[ANN] rubygems-update 1.8.23 Released

Evan Phoenix evan at phx.io
Sat Apr 21 20:57:13 UTC 2012

rubygems-update version 1.8.23 has been released!

* <http://rubygems.org>
* <http://docs.rubygems.org>
* <http://help.rubygems.org>
* <http://github.com/rubygems>
* <http://rubyforge.org/projects/rubygems>

RubyGems is a package management framework for Ruby.

This gem is an update for the RubyGems software. You must have an
installation of RubyGems before this update can be applied.

See Gem for information on RubyGems (or `ri Gem`)

To upgrade to the latest RubyGems, run:

  $ gem update --system  # you might need to be an administrator or root

See UPGRADING.rdoc for more details and alternative instructions.


If you don't have RubyGems installed, your can still do it manually:

* Download from: https://rubygems.org/pages/download
* Unpack into a directory and cd there
* Install with: ruby setup.rb  # you may need admin/root privilege

For more details and other options, see:

  ruby setup.rb --help


### 1.8.23 / 2012-04-19

This release increases the security used when RubyGems is talking to
an https server. If you use a custom RubyGems server over SSL, this
release will cause RubyGems to no longer connect unless your SSL cert
is globally valid.

You can configure SSL certificate usage in RubyGems through the
:ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
The recommended way is to set :ssl_ca_cert to the CA certificate for
your server or a certificate bundle containing your CA certification.

You may also set :ssl_verify_mode to 0 to completely disable SSL
certificate checks, but this is not recommended.

* 2 security fixes:
  * Disallow redirects from https to http
  * Turn on verification of server SSL certs

* 1 minor feature:
  * Add --clear-sources to fetch

* 2 bug fixes:
  * Use File.identical? to check if two files are the same.
  * Fixed init_with warning when using psych

Evan Phoenix // evan at phx.io

More information about the RubyGems-Developers mailing list