Skip to archived posts

1.8.10 Released

published 25 Aug 2011

RubyGems 1.8.10 contains a security fix that prevents malicious gems from executing code when their specification is loaded. See for details.

  • 5 bug fixes:

    • RubyGems escapes strings in ruby-format specs using #dump instead of #to_s and %q to prevent code injection. Issue #165 by Postmodern
    • RubyGems attempt to activate the psych gem now to obtain bugfixes from psych.
    • Gem.dir has been restored to the front of Gem.path. Fixes remaining problem with Issue #115
    • Fixed Syck DefaultKey infecting ruby-format specifications.
    • gem uninstall a b no longer stops if gem “a” is not installed.

fred, the rubygems robot fred, the rubygems robot