Rubygems 1.8.10 Released

rubygems-update version 1.8.10 has been released!

RubyGems is a package management framework for Ruby.

This gem is an update for the RubyGems software. You must have an
installation of RubyGems before this update can be applied.

See Gem for information on RubyGems (or ri Gem)

To upgrade to the latest RubyGems, run:

$ gem update --system # you might need to be an administrator or root

See UPGRADING.rdoc for more details and alternative instructions.


If you don’t have RubyGems installed, you can still do it manually:

For more details and other options, see:

ruby setup.rb --help

Changes:

1.8.10 / 2011-08-26

RubyGems 1.8.10 contains a security fix that prevents malicious gems
from
executing code when their specification is loaded. See
https://github.com/rubygems/rubygems/pull/165 for details.

  • 5 bug fixes:

    • RubyGems escapes strings in ruby-format specs using #dump instead of
      #to_s
      and %q to prevent code injection. Issue #165 by Postmodern
    • RubyGems attempt to activate the psych gem now to obtain bugfixes
      from
      psych.
    • Gem.dir has been restored to the front of Gem.path. Fixes remaining
      problem with Issue #115
    • Fixed Syck DefaultKey infecting ruby-format specifications.
    • gem uninstall a b no longer stops if gem “a” is not installed.

I have a question. I have rvm installed, and I updated rubygems like
this:

$ gem update --system
Updating rubygems-update
Fetching: rubygems-update-1.8.10.gem (100%)
Successfully installed rubygems-update-1.8.10
Installing RubyGems 1.8.10
RubyGems 1.8.10 installed

== 1.8.10 / 2011-08-25

RubyGems 1.8.10 contains a security fix that prevents malicious gems
from
executing code when their specification is loaded. See
https://github.com/rubygems/rubygems/pull/165 for details.

  • 5 bug fixes:

    • RubyGems escapes strings in ruby-format specs using #dump instead of
      #to_s
      and %q to prevent code injection. Issue #165 by Postmodern
    • RubyGems attempt to activate the psych gem now to obtain bugfixes
      from
      psych.
    • Gem.dir has been restored to the front of Gem.path. Fixes remaining
      problem with Issue #115
    • Fixed Syck DefaultKey infecting ruby-format specifications.
    • gem uninstall a b no longer stops if gem “a” is not installed.

RubyGems installed the following executables:
/Users/me/.rvm/rubies/ruby-1.9.2-p180/bin/gem

RubyGems system software updated
$

That looks like it only updated my ruby 1.9.2 rubygems. Is that
correct?

7stud – wrote in post #1018757:

I have a question. I have rvm installed, and I updated rubygems like
this:

$ gem update --system

That looks like it only updated my ruby 1.9.2 rubygems. Is that
correct?

That is correct

rvm rubygems x.y.z will also update the installed RubyGems for the
active version of Ruby, not all of them.