Back to blog posts
24 Sep 2013
by Eric Hodel
RubyGems 2.1.5 includes security fixes.
To update to the latest RubyGems you can run:
gem update --system
- RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a backtracking in Gem::Version validation. See CVE-2013-4363 for full details including vulnerable APIs. Fixed versions include 2.1.5, 2.0.10, 1.8.27 and 220.127.116.11 (for Ruby 1.9.3).