Blog
Back to blog posts
05 Mar 2019
3.0.3 Released
by SHIBATA Hiroshi
RubyGems 3.0.3 includes security fixes.
To update to the latest RubyGems you can run:
gem update --system
If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.
Security fixes:
- Fixed following vulnerabilities:
- CVE-2019-8320: Delete directory using symlink when decompressing tar
- CVE-2019-8321: Escape sequence injection vulnerability in
verbose - CVE-2019-8322: Escape sequence injection vulnerability in
gem owner - CVE-2019-8323: Escape sequence injection vulnerability in API response handling
- CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
- CVE-2019-8325: Escape sequence injection vulnerability in errors
SHA256 Checksums:
- rubygems-3.0.3.tgz
cba8455df50588dedff3a2daa0d991b6b233aa155d23d82c829968abc169a5f8 - rubygems-3.0.3.zip
6eec823241e933ae8edffea77416ca54400c14589cb5462d9c1145fa3cd2cb97 - rubygems-update-3.0.3.gem
f48afcbb4a9f3f5700ad390f761ea9f06d10815aa6ff91df147415156e6b3f36