RubyGems Navigation menu


Back to blog posts

September 2023 RubyGems Updates

Welcome to the RubyGems monthly update! As part of our efforts at Ruby Central, we publish a recap of the work that we’ve done the previous month. Read on to find out what updates were made to RubyGems and in September.

RubyGems News

This month in RubyGems, we released RubyGems 3.4.20 and Bundler 2.4.20.

One of the goals of this RubyGems release was to work on allowing RubyGems to gracefully fall back to a user install if the default gem home isn’t writable. This will resolve a request users of RubyGems have been wanting for eight years - #5327. Additionally, we sought to update the SPDX license list from 2023-04-28, 2023-06-18, to 2023-01-26, raised Gem::Package::FormatError when gem encounters corrupt EOF #6882, and ensure that loading multiple gemspecs with legacy YAML class references does not warn #6889.

In this month’s Bundler release, our goal was to build on the work of @segiddins and @mercedesb, by adding support for SHA256 checksum verification of Bundled gems during installation, as described in this RFC. We also focused on Bundler’s performance and memory efficiency; supporting, reviewing, and contributing to improvements there.

Some other improvements that landed into our repo this month but that are not included in the above releases are:

  • added universal-java-19 to CI test setup Gemfile locks - #6942.
  • fixed a false positive SymlinkError in the symbolic link directory - #6947.
  • added support for the ruby-3.2.2 format in the ruby file: Gemfile directive, and added a test to explicitly test the 3.2.2@gemset format as rejected - #6954.
  • reduced allocations for stub specifications - #6972.
  • allowed standalone mode to work on a Windows edge case - #6989.
  • improved release scripts - #6999.
  • fixed the SafeMarshal test on jruby - #6984.

In September, RubyGems gained 116 new commits contributed by 14 authors. There were 2,455 additions and 571 deletions across 105 files. News

This month in, we improved how gravatar exposed user email by ensuring they are not publicly exposed - #3731, #4104. We added this change to keep our users’ information private and well secured. We also opened an RFC to enhance user profile in general.

Support for PostgreSQL 11 version will end next February, so we have created a plan, wrote reference scripts and started documenting the upgrade in the following RFCs to get feedback - #52, #53.

Some other improvements that landed into our repo this month but that are not included in the above releases are:

  • added a log in Pusher when notify is called - #4072.
  • added a versions index on lower(gem_full_name) - #4095.
  • added backfill for spec_sha256 on versions - #4083.
  • handled nil api_key in the dashboards controller -#4081.
  • added a fix to precompile assets on CI before running tests - #4059.
  • made all texts in the about page translatable. - #4063.
  • made an update to only validate version metadata on create/change - #4100.
  • updated RubyGems & Bundler - #4103.

In September, gained 64 new commits contributed by 5 authors. There were 1,855 additions and 1,070 deletions across 90 files.

Thank you

Thank you to all the contributors of RubyGems and for this month! Your contributions are greatly appreciated, and we are grateful for your support.

Contributors to RubyGems:

Contributors to

Learn more about contributing to RubyGems by visiting the RubyGems Contributing Guide. We welcome all kinds of contributions, including bug fixes, feature implementation, writing and updating documentation, and bug triage.

Gift Egwuenu