Back to blog posts
09 Sep 2013
by Eric Hodel
RubyGems 1.8.26 includes a bug fix and a security update to fix CVE-2013-4287
To update to the latest RubyGems you can run:
gem update --system
- RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a backtracking in Gem::Version validation. See CVE-2013-4287 for full details including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and 184.108.40.206 (for Ruby 1.9.3). Issue #626 by Damir Sharipov.
- Fixed editing of a Makefile with 8-bit characters. Fixes #181