Iman Hemmatian

Iman Hemmatian

Associate Professor of Strategy and Entrepreneurship at Cal Poly Pomona

Security Upgrade Complete

Security Upgrade Complete

Summary

All 4 Nokogiri security vulnerabilities have been successfully resolved!

What Was Done

  1. Installed rbenv - Ruby version manager
    • Location: ~/.rbenv
    • Plugin: ruby-build for installing Ruby versions
  2. Upgraded Ruby
    • From: Ruby 3.0.2 (system)
    • To: Ruby 3.2.10
    • Version file: .ruby-version (created in project root)
  3. Updated Nokogiri
    • From: 1.17.2 (vulnerable)
    • To: 1.19.0 (all CVEs patched)
  4. Updated Gemfile
    • Added: gem "nokogiri", ">= 1.18.8"
    • Updated: Gemfile.lock with new versions
  5. Verified
    • ✅ Jekyll builds successfully
    • ✅ All dependencies installed
    • ✅ Site generates without errors

Important: Configure Your Shell

To make rbenv work in new terminal sessions, add these lines to your shell configuration:

For Bash (~/.bashrc or ~/.bash_profile):

export PATH="$HOME/.rbenv/bin:$PATH"
eval "$(rbenv init -)"

For Zsh (~/.zshrc):

export PATH="$HOME/.rbenv/bin:$PATH"
eval "$(rbenv init -)"

After adding these lines, reload your shell:

source ~/.bashrc  # or ~/.zshrc for Zsh

Usage

Build the site:

cd /home/foveax/imanhemmatian.com
bundle exec jekyll build

Serve the site locally:

bundle exec jekyll serve

Check versions:

ruby --version          # Should show: ruby 3.2.10
bundle exec ruby -e "require 'nokogiri'; puts Nokogiri::VERSION"  # Should show: 1.19.0

Next Steps

  1. Commit the changes to git:
    git add .ruby-version Gemfile Gemfile.lock SECURITY_ADVISORY.md
git commit -m "Security: Upgrade Ruby to 3.2.10 and Nokogiri to 1.19.0

- Install rbenv for Ruby version management
- Upgrade Ruby from 3.0.2 to 3.2.10
- Update Nokogiri from 1.17.2 to 1.19.0
- Fix CVE-2025-32414, CVE-2025-32415, CVE-2025-24928, CVE-2024-56171
- Add explicit Nokogiri version requirement in Gemfile"
  2. Push to GitHub:
    git push origin main  # or your default branch
  3. Dependabot alerts will auto-close once GitHub detects the updated Nokogiri version

Files Modified

  • .ruby-version - Created (specifies Ruby 3.2.10)
  • Gemfile - Modified (added Nokogiri version requirement)
  • Gemfile.lock - Modified (updated all gem versions)
  • SECURITY_ADVISORY.md - Updated (marked as resolved)

Rollback (if needed)

If you need to rollback:

git checkout HEAD~1 -- .ruby-version Gemfile Gemfile.lock
rbenv local 3.0.2  # or remove .ruby-version to use system Ruby
bundle install

Support

If you encounter any issues:

  1. Ensure rbenv is in your PATH (see shell configuration above)
  2. Verify Ruby version: ruby --version
  3. Verify rbenv is active: which ruby (should show path in ~/.rbenv)
  4. Reinstall gems if needed: bundle install

Status: ✅ All security vulnerabilities resolved
Date: February 2, 2026
Ruby Version: 3.2.10
Nokogiri Version: 1.19.0