Skip to archived posts

2.0.8 Released

published 09 Sep 2013

RubyGems 2.0.8 includes a bug fix and a security update to fix CVE-2013-4287

To update to the latest RubyGems you can run:

gem update --system

To install RubyGems by hand see the Download RubyGems page.

If you installed 2.0.1 and are unable to upgrade please follow the how to upgrade/downgrade RubyGems instructions.

Security fixes:

  • RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a backtracking in Gem::Version validation. See CVE-2013-4287 for full details including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and 1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov.

Bug fixes:

  • Fixed Gem.clear_paths when Security is defined at top-level. Pull request #625 by elarkin

Eric Hodel Eric Hodel