RubyGems Navigation menu

Blog

Back to blog posts

3.0.3 Released

RubyGems 3.0.3 includes security fixes.

To update to the latest RubyGems you can run:

gem update --system

If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.

Security fixes:

  • Fixed following vulnerabilities:
    • CVE-2019-8320: Delete directory using symlink when decompressing tar
    • CVE-2019-8321: Escape sequence injection vulnerability in verbose
    • CVE-2019-8322: Escape sequence injection vulnerability in gem owner
    • CVE-2019-8323: Escape sequence injection vulnerability in API response handling
    • CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
    • CVE-2019-8325: Escape sequence injection vulnerability in errors

SHA256 Checksums:

  • rubygems-3.0.3.tgz
    cba8455df50588dedff3a2daa0d991b6b233aa155d23d82c829968abc169a5f8
  • rubygems-3.0.3.zip
    6eec823241e933ae8edffea77416ca54400c14589cb5462d9c1145fa3cd2cb97
  • rubygems-update-3.0.3.gem
    f48afcbb4a9f3f5700ad390f761ea9f06d10815aa6ff91df147415156e6b3f36
SHIBATA Hiroshi