Rubygems-update 1.8.23 Released

rubygems-update version 1.8.23 has been released!

RubyGems is a package management framework for Ruby.

This gem is an update for the RubyGems software. You must have an
installation of RubyGems before this update can be applied.

See Gem for information on RubyGems (or ri Gem)

To upgrade to the latest RubyGems, run:

$ gem update --system # you might need to be an administrator or root

See UPGRADING.rdoc for more details and alternative instructions.

If you don’t have RubyGems installed, your can still do it manually:

For more details and other options, see:

ruby setup.rb --help


1.8.23 / 2012-04-19

This release increases the security used when RubyGems is talking to
an https server. If you use a custom RubyGems server over SSL, this
release will cause RubyGems to no longer connect unless your SSL cert
is globally valid.

You can configure SSL certificate usage in RubyGems through the
:ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
The recommended way is to set :ssl_ca_cert to the CA certificate for
your server or a certificate bundle containing your CA certification.

You may also set :ssl_verify_mode to 0 to completely disable SSL
certificate checks, but this is not recommended.

  • 2 security fixes:

    • Disallow redirects from https to http
    • Turn on verification of server SSL certs
  • 1 minor feature:

    • Add --clear-sources to fetch
  • 2 bug fixes:

    • Use File.identical? to check if two files are the same.
    • Fixed init_with warning when using psych