 Auto-highlight parse error based on env vars
• d6809ff 🥅💄 Support highlights in parse error details
• Additional commits viewable in compare view

Sourced from nokogiri's releases.

v1.19.1 / 2026-02-16

Security

• [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

cfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32  nokogiri-1.19.1-aarch64-linux-gnu.gem
1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5  nokogiri-1.19.1-aarch64-linux-musl.gem
0a39ed59abe3bf279fab9dd4c6db6fe8af01af0608f6e1f08b8ffa4e5d407fa3  nokogiri-1.19.1-arm-linux-gnu.gem
3a18e559ee499b064aac6562d98daab3d39ba6cbb4074a1542781b2f556db47d  nokogiri-1.19.1-arm-linux-musl.gem
dfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e  nokogiri-1.19.1-arm64-darwin.gem
1e0bda88b1c6409f0edb9e0c25f1bf9ff4fa94c3958f492a10fcf50dda594365  nokogiri-1.19.1-java.gem
110d92ae57694ae7866670d298a5d04cd150fae5a6a7849957d66f171e6aec9b  nokogiri-1.19.1-x64-mingw-ucrt.gem
7093896778cc03efb74b85f915a775862730e887f2e58d6921e3fa3d981e68bf  nokogiri-1.19.1-x86_64-darwin.gem
1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a  nokogiri-1.19.1-x86_64-linux-gnu.gem
4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23  nokogiri-1.19.1-x86_64-linux-musl.gem
598b327f36df0b172abd57b68b18979a6e14219353bca87180c31a51a00d5ad3  nokogiri-1.19.1.gem

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

11a97ecc3c0e7e5edcf395720b10860ef493b768f6aa80c539573530bc933767  nokogiri-1.19.0-aarch64-linux-gnu.gem
eb70507f5e01bc23dad9b8dbec2b36ad0e61d227b42d292835020ff754fb7ba9  nokogiri-1.19.0-aarch64-linux-musl.gem
572a259026b2c8b7c161fdb6469fa2d0edd2b61cd599db4bbda93289abefbfe5  nokogiri-1.19.0-arm-linux-gnu.gem
23ed90922f1a38aed555d3de4d058e90850c731c5b756d191b3dc8055948e73c  nokogiri-1.19.0-arm-linux-musl.gem
0811dfd936d5f6dd3f6d32ef790568bf29b2b7bead9ba68866847b33c9cf5810  nokogiri-1.19.0-arm64-darwin.gem
5f3a70e252be641d8a4099f7fb4cc25c81c632cb594eec9b4b8f2ca8be4374f3  nokogiri-1.19.0-java.gem
05d7ed2d95731edc9bef2811522dc396df3e476ef0d9c76793a9fca81cab056b  nokogiri-1.19.0-x64-mingw-ucrt.gem
1dad56220b603a8edb9750cd95798bffa2b8dd9dd9aa47f664009ee5b43e3067  nokogiri-1.19.0-x86_64-darwin.gem
f482b95c713d60031d48c44ce14562f8d2ce31e3a9e8dd0ccb131e9e5a68b58c  nokogiri-1.19.0-x86_64-linux-gnu.gem
1c4ca6b381622420073ce6043443af1d321e8ed93cc18b08e2666e5bd02ffae4  nokogiri-1.19.0-x86_64-linux-musl.gem
e304d21865f62518e04f2bf59f93bd3a97ca7b07e7f03952946d8e1c05f45695  nokogiri-1.19.0.gem

... (truncated)

Sourced from nokogiri's changelog.

v1.19.1 / 2026-02-16

Security

• [CRuby] Address unchecked return value from xmlC14NExecute which was a contributing cause to ruby-saml GHSA-x4h9-gwv3-r4m4. See GHSA-wx95-c6cv-8532 for more information.

v1.19.0 / 2025-12-28

Ruby

This release is focused on changes to Ruby version support, and is otherwise functionally identical to v1.18.10.

• Introduce native gem support for Ruby 4.0. #3590
• End support for Ruby 3.1, for which upstream support ended 2025-03-26.
• End support for JRuby 9.4 (which targets Ruby 3.1 compatibility).

v1.18.10 / 2025-09-15

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.9. Note that the security fixes published in v2.13.9 were already present in Nokogiri v1.18.9.
• [CRuby] [Windows and MacOS] Vendored libiconv is updated to v1.18

v1.18.9 / 2025-07-20

Security

• [CRuby] Applied upstream libxml2 patches to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796. See GHSA-353f-x4gh-cqq8 for more information.

v1.18.8 / 2025-04-21

Security

• [CRuby] Vendored libxml2 is updated to v2.13.8 to address CVE-2025-32414 and CVE-2025-32415. See GHSA-5w6v-399v-w3cc for more information.

v1.18.7 / 2025-03-31

Dependencies

• [CRuby] Vendored libxml2 is updated to v2.13.7, which is a bugfix release.

v1.18.6 / 2025-03-24

Fixed

... (truncated)

• d913045 version bump to v1.19.1
• b81cb98 doc: update CHANGELOG for upcoming v1.19.1
• 8e66809 C14n raise on failure (#3600)
• 5b77f3d Raise RuntimeError when canonicalization fails
• edc5595 Thank sponsors in the README
• d4dc245 dep: update rdoc to v7
• d77bfb6 version bump to v1.19.0
• 1eb5c2c dev: convert scripts/test-gem-set to use mise
• 88a120f dep: Add native Ruby 4 support, drop Ruby 3.1 support (v1.19.x) (#3592)
• f8c8f74 Skip the parser compression test for Windows system libs
• Additional commits viewable in compare view

Sourced from rack's changelog.

Changelog

All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.

Unreleased

Security

• CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
• CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
• CVE-2026-25500 XSS injection via malicious filename in Rack::Directory.
• CVE-2026-22860 Directory traversal via root prefix bypass in Rack::Directory.

SPEC Changes

• Define rack.response_finished callback arguments more strictly. (#2365, @​skipkayhil)

Added

• Add Rack::Files#assign_headers to allow overriding how the configured file headers are set. (#2377, @​codergeek121)
• Add support for rack.response_finished to Rack::TempfileReaper. (#2363, @​skipkayhil)
• Add support for streaming bodies when using Rack::Events. (#2375, @​unflxw)
• Add deflaters option to Rack::Deflater to enable custom compression algorithms like zstd. (#2168, @​alexanderadam)
• Add Rack::Request#prefetch? for identifying requests with Sec-Purpose: prefetch header set. (#2405, @​glaszig)
• Add rack.request.trusted_proxy environment key to indicate whether the request is coming from a trusted proxy.

Changed

• Raise before exceeding a part limit, not after. (#2362, @​matthew-puku)
• Rack::Deflater now uses a fixed GZip mtime value. (#2372, @​bensheldon)
• Multipart parser drops support for RFC 2231 filename* parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (#2398, @​wtn)
• The query parser now raises Rack::QueryParser::IncompatibleEncodingError if we try to parse params that are not ASCII compatible. (#2416, @​bquorning)

Fixed

• Multipart parser: limit MIME header size check to the unread buffer region to avoid false multipart mime part header too large errors when previously read data accumulates in the scan buffer. (#2392, @​alpaca-tc, @​willnet, @​krororo)
• Fix Rack::MockResponse#body when the body is a Proc. (#2420, #2423, @​tavianator, [@​ioquatix])

[3.2.4] - 2025-11-03

Fixed

• Multipart parser: limit MIME header size check to the unread buffer region to avoid false multipart mime part header too large errors when previously read data accumulates in the scan buffer. (#2392, @​alpaca-tc, @​willnet, @​krororo)

[3.2.3] - 2025-10-10

Security

• CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
• CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.

... (truncated)

• 6504434 Bump patch version.
• 48e9030 Prevent directory traversal via root prefix bypass.
• ed0f455 XSS injection via malicious filename in Rack::Directory.
• b29df31 Bump patch version.
• 72719a8 Allow Multipart head to span read boundary. (#2392)
• 96cf078 Bump patch version.
• cbd541e Unbounded read in Rack::Request form parsing can lead to memory exhaustion.
• 7e69f65 Improper handling of proxy headers in Rack::Sendfile may allow proxy bypass.
• db6bc0f Normalize adivsories links.
• ad81f80 Fix handling of Errno::EPIPE in multipart tests.
• Additional commits viewable in compare view

Sourced from rack-session's releases.

v2.1.1

Full Changelog: rack/rack-session@v2.1.0...v2.1.1

v2.1.0

Full Changelog: rack/rack-session@v2.0.0...v2.1.0

Sourced from rack-session's changelog.

v2.1.1

• Prevent Rack::Session::Pool from recreating deleted sessions CVE-2025-46336.

v2.1.0

• Improved compatibility with Ruby 3.3+ and Rack 3+.
• Add support for cookie option partitioned.
• Introduce assume_ssl option to allow secure session cookies through insecure proxy.

• 96663ec Bump patch version.
• c58ad79 Don't allow session to be recreated accidentally.
• 8a02143 Bump minor version.
• 67c1237 Add release notes.
• 77c56db Rack 3 compatibility.
• 1a10ce8 Test on Ruby v3.4.
• 06b63f5 Bump actions/checkout from 3 to 4 (#47)
• 9818179 Opt-in for MFA requirement (#45)
• 9ad38c0 Test and set Ruby v2.5 as minimum. (#46)
• 4af6114 Add cookie option "partitioned" to DEFAULT_OPTIONS and documentation of class...
• Additional commits viewable in compare view

Sourced from rails-html-sanitizer's releases.

v1.6.2 / 2024-12-12

• PermitScrubber fully supports frozen "allowed tags".

  v1.6.1 introduced safety checks that may remove unsafe tags from the allowed list, which introduced a regression for applications passing a frozen array of allowed tags. Tags and attributes are now properly copied when they are passed to the scrubber.

  Fixes #195.

  Mike Dalessio

1.6.1 / 2024-12-02

This is a performance and security release which addresses several possible XSS vulnerabilities.

• The dependency on Nokogiri is updated to v1.15.7 or >=1.16.8.

  This change addresses CVE-2024-53985 (GHSA-w8gc-x259-rc7x).

  Mike Dalessio

• Disallowed tags will be pruned when they appear in foreign content (i.e. SVG or MathML content), regardless of the prune: option value. Previously, disallowed tags were "stripped" unless the gem was configured with the prune: true option.

  The CVEs addressed by this change are:

  • CVE-2024-53986 (GHSA-638j-pmjw-jq48)
  • CVE-2024-53987 (GHSA-2x5m-9ch4-qgrr)

  Mike Dalessio

• The tags "noscript", "mglyph", and "malignmark" will not be allowed, even if explicitly added to the allowlist. If applications try to allow any of these tags, a warning is emitted and the tags are removed from the allow-list.

  The CVEs addressed by this change are:

  • CVE-2024-53988 (GHSA-cfjx-w229-hgx5)
  • CVE-2024-53989 (GHSA-rxv5-gxqc-xx8g)

  Please note that we may restore support for allowing "noscript" in a future release. We do not expect to ever allow "mglyph" or "malignmark", though, especially since browser support is minimal for these tags.

  Mike Dalessio

... (truncated)

Sourced from rails-html-sanitizer's changelog.

v1.6.2 / 2024-12-12

• PermitScrubber fully supports frozen "allowed tags".

  v1.6.1 introduced safety checks that may remove unsafe tags from the allowed list, which introduced a regression for applications passing a frozen array of allowed tags. Tags and attributes are now properly copied when they are passed to the scrubber.

  Fixes #195.

  Mike Dalessio

1.6.1 / 2024-12-02

This is a performance and security release which addresses several possible XSS vulnerabilities.

• The dependency on Nokogiri is updated to v1.15.7 or >=1.16.8.

  This change addresses CVE-2024-53985 (GHSA-w8gc-x259-rc7x).

  Mike Dalessio

• Disallowed tags will be pruned when they appear in foreign content (i.e. SVG or MathML content), regardless of the prune: option value. Previously, disallowed tags were "stripped" unless the gem was configured with the prune: true option.

  The CVEs addressed by this change are:

  • CVE-2024-53986 (GHSA-638j-pmjw-jq48)
  • CVE-2024-53987 (GHSA-2x5m-9ch4-qgrr)

  Mike Dalessio

• The tags "noscript", "mglyph", and "malignmark" will not be allowed, even if explicitly added to the allowlist. If applications try to allow any of these tags, a warning is emitted and the tags are removed from the allow-list.

  The CVEs addressed by this change are:

  • CVE-2024-53988 (GHSA-cfjx-w229-hgx5)
  • CVE-2024-53989 (GHSA-rxv5-gxqc-xx8g)

  Please note that we may restore support for allowing "noscript" in a future release. We do not expect to ever allow "mglyph" or "malignmark", though, especially since browser support is minimal for these tags.

  Mike Dalessio

• Improve performance by eliminating needless operations on attributes that are being removed. #188

... (truncated)

• 9160d49 version bump to v1.6.2
• 5843d4d fix: PermitScrubber accepts frozen tags
• 5e96b19 version bump to v1.6.1
• 383cc7c doc: update CHANGELOG with assigned CVEs
• a7b0cfe Combine the noscript/mglyph prevention blocks
• 5658335 Merge branch 'h1-2509647-noscript' into flavorjones-2024-security-fixes
• 65fb72f Merge branch 'h1-2519936-mglyph-foster-parenting' into flavorjones-2024-secur...
• 3fe22a8 Merge branch 'h1-2519936-foreign-ns-confusion' into flavorjones-2024-security...
• d7a94c1 Merge branch 'h1-2503220-nokogiri-serialization' into flavorjones-2024-securi...
• 3fd6e65 doc: update CHANGELOG
• Additional commits viewable in compare view

Sourced from rexml's releases.

REXML 3.4.2 - 2025-08-26

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

Sourced from rexml's changelog.

3.4.2 - 2025-08-26 {#version-3-4-2}

Improvement

• Improved performance.

  • GH-244
  • GH-245
  • GH-246
  • GH-249
  • GH-256
  • Patch by NAITOH Jun

• Raise appropriate exception when failing to match start tag in DOCTYPE

  • GH-247
  • Patch by NAITOH Jun

• Deprecate accepting array as an element in XPath.match, first and each

  • GH-252
  • Patch by tomoya ishida

• Don't call needless encoding_updated

  • GH-259
  • Patch by Sutou Kouhei

• Reuse XPath::match

  • GH-263
  • Patch by pboling

• Cache redundant calls for doctype

  • GH-264
  • Patch by pboling

• Use Safe Navigation (&.) from Ruby 2.3

  • GH-265
  • Patch by pboling

• Remove redundant return statements

  • GH-266
  • Patch by pboling

• Added XML declaration check & Source#skip_spaces method

  • GH-282
  • Patch by NAITOH Jun
  • Reported by Sofi Aberegg

Fixes

• Fix docs typo
  • GH-248
  • Patch by James Coleman

... (truncated)

• f36916f Add 3.4.2 entry (#284)
• 5859bde Added XML declaration check & Source#skip_spaces method (#282)
• 1d876e3 Bump actions/checkout from 4 to 5 (#283)
• c87bda8 Remove ostruct from dev deps (#281)
• c60ae02 Remove bundler from dev deps (#277)
• 9b084d7 Fix & Deprecate REXML::Text#text_indent (#275)
• 04a589a Fix a bug that XPath can't be used for no document element (#268)
• 66232ea Remove redundant return statements (#266)
• 63f3e97 Use Safe Navigation (&.) from Ruby 2.3 (#265)
• d427fc5 Avoid redundant calls for doctype (#264)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.