| title | 1.8.23.1 Released |
|---|---|
| layout | post |
| author | Eric Hodel |
| author_email | drbrain@segment7.net |
RubyGems 1.8.23.1 includes a security update to fix CVE-2013-4287. This release is designed to update the version of RubyGems in Ruby 1.9.3 to fix this security problem.
To update to the latest RubyGems you can run:
gem update --system
If you need to upgrade or downgrade please follow the how to upgrade/downgrade RubyGems instructions. To install RubyGems by hand see the Download RubyGems page.
Security fixes:
- RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a backtracking in Gem::Version validation. See CVE-2013-4287 for full details including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and 1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov.