RubyGems Navigation menu

Blog

Back to blog posts

2.7.9 Released

RubyGems 2.7.9 includes security fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Security fixes:

  • Fixed following vulnerabilities:
    • CVE-2019-8320: Delete directory using symlink when decompressing tar
    • CVE-2019-8321: Escape sequence injection vulnerability in verbose
    • CVE-2019-8322: Escape sequence injection vulnerability in gem owner
    • CVE-2019-8323: Escape sequence injection vulnerability in API response handling
    • CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
    • CVE-2019-8325: Escape sequence injection vulnerability in errors

SHA256 Checksums:

  • rubygems-2.7.9.tgz
    8fa1c95d0c6a1c601860a65a71664c84b01b62f9ecd95e7f34f98fd5330cd6ce
  • rubygems-2.7.9.zip
    6d5043f8b1d8fb5b95c066df7820aaa215a7572eefbb7da17cf7d0812895f807
  • rubygems-update-2.7.9.gem
    d9fa6973b088227c085aae1a06c834dde8ce155727b30f925f66e19a827216df
SHIBATA Hiroshi