RubyGems Navigation menu

Blog

Back to blog posts

2.1.5 Released

RubyGems 2.1.5 includes security fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Security fixes:

  • RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a backtracking in Gem::Version validation. See CVE-2013-4363 for full details including vulnerable APIs. Fixed versions include 2.1.5, 2.0.10, 1.8.27 and 1.8.23.2 (for Ruby 1.9.3).
Eric Hodel