[ANN] rubygems 1.8.10 Released
ryand-ruby at zenspider.com
Fri Aug 26 21:14:33 EDT 2011
rubygems-update version 1.8.10 has been released!
RubyGems is a package management framework for Ruby.
This gem is an update for the RubyGems software. You must have an
installation of RubyGems before this update can be applied.
See Gem for information on RubyGems (or `ri Gem`)
To upgrade to the latest RubyGems, run:
$ gem update --system # you might need to be an administrator or root
See UPGRADING.rdoc for more details and alternative instructions.
If you don't have RubyGems installed, you can still do it manually:
* Download from: https://rubygems.org/pages/download
* Unpack into a directory and cd there
* Install with: ruby setup.rb # you may need admin/root privilege
For more details and other options, see:
ruby setup.rb --help
### 1.8.10 / 2011-08-26
RubyGems 1.8.10 contains a security fix that prevents malicious gems from
executing code when their specification is loaded. See
https://github.com/rubygems/rubygems/pull/165 for details.
* 5 bug fixes:
* RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
and %q to prevent code injection. Issue #165 by Postmodern
* RubyGems attempt to activate the psych gem now to obtain bugfixes from
* Gem.dir has been restored to the front of Gem.path. Fixes remaining
problem with Issue #115
* Fixed Syck DefaultKey infecting ruby-format specifications.
* `gem uninstall a b` no longer stops if gem "a" is not installed.
More information about the RubyGems-Developers