10 Sep 2018
August 2018 RubyGems Updates
by Stephanie Morillo
Welcome to the RubyGems monthly update! As part of our efforts at Ruby Together, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and RubyGems.org in August.
In August, we blacklisted several gems with names that were close to other popular gems, in response to CVE-2018-3779. We’re starting to investigate ways to protect RubyGems.org from malicious gems—if you’re interested in helping work on that, let us know! We also reviewed and merged performance improvements to the “rubygems#show” and “version#index” pages, contributed by @nateberkopec.
In total, RubyGems.org gained 11 commits from 5 authors, making 44 additions and 35 deletions across 8 files.
In RubyGems, we fixed some bugs, including the ability to auto re-sign expired certs, fixed some tests, and made sure that gems with
allowed_push_host set will be pushed to the correct host by
In total there were 19 new commits, contributed by 5 authors, with 112 additions and 26 deletions across 13 files.
Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and/or updating documentation, and bug triage.